G2 York Privacy Notice


G2 York is committed to protecting your personal information and respecting your privacy.

This Privacy Notice explains what personal information we collect, why we collect it, how we use it, how long we keep it, and your rights under UK data protection law.

We use ChurchSuite (g2.churchsuite.co.uk/my) and other secure systems to help us organise church activities, manage teams, communicate with members and visitors, administer giving, support children and youth work, and fulfil our legal and safeguarding responsibilities.

By engaging with G2 York, you may provide us with personal information. We are committed to ensuring that this information is handled lawfully, fairly and transparently.

1. Who We Are

G2 York is the Data Controller for the personal information described in this Privacy Notice.

Registered Charity Number: 1130866

Registered Address: 11/12 Minster Yard, YO1 7HH

If you have any questions about this Privacy Notice or how your information is used, please contact:

hello@g2york.org

2. What Personal Information We Collect

Depending on your involvement with G2 York, we may collect:

  • Name

  • Address

  • Email address

  • Telephone number

  • Date of birth

  • Emergency contact details

  • Family and household relationships

  • Attendance records

  • Small group participation

  • Team and volunteer information

  • Gift Aid declarations

  • Giving records

  • Employment information

  • DBS information where required

  • Safeguarding records

  • Pastoral care records

  • Communication preferences

We may also collect special category data where necessary, including information relating to:

  • Religious belief and church participation

  • Health information provided for pastoral, accessibility or safeguarding purposes

  • Safeguarding concerns involving children or adults at risk

We only collect information that is necessary for the purposes described in this notice.

3. How We Use Your Information

We use personal information to:

  • Welcome and support people attending G2 York

  • Administer church membership and participation

  • Organise teams, rotas and volunteer activities

  • Manage children's and youth ministry

  • Communicate news, events and church activities

  • Provide pastoral support

  • Process Gift Aid claims

  • Manage donations and financial records

  • Recruit, manage and support staff and volunteers

  • Meet safeguarding obligations

  • Comply with legal and regulatory requirements

  • Maintain appropriate church records

4. Legal Basis for Processing

We process personal information under one or more of the following lawful bases:

Legitimate Interests

We process information where necessary for the legitimate activities of G2 York, including:

  • Maintaining church records

  • Organising teams and rotas

  • Communicating with church members and attendees

  • Providing pastoral care

  • Running church activities and events

Consent

We rely on consent where required, including:

  • Certain marketing communications

  • Photography and media permissions where applicable

  • Any activities where consent is the most appropriate lawful basis

You may withdraw consent at any time.

Legal Obligation

We process information where required by law, including:

  • Employment obligations

  • HMRC requirements

  • Gift Aid administration

  • Safeguarding responsibilities

Contract

We process information where necessary to fulfil contractual obligations with employees, contractors or service providers.

5. Special Category Data

As a Christian church, we process information relating to religious belief and participation.

We process special category data under Article 9(2)(d) UK GDPR, which permits religious organisations to process information about their members, former members and people who have regular contact with the organisation in connection with its legitimate activities.

Where necessary, we may also process special category data for safeguarding purposes, legal obligations, or with explicit consent.

6. Children and Young People

We are committed to safeguarding children and young people.

Where children or young people participate in church activities, we may collect information including:

  • Name

  • Date of birth

  • Emergency contact details

  • Attendance records

  • Relevant medical information

  • Safeguarding information where necessary

We collect and retain this information to ensure children's safety and wellbeing and to fulfil our safeguarding responsibilities.

Parents or guardians are normally responsible for providing information relating to children under the age of 13.

7. Sharing Personal Information

Personal information will be treated as confidential.

We may share information:

  • With authorised church leaders, staff and volunteers where necessary for church activities

  • With rota and ministry team members where limited contact details are required for operational purposes

  • With professional advisers where necessary

  • With statutory authorities where required by law

  • With safeguarding agencies where necessary to protect children or adults at risk

We will not sell personal information to third parties.

8. Third-Party Service Providers

We use trusted third-party providers to help us operate effectively.

These may include:

  • ChurchSuite (church management system)

  • Gmail(Staff use this to email)

  • Squarespace

  • Google Drive

  • Mailchimp

These providers process information on our behalf and are required to maintain appropriate security and confidentiality measures.

9. International Transfers

Some of our service providers may store or process information outside the United Kingdom.

Where this occurs, we ensure appropriate safeguards are in place to protect personal information in accordance with UK GDPR requirements.

10. Data Security

We take appropriate technical and organisational measures to protect personal information from unauthorised access, loss, misuse or disclosure.

These measures include:

  • Secure cloud-based systems

  • Password protection

  • Access controls

  • Staff and volunteer confidentiality expectations

  • Secure storage and disposal procedures

11. How Long We Keep Information

We retain information only for as long as necessary for the purposes for which it was collected and to meet legal, accounting, safeguarding and regulatory requirements.

Examples include:

  • Gift Aid records: 6 years after the relevant tax year

  • Employment records: in accordance with employment law requirements

  • Safeguarding records: in accordance with safeguarding guidance

  • Attendance registers for children and youth activities: in accordance with safeguarding guidance

  • Financial records: 6 years

A detailed retention schedule is maintained by G2 York.

12. Your Rights

Under UK GDPR, you have the right to:

  • Request access to your personal information

  • Request correction of inaccurate information

  • Request erasure of information where appropriate

  • Request restriction of processing

  • Object to processing in certain circumstances

  • Request transfer of your information to another organisation where applicable

  • Withdraw consent where processing is based on consent

  • Lodge a complaint with the Information Commissioner's Office (ICO)

Requests should normally be responded to within one month.

13. Complaints

If you have concerns about how we use your personal information, please contact us first at hello@g2york.org so that we can seek to resolve the matter.

You also have the right to complain to the Information Commissioner's Office: www.ico.org.uk

14. Changes to This Privacy Notice

We may update this Privacy Notice from time to time.

The latest version will always be available from G2 York and on our website.

Last Updated: June 2026

GDPR-stamp.png