Privacy Policy

Please note this policy is pending approval.

This is a GDPR-compliant privacy notice for Knock Evangelical Presbyterian Church (“Knock EPC”), part of the Evangelical Presbyterian Church (EPC).

This notice explains how personal data is collected, used, stored, and protected when you interact with Knock EPC, including via https://knockepc.co.uk.

1. Who we are (Data Controller)

Knock EPC is the data controller for the personal data we process.
This means Knock EPC decides how and why personal data is used.

For data protection queries please get in touch using the details provided on our Contact page.

You have the right to complain to the Information Commissioner's Office (ICO).

2. Legal framework

Processing is carried out in accordance with:

  • UK GDPR
  • Data Protection Act 2018
  • Relevant charity and safeguarding law in Northern Ireland

3. What personal data is

Personal data means any information that can identify a living person directly or indirectly.

Examples:

  • Name
  • Address
  • Email
  • Phone number
  • Financial giving records
  • Photographs
  • Safeguarding records (where required)

Special category data may include:

  • Religious beliefs (church membership)
  • Health or safeguarding information
  • Background checks where legally required

4. How we collect personal data

Data may be collected when you:

  • Attend services or events
  • Become a member or regular attendee
  • Contact Knock EPC
  • Subscribe to communications
  • Volunteer or work with children/vulnerable adults
  • Donate or Gift Aid
  • Apply for employment or volunteer roles
  • Visit the website

Website data may include:

  • IP address
  • Browser information
  • Cookies (where used)

5. Why we process personal data

We process personal data to advance Knock EPC’s mission:

"Founded on the Word of God and centred on the Gospel of Jesus Christ, our mission is to build up God’s people in truth, in prayer and in fellowship, so that we can better reach the lost in our own community and across the world."

Typical purposes:

Church life and pastoral care

  • Membership and pastoral support
  • Prayer and care lists (with consent)
  • Maintaining contact with members and regular attendees

Communication

  • Newsletters and church notices
  • Event information
  • Prayer updates
  • Enquiries

Administration

  • Maintaining church records
  • Organising events and activities
  • Managing volunteers
  • Safeguarding compliance

Finance and legal obligations

  • Donations and Gift Aid
  • Accounting and audit
  • Insurance
  • Health & safety
  • Safeguarding reporting

Employment and volunteering

  • Recruitment and management of staff/volunteers
  • Training and safeguarding checks

Historical and archival purposes

  • Baptism, marriage and funeral records
  • Church history and archives

6. Lawful bases for processing

We process personal data under one or more lawful bases:

  • Legitimate interests - for normal church administration and pastoral care.
  • Consent - for newsletters, photos, and optional communications.
  • Contract - where you enter into an agreement with Knock EPC.
  • Legal obligation - Gift Aid, safeguarding, employment, charity regulation.
  • Vital interests - emergency safeguarding situations.

Special category data (religion, safeguarding) is processed under the not-for-profit religious exemption and safeguarding law.

7. Sharing personal data

Data is only shared when necessary:

Within Knock EPC

  • Minister, elders, office bearers

With trusted service providers
Examples:

  • Email or cloud storage / hosting providers
  • Accounting software
  • Printing and mailing services

With authorities when required by law
Examples:

  • Safeguarding agencies
  • HMRC (Gift Aid)
  • Insurance providers

Data is never sold. Where data leaves the UK, appropriate safeguards are used.

8. Data security

We protect personal data by:

  • Restricting access to authorised people only
  • Password protection and encryption
  • Secure storage of paper records
  • Regular data review and deletion
  • Safeguarding training

9. How long we keep data

Retention is based on legal and church requirements.

Typical retention periods:

Record Type Duration
Membership records Indefinitely
Baptism, marriage, funeral registers Indefinitely
Gift Aid records 6 years after the relevant tax year
Safeguarding records Indefinitely or as required by authorities
Employee records 6 years after employment ends
Event data Deleted shortly after event unless required for safeguarding or insurance
Photographs and historical records Indefinitely

Data is regularly reviewed and deleted when no longer required.

10. Your rights

Under GDPR you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request erasure (“right to be forgotten”)
  • Restrict processing
  • Object to processing
  • Withdraw consent at any time
  • Request data portability
  • Lodge a complaint with the ICO

Requests should be sent to Knock EPC using the contact details provided on our Contact page.

11. Cookies and website use

Please read the Knock EPC Cookie Policy for further information.

12. Changes to this policy

This notice may be updated periodically.
The latest version will always be available on Knock EPC website.

Last Updated: 12th February 2026