This Policy relates to personal data – that is, information which relates to a living individual who can be identified from that data.
This Policy explains when and why we collect personal information about people who visit our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using our website, you’re agreeing to be bound by this Policy.
The Parish Buying service is provided by Church of England Central Services Trading Limited (no. 8940330). The registered address is Church House, Great Smith Street, London SW1P 3AZ.
Parish Buying is a service provided by the Church for the Church, dedicated to making available selected contracts for products and services, together with procurement guidance, for parishes, cathedrals and other church bodies.
Many of the services provided by the Parish Buying service to Members, and in particular all customer services and support, are delivered by a company called 2Buy2.com Limited, with which we have a contract. 2Buy2.com have access to your information and will use it to provide the services to you.
We obtain information about you when you register as a member on our website, when you contact us about products and services, when you respond to surveys, and when you purchase products and services from suppliers.
The personal information we collect will include your name, address, email address, telephone number, IP address, and information regarding what pages are accessed and when.
Parish Buying is a service to parishes, cathedrals, dioceses and other bodies in the Church of England and Church in Wales. To access its services as a Buying Group Member, and to be entitled to its special terms and conditions for contracts, we need to confirm your eligibility to join and to remain as a Member of the Parish Buying service.
The legal bases for our processing of your personal data is:
Parish Buying complies with its obligations under the regulation set out in the General Data Protection Regulation 2016/679 (“GDPR”) by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
Your information is stored on a secure server accessible only to authorised personnel.
We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.
Third Party Service Providers working on our behalf: We may pass your information to our third party service providers, agents subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example to send you mailings or surveys). However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. Please be reassured that we will not release your information to third parties for them to use for their own direct marketing purposes.
Parish Buying's digital giving suppliers share donation data with the Church's National Giving Team, who pass this information onto Dioceses. This information includes the number and value of transactions by account however it does not include any personal information (such as donor details) for individual transactions. This applies to accounts held with SumUp, Stripe, Give A Little, and GWD. For further information, please see the individual privacy policies for each supplier.
You have a choice about whether or not you wish to receive information from us. If you do not want to receive the Members’ newsletter then you have the opportunity to unsubscribe.
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: -
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
You have the right to ask for a copy of the information Parish Buying hold about you.
When you give us personal information, we take steps to ensure that it’s treated securely. When you are on a secure page, a lock icon will appear on the bottom of web browsers such as Microsoft Internet Explorer.
Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively.
It is possible to switch off cookies by setting your browser preferences. For more information about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This will prevent you from taking full advantage of the website and, in particular, will prevent you from accessing Member-only information.
These cookies are used to track visitor activity on our website and allow us to track when visitors are accessing the website via our social media posts such as FaceBook, read more here.
The LinkedIn Insight Tag is a cookie that allows us to produce campaign reports and unlock valuable insights about your website visitors. Read more here.
We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian's permission beforehand whenever you provide us with personal information.
As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Union (“EU”). By way of example, this will happen when using our mailings and survey providers whose servers are located in the USA. Both these organisations comply with the EU’s regulations and operate under what is called the EU-US Privacy Shield (see https://www.privacyshield.gov/Program-Overview). If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.
If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
Our web site will use Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site.
For further details, please see the ‘about Hotjar’s section of Hotjar’s support site.
We keep this Policy under regular review. This Policy was last updated in February 2018, and if updated in the future this will be the object of a notification in the Members’ newsletter following the change. Where the update is a notification of additional personal data processing, the notification will provide a link to seek your consent for the change.
 Church of England and Church in Wales