1. Introduction. ChurchMapped Limited (“we”, “us”, “our”) are committed to protecting and respecting your privacy. Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed, stored and disclosed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting https://churchmapped.com/ (the “Site”) or using the ChurchMapped mobile application (the “App”) or using any services offered through or associated with our Site or App (the “Services”), you are deemed to have accepted and consented to the practices described in this policy. 2. About us. The Site is owned and operated by ChurchMapped Limited, Company Number 12329590, of registered address 27 Old Gloucester Street, London, WC1N 3AX, United Kingdom (our “Company Address”). ChurchMapped Limited processes personal data as a Data Controller, as defined in the Directive and the General Data Protection Regulation (“GDPR”). Our ICO registration number is ZA603587. 3. Other applicable terms 3.1. Our Website Terms & Conditions set out the terms and conditions under which you are permitted to use the Site. By visiting the Site, using the App, or using any Services, you are deemed to have agreed to our Website Terms & Conditions. 3.2. If you are based in Germany, Austria or Switzerland, please refer to our Impressum. Please note that this link, available on the English version of the Site, will only appear if the Site determines that you speak German and/or are based in Germany, Austria or Switzerland. For a static version of our Impressum, please see the Impressum on our German version of the Site, available here. 3.3. The Site contains links to and from the websites of our partner networks, advertisers and affiliates or to websites shared by other users. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites. 4. Data we collect about you. We collect and process personal data so we can provide our Services to you. It’s important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. The data we collect and process about you is explained in the sections below. 4.1 Data you give us 4.1.1.How you give us data. You give us information about you by filling in forms on our Site or App or by corresponding with us by phone, email or otherwise. This includes information you provide when you register to use the Site or App, subscribe to our marketing database, subscribe to our Services, participate in discussion boards or other social media functions on our Site or App, enter a competition or promotion, apply for a job position at the Company or a third party which is a member of our Group (which means any subsidiaries or ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006), complete a poll or survey, or report a problem with the Site or App. 4.1.2.Data we collect when you create an account. The personal data you give us includes your name, age, date of birth, phone number, home address, work address (as applicable), email address or login details, behavioural data, personal description and characteristics (including photographs and their metadata), purchase history through the Site, marital status, spatial data (location data), education history, employment history (as applicable), gender, religion and medical data (specifically, whether you have a vision, mobility or hearing impairment, for the purposes of tailoring search results to you and to comply with standards such as the Web Accessibility Initiative (WAI). 4.1.3. Data we collect about clergy. If you are identified, either by us or you, as working in a capacity of influence connected to the churches we cover (such as a bishop, priest, deacon, brother, monk, nun, sister, seminarian, consecrated celibate, catechist, or other like function), we will also collect the following, as applicable: your preferred title (e.g. “Father”, “Sister”, etc.), post-nominal (e.g. “O.P.” for the Order of Preachers), date(s) of ordination, date(s) of vow(s) taken, church(es) or other religious places of influence, diocese or dioceses, and religious order or similar association. We may require you to upload additional documentation for verification of the details provided. 4.1.4. Data we collect about job applicants. If you are applying for a job with us, we will only collect and hold the personal data above as necessary for us to process your application and comply with legal requirements. If you’re selected for a position, we will collect your passport, National Insurance Number, driving licence (if applicable), documentation of your educational qualifications (such as degree certificates or transcripts) and proof of address (in the form of a bank statement or utility bill). 4.1.5. Information that is not “personal data”. In addition to the personal data described above, we also collect information about you that is not considered “personal data”, such as your preference for using the “Secular” or “Religious” version of the Site, the church you regularly attend (if applicable), recent travel destinations (if applicable), whether you are planning on travelling in the next three months (and, if applicable, where you are traveling and which church(es) you would like to see), language(s) spoken, language preference and where you first saw ChurchMapped.com. Where you are registering for a business account, we will also collect additional information about your company, which is also not considered “personal data” as it does not identify any individual. 4.1.6. Legal basis for collection. We rely upon your explicit consent to use and process the data described above. 