This Privacy Policy explains how ChurchConnect, operated by Quiet Waters Consulting Ltd ("we", "us", or "our"), collects, uses, stores, and protects personal data when you visit our website, request a demo, contact us, subscribe to our services, or use the ChurchConnect platform.
We are committed to handling personal data lawfully, fairly, and transparently. This policy should be read together with any service agreement, data processing agreement, or other notices we provide to customers.
Data controller: Quiet Waters Consulting Ltd, a registered company in England and Wales (Company number 14411199)
Contact email: admin@churchconnecthub.co.uk
If you have questions about this policy or want to exercise your data protection rights, please contact us using the details above.
We may collect the following categories of personal data:
We use personal data for the following purposes:
| Purpose | Lawful basis |
|---|---|
| To respond to enquiries and demo requests | Legitimate interests; steps prior to entering a contract |
| To create, manage, and support customer accounts | Contract |
| To process subscriptions, payments, and related administration | Contract; legal obligation |
| To provide product updates, service notices, and support communications | Contract; legitimate interests |
| To monitor performance, security, and reliability of our website and platform | Legitimate interests; legal obligation where applicable |
| To improve our website, services, onboarding, and user experience | Legitimate interests; consent where required for non-essential cookies |
| To comply with legal, regulatory, and tax obligations | Legal obligation |
We may send product, service, or marketing communications where permitted by law. You can unsubscribe from non-essential marketing at any time by using the unsubscribe option in the message or by contacting us directly.
We may share personal data with trusted third parties where necessary, including hosting providers, cloud infrastructure providers, payment processors, email or messaging providers, analytics providers, support platforms, professional advisers, and regulators or authorities where required by law. We do not sell personal data.
Where personal data is transferred outside the UK or EEA, we will take appropriate steps to ensure a lawful transfer mechanism is in place, such as adequacy regulations, standard contractual clauses, or other recognised safeguards where required.
We keep personal data only for as long as reasonably necessary for the purposes set out in this policy, including to meet legal, accounting, contractual, and support obligations. Retention periods may vary depending on the type of data and the nature of the relationship with us.
We use reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. No internet-based service is completely risk-free, but we work to maintain appropriate safeguards proportionate to the nature of the service.
Subject to applicable law, you may have the right to request access to your personal data, request correction or deletion, restrict or object to processing, request portability, withdraw consent where processing is based on consent, and lodge a complaint with the UK Information Commissioner’s Office (ICO).
Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties, and we encourage you to review their privacy notices separately.
We may update this Privacy Policy from time to time. The latest version will always be published on our website with the relevant effective date.
Effective date: 22 March 2026 | Last reviewed: 22 March 2026