The team at Choyr believes the data and information related to your church and its members is important to keep safe. We'd like to outline what data we store, how we store it, and why we store it. We will also explain the steps we've taken to ensure we are compliant with the GDPR regulations recently introduced.
This document was updated on 14th March, 2019. Changes come into effect on 14th March, 2019.
This information helps us improve the site by understanding how visitors use our products, and helps us monitor and protect the site.
When you create a user account, we ask for your email address, a password, and your first and last names. You will also be required to consent to our use of this and other information by ticking the checkbox that appears on the registration form. You may withdraw consent at any time by asking your church admin to delete your account, or by emailing firstname.lastname@example.org.
During your use of Choyr, you may input additional optional "User Personal Information" when editing your user profile. "User Personal Information" is any information about one of our users which could, alone or together with other information, personally identify him or her. Information such as a user name and password, an email address, a real name, and a photograph are examples of "User Personal Information". User Personal Information includes Personal Data as defined in the General Data Protection Regulation. This can include a photo of you, your date of birth, your gender, your address, your phone number, your relationship status, the number of children you have, your place of birth, your religious views and background, your education, your current employment, and your other social network usernames. You can view, modify, or delete this information at any time, as long as you're logged in.
This additional information is visible to admins of your church, and helps your church gain an overview of its membership.
We are able to deliver our services, personalise content and make suggestions for you by using this information to understand how you use and interact with our services and the people or things you're connected to and interested in on and off our services. Choyr may sometimes use this information to monitor and improve the product, and may sometimes use this information for investigating suspicious activity or violations of our terms or policies.
If you use our services for purchases or financial transactions (for example, when you make a donation), we will collect information about the transaction, including your name, address, and Gift Aid status. Payment details may be shared with our payment processor (currently Stripe or PayPal).
During your use of Choyr, you may provide us with content which includes metadata. For example, when uploading a photo to a post, that photo may include additional information such as the time and the location that the photo was taken.
Information about you may be shared by other people during their use of Choyr. We will do our best to ensure that this is only accessible by appropriate members (for example, private messages will be restricted to those people listed in the conversation). If you ever feel uneasy because your information has been shared by others inappropriately, you can contact an admin of your church, or contact Choyr directly by email email@example.com.
If you're under the age of 16, you may not have an account on Choyr. Choyr does not knowingly collect information from or direct any of our content specifically to children under 16. Other countries may have different minimum age limits, and if you are below the minimum age for providing consent for data collection in your country, you may not use Choyr without obtaining your parents' or legal guardians' consent.
Your name, profile photo, gender, and date of birth are displayed to all users within your church network. Other User Personal Information is visible to any admin of your church network. Other information may be shared with all or certain members and customers of our service, including information that (i) you share with people and communicate with, (ii) that other people share about you, and (iii) from your profile, posts, likes, comments, and messages.
We occasionally pass information we have collected to Data Processors (typically known as sub-processors) that provide a service to Choyr. We have ensured that all Data Processors we use are GDPR compliant.
Data Processors currently used by Choyr:
Generally, Choyr will retain User Personal Information for as long as your account is active or as needed to provide you services. We may retain certain User Personal Information indefinitely, unless you delete it or request its deletion. For example, we don't automatically delete inactive user accounts, so unless you choose to delete your account, we will retain your account information indefinitely.
If you decide to delete your account, we will delete information within 30 days of account closure. However, we may retain your personal data even after you have deleted your account if reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our User Agreement, or fulfil your request to "unsubscribe" from further messages from us. We may retain de-personalized information after your account has been deleted.
We do not control data that other members copied out of our service. Your information may continue to be displayed in the services of others (for example, in search engine results) until they refresh their cache.
Choyr uses industry-standard technologies to ensure your data and your church members' data is safe and secure. Our main infrastructure runs on Amazon Web Services (AWS), with access protected by two-factor authentication. All data transferred between users and Choyr servers use SSL connections (https).
A separate database is created for each church that joins Choyr, meaning data relating to your church is kept completely separate from other churches on Choyr.
If we discover a data breach, we will inform the relevant supervisory authority (ICO) within 72 hours. We will also inform any individuals who may be affected by the data breach without undue delay.
If you have concerns about the way Choyr is handling your User Personal Information, please let us know immediately. You can contact us by sending an email to firstname.lastname@example.org.
You have the right to lodge a complaint with the Information Commissioner's Office (ICO).