4.2. Data we automatically collect 4.2.1. Each time you visit or use our Site or a (third-party website that uses any of our application programming interface (“API”) plugins or scripts), we automatically collect the following information: 4.2.1.1.Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, location, network data, browser plug-in types and versions, languages, operating system and platform, as well as information relating to API calls. 4.2.1.2. Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from the Site (including date and time); pages you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page. 4.2.2. We use this information as statistical data about your browsing actions and patterns, for system administration, and to evaluate, provide, protect or improve our Services (including by developing new products and services). Because we collect, use and share this information in the aggregate, it does not identify any individual. 4.3. Data we receive from third parties. We also receive information about you if you follow or interact with us via our social media pages on Twitter, Instagram, YouTube or Facebook. For more information on how these companies handle your personal data, please refer to their privacy policies. 5. How we use your data 5.1 We use your data to carry out our Site, App and Services in the following ways: 5.1.1. To administer and manage your account, to provide you with information you request from us, and to carry out any other obligations arising from any contracts entered into between you and us. 5.1.2. To ensure that content from our Site and App is presented in the most effective manner for you and for your device. 5.1.3. To allow you to participate in interactive features of our Service when you choose to do so. 5.1.4. To respond to communications from you and to provide you with information about our Services, including notifying you about changes to our Site, App or Services. 5.1.5. To collect aggregate information and data on churches, including religious beliefs in certain areas, attendance at Mass and/or other religious services, number of tourists visiting a particular church, confessional wait times, and related information. 5.2. We also use your data to make our Site, App and Services better in the following ways: 5.2.1. To measure or understand the effectiveness of advertising we serve to you and others, deliver relevant advertising to you and make suggestions and recommendations to you and other users of the Site and App about goods or services that may interest you or them. 5.2.2. To administer the Site and App and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes. 5.2.3. As part of our efforts to keep the Site and App safe and secure, e.g. by conducting analysis required to detect malicious data and understand how this may affect your IT system, as well as to keep your own information secure, through means such as two-factor authentication. 5.2.4. We will not send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under applicable data protection laws. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about services similar to those which were the subject of a previous enquiry by you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have expressly consented to this. 5.2.5. You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please notify us in writing to the Company Address or by email at info@churchmapped.com. 6. How we secure your data 6.1. All of your personal data is protected and we have put in place appropriate physical, electronic, and management procedures to safeguard and secure the data we collect. Your information is stored on secure cloud databases, internal servers, and on third party softwares. Your information is only accessible by employees who have authorised access rights to such information. When making purchases or logging in to your account, we utilise two-factor authentication to ensure the correct person gains access to the account. 6.2. All of your payment information is encrypted using Secure Sockets Layer (“SSL”) technology and we adhere to the Payment Card Industry (“PCI”) Data Security Standard, in addition to other standards, to ensure payment information is kept as secure as possible. 6.3. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site or App; any transmission is at your own risk. Once we have received your information, we use strict procedures and the security features described above to try to prevent unauthorised access. 7. How long we store your data. We only keep your personal data for as long as we’re required to keep it (such as when it’s required by law), for as long as it’s necessary for our original legitimate purpose for collecting the information and for as long as we have your permission to keep it. We will delete your personal data when you delete your account or email us at info@churchmapped.com requesting deletion. 8. Disclosure to third parties 8.1. Parties with whom we share your information 8.1.1. We share personal data with third parties as described in this section. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. 8.1.1.1. Webhosting UK COM Limited assists us with hosting the Site and they have access to information stored on any of our databases, scripts or any of our systems. Ordinarily, they will only access personal data in the event of downtime or a hacking incident. 