Freedom City Church holds and processes personal data about living individuals for the purpose of general church administration and communication. As a church we are committed to complying with data protection laws and the rights of individuals under it. We are also committed to complying with the eight principles of the Data Protection Act 2018 as set out below. We recognise that this relates to all personal data whether it is held on paper, on computer or other media.
All church staff or volunteers who obtain, handle, process or share personal data for Freedom City Church must adhere to these principles. the Data Controller of Freedom City Church is the Charity Trustees.
The processing of personal data is governed by the General Data Protection regulations (the GDPR).
The Act requires the data controller to ensure that all personal data is dealt with in accordance with the seven principles set out in the Data Protection Act.
1. Personal data must be processed lawfully, fairly and in a transparent manner
2. Personal data must be adequate, relevant and not excessive
3. Personal data must be accurate and up to date
4. Personal data must not be kept for any longer that is necessary
5. Personal data must be processed in line with the data subjects’ rights
6. Personal data must be secure
7. The controller shall be responsible for, and be able to demonstrate compliance.
Use of Personal Information
Freedom City Church holds personal information about staff, volunteers, regular church attendees, and other individuals who have provided such information for a specific purpose. This information is used for the following purposes:
• The day to day administration of the church including maintaining and providing pastoral care and oversight, preparation of rotas and maintaining financial records for tax purpose (Gift Aid information will be kept in accordance with the HMRC regulations)
• The day to day administration of church activities and groups
• Contacting those people whose contact details we hold to keep them informed of the relevant church activities and events
All personal information which is held by Freedom City Church we be treated as private and confidential and not disclosed to anyone other than the staff, relevant volunteers, and charity trustees in order to facilitate the administration the day to day ministry of Freedom City Church.
Personal data will only be disclosed to a third party if one of the following circumstances applies:
• We are legally compelled to do so
• There is a public duty to disclose
• Disclosure is required to protect the interests of the individual concerned
• The individual concerned has requested (or given their consent to the data being disclosed.
Applying the Principles
• All Freedom City Church staff and volunteers who process Personal Data on behalf of the church will be required to agree to the Data Processor Agreement
• When personal information is collected for use by Freedom City Church we will ensure that:
o This information is necessary for church purposes
o The information is not kept for longer than it is needed
o Those supplying the information are aware of this policy and how they can obtain a copy
• Personal information (including photographs) of individuals will not be published on our website without obtaining explicit and informed consent from individuals concerned or their parents. We will never publish the names of children and young people alongside their photographs
• We will ensure that all Church attendees can request a change or update to the information held about them by Freedom City Church by making a request to Freedom City Church staff or volunteers or emailing email@example.com
• Each year we will identify and record the types of records and data held and log this in the Information Management register. Information which is out of date, obsolete or no longer used will be safely and securely discarded with a record made (including method of disposal and retention period) in the register
• A copy of this policy will be on Freedom City Church Website and available from Freedom City Church Office
• All personal information held by staff and volunteers on behalf of Freedom City Church will be held and processed in a sufficiently secure manner (whether in paper or electronic form) to prevent unauthorised access. This means we will:
o Store paper-based information in secure lockable cupboards
o Use password protections and encryption of particular sensitive documents
o Restrict access to both paper and electronic personal data to those wh need to process it for one of the above uses.
o Ensure that personal information is transmitted securely in a way that cannot be intercepted by unintended recipients.
What is the legal basis for processing your personal data?
The ways in which we collect and process your data must conform to the guidelines set out by the GDPR. We will process your data for the following reasons, and with the following conditions:
• Consent – We will explicitly ask your consent when collecting or using your data. Please fill in a Consent Form, which will allow you to tell us exactly how we can collect, use and store your data.
• Legitimate Interest – this is the most common reason we would use your data. This means that the data we hold for you would be used to aid in the normal running of the church and our ministries. For instance, if you are on any of our rotas, it is within legitimate interest for us to hold your data in order to maintain these rotas.
• Legal Obligation – we are required to process data for us to comply with the law, for example sharing data with HMRC for gift aid.
Your Rights Under The GDPR
You have the following rights under the new legislation, and we are lawfully required to uphold them, with regards to your data.
• Right to be informed – we will let you know exactly what data we are taking, why and how it is stored. You have the right to withdraw consent at any time.
• Right to Access – you have the right to ask us to access any of the data we hold for you. This right is subject to certain exemptions outlined in the Data Protection Act. Any person who wishes to exercise this right should make the request in writing or by email to firstname.lastname@example.org. We will aim to comply with such request as quickly as possible but will ensure that it is provided within 40 days of receipt of a written request unless there is good reason for delay. In such cases the reason for delay will be explained in writing to the individual making the request.
• Right to rectification – we must update your data within 30 days, if you tell us that the data we hold for you is incorrect.
• Right to object – you can object to some types of processing. For example, to fundraising requests. Again, we must honour this within 30 days.
• Right to erasure – you can ask us to erase your data at any time, and we must comply with this, EXCEPT when your data must be held for legal reasons (i.e. gift aid donation records)
• Right to Restrict Processing – this applies if we are correcting any of your data. We will not process or use your data until the corrections have been applied
• Right to Data Portability – any portable data we hold for you (i.e. on USB memory devices) must be protected to the best of our ability, in order to avoid data breaches.
If you are not satisfied with the way that we have handled any of your requests or queries relating to our use of your personal data then you can contact the Information Commissioner’s Office at https://ico.org.uk. The Information Commissioner’s Office is the statutory body responsible for overseeing data protection legislation and law in the United Kingdom.
To exercise all rights, queries or complaints please, in the first instance, contact the church office at: email@example.com
Freedom City Church
6 St Mungo’s Road
This policy was agreed by the Charity Trustees of Freedom City Church on 22nd May 2018.