Last Updated: January 21, 2025
Introduction
Welcome to Church Workers Training (“we,” “us,” or “our”) at https://www.churchworkerstraining.com. This Privacy Policy outlines how we collect, use, protect, and share your personal information when you interact with our website, services, or communications.
We are committed to complying with global privacy laws, including the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and others. By using our services, you agree to the terms outlined in this policy.
Scope and Definitions
This policy applies to:
- Visitors to our website
- Newsletter subscribers
- Users interacting with our services
Key Definitions:
- Personal Data: Information that identifies or relates to you (e.g., email addresses, IP addresses).
- Processing: Any action performed on data (e.g., collection, storage, deletion).
- Data Controller: Church Workers Training (responsible for data decisions).
- Data Processor: Third parties acting on our instructions (e.g., Google Analytics).
Data Collection and Processing
What We Collect
| Category | Examples | Purpose | Legal Basis |
|---|---|---|---|
| Directly Provided Data | Email addresses, communication preferences | Newsletter delivery, user support | Consent |
| Automated Data | Anonymized IPs, browser type, device info, pages visited, geographic region | Website analytics, security, UX improvements | Legitimate interests |
| Third-Party Data | Search metrics (via Google Search Console), behavior analytics (Bing Clarity) | Performance monitoring, service optimization | Legitimate interests |
Legal Basis for Processing
- Consent: For newsletters and non-essential cookies.
- Legitimate Interests: For website security and analytics.
- Legal Obligations: Compliance with tax or regulatory requirements.
How We Use Your Data
Primary Purposes
- Service Delivery: Sending newsletters, responding to inquiries.
- Analytics: Monitoring traffic patterns and user engagement.
- Security: Detecting and preventing fraudulent activity.
- Improvements: Enhancing website functionality and content.
Retention Periods
| Data Type | Retention Period |
|---|---|
| Newsletter Subscriptions | Until unsubscription or deletion request |
| Analytics Data | 26 months (aligned with Google Analytics) |
| Cookie Preferences | 12 months from last interaction |
Third-Party Services
Data Processors We Work With
| Service | Role | Data Shared | Safeguards |
|---|---|---|---|
| Google Analytics | Analytics Provider | Anonymized usage metrics | GDPR-compliant Data Processing Agreement |
| Bing Clarity | UX Analysis | Behavior metrics | Microsoft Privacy Standards |
| Email Service Providers* | Newsletter Delivery | Email addresses, preferences | Encryption and access controls |
*Specific providers will be disclosed upon request.
International Data Transfers
- Data may be transferred outside your country using Standard Contractual Clauses (SCCs).
- Third-party providers adhere to EU-U.S. Data Privacy Framework principles where applicable.
Your Privacy Rights
Global Rights
You may:
- Access your personal data.
- Correct inaccurate information.
- Delete data (excluding legal obligations).
- Object to processing based on legitimate interests.
- Withdraw consent for newsletters or cookies.
Regional Rights
| Region | Additional Rights |
|---|---|
| California (CCPA) | Opt-out of “sale” of data* |
| EU (GDPR) | Restrict processing, data portability |
| Virginia (VCDPA) | Appeal denied requests |
*We do not sell data, but honor opt-out requests via GPC signals.
How to Exercise Rights
- Email: connectwith@churchworkerstraining.com
- Portal: Launching Q2 2025 (tracking ID provided upon request)
- Response Time: 30 days (10 days for CCPA deletion requests)
Data Security
Our Protections
- Encryption: SSL/TLS for data in transit; AES-256 for stored data.
- Access Controls: Role-based permissions and multi-factor authentication.
- Audits: Bi-annual penetration testing and vulnerability assessments.
- Training: Annual privacy compliance workshops for staff.
Breach Protocol
- Contain and assess the breach within 24 hours.
- Notify affected users and authorities within 72 hours (if required).
- Provide free credit monitoring for impacted users (if applicable).
International Data Transfers
- Primary servers located in the EU/EEA.
- U.S.-based third parties use SCCs or Binding Corporate Rules.
- Detailed transfer maps available upon request.
Children’s Privacy
- Age Restriction: Users under 16 must obtain parental consent.
- Verification: Email confirmation from parents for minor accounts.
- Deletion: Contact us to remove underage data promptly.
Policy Updates
- Notification: Email alerts for material changes; website banners for minor updates.
- Effective Date: Changes apply 30 days after posting.
- Archive: Full version history available below.
Contact Information
| Role | Contact Details |
|---|---|
| Data Protection Officer | connectwith@churchworkerstraining.com |
| Regulatory Complaints | Your local DPA (EU) or Attorney General (U.S.) |
| Postal Address* | Available upon authenticated request |
*To prevent fraud, we verify identity before disclosing physical addresses.