8.1.1.2. cPanel Inc provides us with the interface through which we can interact with server-side issues. cPanel Inc may have access to information stored on our systems in the event we request technical assistance. 8.1.1.3. We use software and interfaces provided by WebPros HoldCo B.V. to manage the Site. They receive any personal information contained in descriptions of issues we report to them. 8.1.1.4. We use Barclaycard International Payments Limited and Barclays Bank PLC (each trading as “Barclaycard”) to process payments made on the Site, either from us to you or you to us, and they have access to this payment information. We also share information with Barclaycard for fraud prevention measures, particularly relating to “Card Not Present” transactions. 8.1.1.5. We share information with Alphabet Incorporated in relation to apps that you purchase from us on the Google Play Store. 8.1.1.6. We share information with Amazon.com Incorporated in relation to apps that you purchase from us on the Amazon Appstore. 8.1.1.7. We share information with Apple Incorporated in relation to apps that you purchase from us on the Apple App Store. 8.1.1.8. We share diagnostic information with Roundcube in relation to any emails sent from us to you, or you to us. However, under no circumstance will we share card or other sensitive information with Roundcube. In the event that such information is received via email, we will tokenise the sensitive information before forwarding it to them. 8.1.1.9. We also share diagnostic information with phpMyAdmin, but this will only relate to diagnostic information surrounding its interface, and not pertaining to sensitive information surrounding the contents of the database. 8.1.2. The only other circumstances under which we would share your personal data are: 8.1.2.1. If the third party is a member of our group (which means any subsidiaries or ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006). 8.1.2.2. In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets. 8.1.2.3. If we or substantially all of our assets are acquired by a third party, in which case personal data will be one of the transferred assets and the purchaser will be permitted to use the data for the purposes for which it was originally collected by us. 8.1.2.4. If we’re under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation, enforce or apply our Terms & Conditions and other agreements, or to protect the rights, property, or safety of us, our customers, or others (including exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction). 8.2. Parties with whom you may choose to share your information 8.2.1. You may choose to share any information, photographs or other content that you voluntarily submit to the Site or App either on public forums and public areas of the Site or App or within your private messaging (meaning other users you have invited or accepted as members of your closed network). Such data will become available and viewable by other users as controlled by any applicable privacy settings that you define. Once you have shared your content or made it public, that content may be re-shared by others. 8.2.2. If you choose to connect to social media networks from the our Site or App or post any of your content on our Site or App to those networks, then in accordance with your social media privacy settings, the personal data that you post, transmit, or otherwise make available on the social media platform may be viewed and/or used by other users of those networks and we have no control over such viewing and use and cannot prevent further use of such information by third parties. When you interact with us through social media networks, you acknowledge that we may access your information that is held by that account, solely in accordance with your social media privacy settings. Any links to social media are not under our control and remain solely your responsibility. You acknowledge that any information posted via social media through our Site or App, or any third party you allow to access your content, is done entirely at your own risk and that by posting to a public platform you make that information visible to third-parties who can use that information at their discretion. 8.2.3. You may review, modify, update, correct or remove any personal data you have submitted to the Site or App at any time. If you remove information that you posted to the Site or App, copies may remain viewable in cached and archived pages of the Site, or if other users or third party APIs have copied or saved that information. 8.2.4. Always think carefully before disclosing personal data or other information to other users or otherwise posting personal data on the Site or App. It’s important that you’re aware that any data you choose to disclose on the Site or App may then be viewed and even used by other users (in accordance with your settings and this Privacy Policy). We do not control the contents of communications made between users (although you can make a complaint about another user by contacting us using the information provided in the Contact section below). 8.2.5. You must respect the privacy of others and you must not disclose any personal details about other people including your family, friends, acquaintances, or other persons that may be misleading or cause them harm or offence. It is your responsibility to obtain their prior express permission in respect of any submission of their data at any time. 9. International transfers 9.1. Because we work with third parties outside of the UK, the data that we collect from you may be transferred to, and stored at, a destination outside the UK. