Enderby Life Church
Data Protection Notice
Date 16-Jan-2021
Introduction
The purpose of this Data Privacy Notice is to tell you about our responsibility to look after your personal data and to make it clear how we use it. It sets out how we collect, use and protect your personal data, as well as telling you about your rights in relation to that data.
Your information as a church member or associate
Your personal data: what is it?
Personal data is information in the Data Controller’s possession that relates to a living individual who can be identified from that data.
The processing of personal data is governed by the General Data Protection Regulation (the GDPR). This legislation gives you rights and protection regarding how your personal data is used by us.
The GDPR applies to both automated personal data and to manual filing systems.
Who is the Data Controller?
The Board of Trustees of Enderby Life Church is the Data Controller. This means it decides how your personal data is processed and for what purposes.
Who is the Data processor?
Your personal data will be processed by the Pastor, Data Protection Lead, and Church Administrators appointed by the Pastor. We may subcontract the storage of data to the services of a GDPR-compliant password-protected cloud provider.
How do we process your personal data?
Enderby Life Church complies with its obligations under the GDPR by:
-
Keeping personal data up to date.
-
Storing and destroying it securely.
-
Not collecting or retaining excessive or irrelevant amounts of data.
-
Protecting data from loss, misuse, unauthorised access and disclosure.
-
Ensuring that appropriate technical measures are in place to protect the data.
What data do we process?
We will process some or all of the following data where necessary to perform our tasks:
-
Names, titles and aliases.
-
Contact details such as telephone numbers, addresses and email addresses.
-
Where data is relevant to our purposes, or where you provide data to us, we may process information such as gender, age, marital status, nationality, family composition and dependants, and homegroup.
-
If you make donations or pay for activities, financial identifiers such as bank account numbers, payment card numbers and payment/transaction identifiers.
-
We may also process categories of sensitive personal data where you provide this information and give us your express consent, such as racial or ethnic origin, mental and physical health, details of injuries, medication/treatment received, data concerning sexual orientation, criminal records, fines and other similar judicial records.
-
If you are employed by the church, we will process financial information such as salary, bonuses, records of earnings, tax codes and tax contributions, expenses claimed and car allowance (if applicable).
We use your personal data for the following purposes:
-
To administer our membership records.
-
To administer and manage our paid employees.
-
To administer and manage our unpaid volunteers.
-
To prepare and circulate ministry rotas.
-
To inform you of news, events, activities and services running at the church.
-
To seek your views on matters that may affect you.
-
To inform you of matters for prayer.
-
To minister to you and provide you with pastoral and spiritual care (such as visiting you when you are ill or bereaved) and to undertake baptisms, weddings and funerals.
-
To maintain financial accounts and records (including the processing of Gift Aid applications and bank transactions).
-
To carry out comprehensive safeguarding procedures (including due diligence and complaints handling) in accordance with best safeguarding practice from time to time with the aim of ensuring that all children and adults-at-risk are provided with safe environments.
What is the legal basis for processing your personal data?
-
Data Protection legislation allows us to process this information as we regard it as being in the church’s legitimate interest.
-
We are collecting this information to enable the church to keep in touch with you and provide pastoral support as appropriate.
-
Processing is necessary for carrying out obligations under employment, social security or social protection law.
-
Where your information is used other than in accordance with one of these legal bases, we will first obtain your consent to that use.
Sharing your personal data.
Your personal data will be treated as strictly confidential and will only be shared with other responsible members of the church for purposes connected with the recognised activities of the church. Except in the following cases:
-
Where you are involved with other local churches for which we are carrying out joint events or activities, we may share necessary data with them.
-
We will only share your data with other third parties with your consent.
-
There are four exceptional circumstances to the above permitted by law:
-
Where we are legally compelled to do so.
-
Where there is a duty to the public to disclose.
-
Where disclosure is required to protect your interest.
-
Where disclosure is made at your request or with your consent.
NB. All our employees and volunteers who have access to Personal Data will agree to maintain complete confidentiality of all data they access and to abide by the contents of this Notice.
How long do we keep your personal data?
In general, we will endeavour to keep data only for as long as we need it.
We will retain Gift Aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate.
Information relating to baptisms, marriages and funerals will be kept permanently.
Data to meet legal and regulatory obligations will be kept as required.
Your rights and your personal data.
Unless subject to an exemption under the GDPR, you have the following rights relating to your personal data:
-
The right to request a copy of your personal data which the church holds about you.
-
The right to request that the church corrects any personal data if it’s found to be inaccurate or out of date.
-
The right to request your personal data is erased where it is no longer necessary for the church to retain such data.
-
The right to withdraw your consent to the processing at any time.
-
The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction be placed on further processing.
The church shall respond promptly and within 30 days from the point of receiving your request.
You also have the right to lodge a complaint with the Information Commissioners Office - https://ico.org.uk/.
Further processing
If we wish to use your personal data for a new purpose that is not covered by this Data Protection Notice, we will provide you with a new Data Protection Notice explaining the new use prior to commencing the processing, setting out the relevant purposes and processing conditions.
Where and whenever necessary, we will seek your prior consent to the new processing.
Contact details.
To exercise all relevant rights and queries or complaints, please contact the Data Protection Lead or a church trustee via email trustees.enderbylifechurch@gmail.com .
Collecting information about children attending children’s clubs
-
We are collecting this information to enable the church to run our children’s clubs safely and ensure we can contact you (or other nominated adult) in case of an emergency.
-
Data Protection legislation allows us to process this information as we regard it as being in the church’s legitimate interest. If you are unable to supply the information requested, then we will be unable to accept your child at our club.
-
The information you supply will be held in paper form in a folder which will be kept in a securely locked cupboard in a secure place. Only the Pastor, the Data Protection Lead and the club leaders will have access to this information.
-
The information will be kept for three years from when the form was completed, unless a safeguarding incident or concern is raised in which case it will be held for 75 years. If you have ticked the box asking us to keep you informed about future activities we think your child might be interested in attending, we will retain your details for the sole purpose of notifying you of such events. We will NOT pass on this information to anyone else. You have the right to ask to be removed from this circulation list at any time
-
If you are concerned about the way your information is being handled, please speak to one of our Trustees or email trustees.enderbylifechurch@gmail.com . If you are still unhappy, you have the right to complain to the Information Commissioners Office.
Collecting information via our website
-
If you send us an email or complete a ‘Contact Us’ form on our website (if available), we will only retain your name and details for as long as is necessary for us to deal with your enquiry. We will NOT pass on your details to anyone other than the person (or people) in our church who are best able to deal with your enquiry.
-
If you are concerned about the way your information is being handled, please speak to one of our Trustees or email trustees.enderbylifechurch@gmail.com . If you are still unhappy you have the right to complain to the Information Commissioners Office.