About Us‎ > ‎

Privacy policy

St Columba's uses personal data for our own legitimate purposes and does not share it for marketing reasons. Where third party systems are used, these are checked for compliance with the relevant rules.

Exercising your rights

[email protected] is the address to contact for exercising your rights if St Columba’s holds your data (see below). These include:

  • A subject access request for information we hold about you. We will respond within 30 days.

  • Rectification of any errors

  • Erasure of your data

If you want to unsubscribe from a church e-mail list, all messages should include an unsubscribe link, which is usually quicker and easier than the channels above.

Information we store

Most church members will be on our e-mail list (held in Mailchimp) and our securely stored list of members and friends (name, e-mail, telephone and address).

Hirers' information is maintained on our booking system for the purposes of carrying out our contract with you.

The data controller is the Elders of St Columba's URC Oxford.

Data breach policy

In the event of us becoming aware of a data breach, St Columba’s will notify the ICO within 72 hours, and those affected if we believe there is significant risk to their data. Given our policy on device encryption (see below), we would not consider the loss of one of our devices a significant risk to data on it.

Data retention policy

As per the table above, we usually review all data held on an annual basis and delete it if no longer required.

Use of sensitive information for employment

We do not hold information on our employees which falls into any of the categories considered sensitive under the GDPR.

Use of DBS information

All volunteers and employees of St Columba’s who work with children or vulnerable adults are subject to DBS (Disclosure and Barring Service) checks. The results of these are retained by our DBS coordinator as long as the individual concerned volunteers/works for us.


All laptops and mobile phones issued by St Columba’s to church staff or volunteers are encrypted. This means that any personal information stored on them should not be retrievable in the event of the loss or theft of the device in question.