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated as securely as it would be within the UK and under the GDPR. Such steps may include our entering into contracts with any third parties we engage and the use of Commission-approved Model Contractual Clauses. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. 9.2. You can obtain more details of the protection given to your personal data when it is transferred outside the UK (including a copy of the standard data protection clauses which we have entered into with recipients of your personal data) by contacting us as described in the Contact paragraph below. 10. Your rights 10.1. We will ensure that your personal data is processed lawfully, fairly, and transparently and that it will only be processed if at least one of the following bases applies: 10.1.1. You have given your clear consent to the processing of your personal data for a specific purpose. 10.1.2. Processing is necessary for the performance of a contract to which you are a party (or for us to take steps at your request prior to entering into a contract with you). 10.1.3. Processing is necessary for our compliance with the law. 10.1.4. Processing is necessary to protect someone’s life. 10.1.5. Processing is necessary for us to perform a task in the public interest or in the exercise of official authority and the task/function has a clear basis in law. 10.1.6. Processing is necessary for our legitimate interests or the legitimate interests of a third party, except where there is a good reason to protect your personal data which overrides those legitimate interests, such as allowing us to effectively and efficiently manage and administer the operation of our business, maintaining compliance with internal policies and procedures, monitoring the use of our copyrighted materials, offering optimal, up-to-date security and obtaining further knowledge of current threats to network security in order to update our security. 10.2. Under the GDPR, you have the right to: 10.2.1. Withdraw your consent to the processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason for doing so (such as to comply with a legal obligation). 10.2.2. Be informed of what data we hold and the purpose for processing the data, as a whole or in parts. 10.2.3. Be forgotten and, in some circumstances, have your data erased by ourselves and our affiliates (although this is not an absolute right and there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it). 10.2.4. Correct or supplement any information we hold about you that is incorrect or incomplete. 10.2.5. Restrict processing of the information we hold about you (for example, so that inaccuracies may be corrected—but again, there may be circumstances where you ask us to restrict processing of your personal data but we are legally entitled to refuse that request). 10.2.6. Object to the processing of your data. 10.2.7. Obtain your data in a portable manner and reuse the information we hold about you. 10.2.8. Challenge any data we use for the purposes of automated decision-making and profiling (in certain circumstances—as above, there may be circumstances where you ask us to restrict our processing of your personal data but we are legally entitled to refuse that request). 10.2.9. Complain to a supervisory authority (e.g. the Information Commissioner’s Office (ICO) in the UK) if you think any of your rights have been infringed by us. (We would, however, appreciate the chance to address your concerns, so please contact us prior to taking this step). 10.3. You will not have to pay a fee to access your personal data (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. 10.4 You have the right to ask us not to process your personal data for marketing purposes. We will get your express opt-in consent before we use your data for such purposes or share your personal data with any third parties for such purposes, but you can exercise your right to prevent such processing by contacting us at the Company Address, via email at info@churchmapped.com, or by unsubscribing using the links contained in the marketing emails. 10.5. You may revoke your consent for us to use your personal data as described in this Privacy Policy at any time by emailing us at info@churchmapped.com and we will delete your data from our systems. To enforce any of the above rights, please contact us at our Company Address or via email at info@churchmapped.com. 10.6. We will notify you and any applicable regulator of a breach of your personal data when we are legally required to do so. 11. Cookies, sessions, hidden fields, local storage and shared preferences 11.1. Cookies 11.1.1.1. What are cookies? A cookie is a small (ordinarily, text) file of letters and numbers that we store on your browser. Cookies contain information that is transferred to your computer\'s hard drive (or the hard drive of another relevant device). We use cookies to distinguish you from other users on the Site, to tailor your experience to your preferences, and to help us improve the Site. 11.1.2. Cookies we use 11.1.2.1. Strictly necessary cookies. These cookies are required to save your session and to carry out other activities that are strictly necessary for the operation of the Site. They include, by way of general example, cookies that enable you to log into secure areas of the Site, use a shopping cart, or make use of e-billing services. These cookies are session cookies, which means they’re temporary and will usually expire when you close your browser. However, for security purposes, some strictly necessary cookies (such as those relating to identifying you as logged in to the Site or App) will be deleted after a certain amount of time of inactivity (e.g. 15 minutes) has elapsed. 