Privacy Policy

Thank you for your interest in this site’s privacy policy. This policy contains information about how we process your personal data and about your rights under the General Data Protection Regulation (GDPR) as it applies in the UK, tailored by the Data Protection Act 2018.

References below to ‘we’ or ‘us’ refer to the operator of this website, the Parochial Church Council of the Parish of St Michael and All Angels, Bishop’s Hatfield, and any agent appointed by us, but do not include the owner and operator of the hardware and associated operating system on which the site is hosted. Our website and this privacy policy are provided under English law.

We have worked hard to make sure that this site has been designed on the basis of our values: we value every visitor to our site and respect your right to privacy. We aim to do nothing behind your back or without your active consent.


The following privacy policy is valid only for this site:

Short summary of the policy

  • By default, our web server processes your IP address. Processing your IP address is technically necessary to send our content to your client (i.e. computer, tablet, or phone).
  • By default, we do not log your personal data.
  • We do not track your browsing behaviour or anything else. We do not try to identify you. We do not collect statistics. We do not set any cookies beyond those which are strictly necessary to make the site function. We do not serve advertisements.
  • To find out more about your legal rights under GDPR please visit the web site of the Information Commissioner’s Office (ICO). The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Contact us

The Parochial Church Council of the Parish of St Michael and All Angels, Bishop’s Hatfield, is a charity exempt from registration: it is a parish within the Bishop’s Hatfield Team Ministry and the Diocese of St Albans, part of the Church of England. The server on which this site is currently hosted is physically located in Germany. If you have any questions or concerns about this policy, please use the contact page on this site to send a message to us, or you can email or telephone us. You can email our Data Protection Officer directly using the button below.



The GDPR includes a number of legal definitions. The most important definitions are:

‘Personal data’:

Personal data means information about a particular living individual. This might be anyone, including a customer, client, employee, partner, member, supporter, business contact, public official, or member of the public. It doesn’t need to be ‘private’ information – even information which is public knowledge or is about someone’s professional life can be personal data. It doesn’t cover truly anonymous information – but if you could still identify someone from the information, or by combining it with other information, it will still count as personal data.


Almost anything you do with data counts as processing; including collecting, recording, storing, using, analysing, combining, disclosing, or deleting it.

If we talk about ‘personal data’ in the following, we mean anything that can be used to identify you. Examples are your name, e-mail address, and IP address. When we talk about ‘processing personal data’ we mean any type of processing.

It may also be helpful to know something about cookies and local storage:


Cookies are small text files which are sometimes placed on your computer when you visit a website. They are widely used in order to make websites work, or work more efficiently and securely, as well as to provide information to the operators of the site. They can also be used to target you with advertising as you move from site to site.

There are broadly two types of cookie: ‘persistent’ and ‘sessional’.

Sessional cookies are normally deleted automatically by your browser when you close it: they only remain during a single browsing session.

Persistent cookies are not deleted automatically, unless you have adjusted your browser to do so. They remain on your computer until they expire, which could be quite a long time (a year or more). Persistent cookies hold information which is passed back to servers and are widely used to track user behaviour.

Cookies of both kinds can be set by the website you are browsing, in which case they are ‘first party’ cookies; but they can also be set by other domains which are linked to the site you are browsing, for example through advertising or embedded content such as videos or social media feeds. These are ‘third party’ cookies and most modern browsers allow you to choose to block third-party cookies, which are often used for tracking.

Cookies are actually just one example of a much wider and rapidly developing area of the web, web storage (also known as DOM storage, where DOM stands for Document Object Model). Cookies can only hold a tiny amount of information, but other forms of web storage (which can also be sessional or persistent) allow for much more data to be stored on your computer (up to 1000 times more). When data is stored on your computer it is often called ‘local storage’.

You can manage web storage through your browser settings or through ‘extensions’ and ‘add-ons’ which are available to add to many browsers. Like cookies, web storage in general can be a positive thing, giving users real benefits, but there are also genuine concerns about things which are effectively happening behind your back and without any explanation or consent.

Embedded content

Pages on this site include embedded content (e.g. social media feeds, maps, videos, images, articles, etc.). Embedded content from other websites behaves in exactly the same way as if the visitor had visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website. To understand the privacy issues around embedded content, you should also consult the privacy policies of the content providers.

Embedded content may be included on this site from:


This site does not set cookies to collect information about how visitors use our site (analytics). We do not carry advertising or directly or indirectly gather or share marketing information or any other data about site users. We believe that this policy is an expression of our vision and values as a Christian community.

The site may set sessional cookies which help our hosting server work efficiently, and help the site operate effectively. These cookies will be deleted from your computer when you close your browser. If you choose to block these cookies, the site may not work properly.

When you first visit this site you are informed about how we use, and mostly don’t use, cookies and are invited to consent to cookies being set only to make the site work properly and efficiently for you: you may also choose to enable cookies relating to third party services like Facebook and OpenStreetMap.

Find out more about cookies on this site

Personal data we process

IP address and user agent

When you visit our website, your IP address and user-agent are automatically processed by our web server. We automatically get this data from your client (e.g. your web browser). Our web server needs your IP address to send our content back to your client. By default, we do not process any other personal data from you.

Email data

We use an email service provided by Zoho whose UK office is at

Suite 1.09, Challenge House,
Sherwood Dr,
Milton Keynes MK3 6DP,
United Kingdom

You can read about their commitment to GDPR at

Personal data third parties process for us

This site is hosted on servers provided by Contabo GmbH, Aschauer Straße 32a, 81549 München, and for a full understanding of responsibilities under the GDPR you should also consult their privacy policy here.

Web servers (and their associated processes such as firewalls) will record information about every particular client-side request to a log file. These log files are analysed to detect attack-like behaviour and to monitor and improve services. Log file entries will include at least the following personal data: your IP address and user-agent (browser), along with the resource requested and the time of the request. Both we and Contabo GmbH have a legitimate interest in retaining this information in order to detect and block attacks on the server and this site, and to improve our services. It is not straightforward to link these minimal details to any individual, and we would only attempt to do so if we believed a crime had been committed. For example, when we say ‘your IP address’, we log an IP address without knowing who is currently using it.

This site is also protected by a web application firewall which is provided for us by Defiant Inc. , 1700 Westlake Ave N Ste 200, Seattle, WA 98109 USA and you should consult their GDPR and privacy policy here. Defiant processes the following categories of information in connection with the firewall: visitor IP address, visitor proxy IP address, URL accessed, complete HTTP header, HTTP request body, and filename if malware detected. Both we and Defiant Inc. have a legitimate interest in retaining this information in order to detect and block attacks on this site. Defiant Inc. does not collect or otherwise process personally identifiable sensitive data as defined under the GDPR.

Your rights

Under the GDPR you have legal rights in respect of your personal data. Your rights include:

To find out more about your legal rights under GDPR please visit the web site of the Information Commissioner’s Office (ICO). The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Latest policy revision

We most recently updated this policy on 15th May, 2024.