11.1.2.2. Analytical/performance cookies. These cookies allow us to recognise and count the number of visitors and to see how visitors move around the Site when they’re using it. These cookies help us improve the way the Site works by, for example, ensuring that users are finding what they’re looking for easily. 11.1.2.3. Functionality cookies. These cookies are used to recognise you when you return to the Site. They enable us to personalise our content for you, greet you by name and remember your preferences. 11.1.2.4.Targeting cookies. These cookies record your visit to the Site, the pages you visit, and the links you follow. We use this information to make the Site and the advertising displayed on it more relevant to your interests. We also share this information with third parties for the same purpose. 11.1.2.5. Social Media cookies. These cookies work together with social media plug-ins. For example, when we embed photos, video and other content from social media websites, the embedded pages contain cookies from these websites. Similarly, if you choose to share our content on social media, a cookie may be set by the service you have chosen to share content through. You have the right to opt out of social media cookies and to object to automated profiling. To enforce either of these rights please contact us at info@churchmapped.com. 11.1.3. Consenting to cookies 11.1.3.1. Where JavaScript or a related technology is available and functional on your device, you will be shown a pop-up message requesting your consent to setting non-essential cookies before any are placed on your device. 11.1.3.2. Where JavaScript and/or a related technology is disabled or otherwise not available, you will be directed to a dedicated page requesting your consent to setting non-essential cookies. 11.1.3.3. Upon giving consent, we generate a unique token known to us to show that consent has been given. 11.1.4. Disabling cookies 11.1.4.1. By default, most internet browsers accept cookies, but you can choose to enable or disable some or all cookies via the settings on your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third party cookies. For further details, please consult the help menu in your internet browser. 11.1.4.2. Some of the cookies we use are essential for the Site to operate. If you use your browser settings to block all cookies (including essential cookies), you may not be able to access all or parts of our Site. Where cookies are entirely disabled, we may request your consent to rely on other technologies outlined in this section to ensure you can access our Site (although we cannot guarantee the same standard of service as when cookies are enabled). Where these other technologies are also denied, you may not be able to access all or parts of our Site. 11.2. Sessions. Sessions are a mechanism that enable a webpage to remember information from a previous webpage. By default, a webpage forgets information from a previous webpage—sessions are a mechanism to get around this. Sessions ordinarily work with cookie files, but they can also work without cookies. We use sessions in addition to cookies to help our Site function. For example, sessions help you make payments on our Site. 11.3. Hidden fields. Hidden fields are a mechanism that is used to store information on a webpage. They cannot be seen by users (except by browsing the source code of the webpage, which most web browsers enable a user to do) and users cannot ordinarily submit information through a hidden field. We use hidden fields to help present our Site in the best way for you and your device. For example, we use hidden fields to retain information about what language you are viewing the Site in. For further details, please consult the help menu in your internet browser. 11.4. Local storage. Local Storage, sometimes called “HTML5 Web Storage”, is a mechanism that does not typically involve cookies and entails information being stored locally on your device. We use local storage to help our Site function and help us deliver our Services. However, for the avoidance of doubt, we do not use local storage to store sensitive information such as card details, in order to comply with best security practices. 11.5. Shared Preferences. Shared preferences are small files saved on devices that use the Android system to save user details and user preferences. We may use shared preferences to help process financial payments for some of the apps that we provide. 12. Changes to this policy. Any changes we may make to this policy in the future will be posted on this page and, where appropriate, notified to you by email. You will be deemed to have accepted the terms of the updated policy on your first use of the Site or App following the alterations. Please check back frequently to see any updates or changes to our policy. 13. Contact. Questions, comments and requests regarding this Privacy & Cookie Policy are welcomed and should be addressed to our Company Address or to our email at info@churchmapped.com.