Gold Hill Data Privacy Notice/Policy
[Updated May 2018]
Gold Hill Baptist Church (GHBC) is committed to protecting and respecting your privacy. This policy outlines how we collect, make use of, communicate and disclose personal information. This statement outlines the ways in which we seek to be compliant with current data protection legislation (General Data Protection Regulation – GDPR), and the rights each person has regarding the handling of their personal information.
- Data controller – determines the purpose and manner by which personal data is processed – GHBC CLG
- Data processor – responsible for processing personal data on behalf of the data controller and under their instruction
- Personal data – information relating to a living individual who can be identified from that data, whether held in electronic records or in paper or manual filing systems
- Data subject – the living individual whose personal data we hold
3. What is personal data?
Personal information relates to a living individual who can be identified from that data. Identification can be by the information alone, or in conjunction with any other information in the data controller’s possession or likely to come into their possession. This may be held in electronic records or within structured manual filing systems, and also extends to ‘online identifiers’ such as computer IP addresses.
4. Our policy for processing your personal data
Gold Hill Baptist Church seeks to ensure that all data processing operations comply with its obligations under the General Data Protection Regulations (GDPR), specifically by:
- keeping personal data up-to-date
- storing and destroying personal data securely
- not collecting or retaining excessive amounts of data
- protecting personal data from loss, misuse, unauthorised access and disclosure by ensuring that appropriate technical measures and processes are in place to protect such data
5. How do we use/process your personal data?
Gold Hill Baptist Church uses your personal data for the following main purposes:
- to enable us to meet all legal and statutory obligations
- to maintain our church list of members, friends and regular attenders
- to deliver our church ministries and activities including: Sunday & midweek services, special services, (including dedications, baptisms, weddings & funerals), special events (including conferences, inter-church meetings, community meetings), children’s work, youthwork, young adults’ work, Seniors’ work, Global mission, men’s and women’s ministries, small group activities, counselling services, support for those experiencing separation or divorce, enquirers’ courses (such as Alpha & Christianity explored), football club, and other ad hoc services & ministries
- to enable us to provide community services for the benefit of the public (including Toddler Group, Seniors’ Day.)
- to provide news and information relating to events, activities and services running at GHBC
- to promote and include others in our services through photographs, sound recordings, video recordings and live webstreaming of services and selected events
- to provide pastoral support for members and others connected with our church
- to safeguard children, young people and adults at risk
- to recruit, support and manage our employees and volunteers
- to maintain our own accounts and records (including the processing of gift aid applications)
- to maintain and secure our property and premises
- to respond effectively to enquirers and handle any complaints
- to adhere to legal requirements e.g. for weddings
- in the renting out of church premises, and properties owned by the church
6. What is the legal basis for processing your personal data?
The following legal grounds apply to personal data processed by GHBC:
- explicit consent of the data subject so that we can provide information about news, events, activities and services, can process visual images, process gift aid donations, and can provide marketing / fundraising information
- where processing is necessary in order to fulfil a contract (e.g. with employee or supplier)
- where processing is necessary to carry out obligations under employment, social security or social protection law
- Processing is carried out by a not-for-profit body with a political, philosophical, religious or trade union aim provided:
- The processing relates only to members or former members (or those who have regular contact with GHBC in connection with those purposes); and
- There is no disclosure to a third party without consent
7. Sharing your personal data
Your personal data will be treated as strictly confidential and will only be shared with other members of the church in order to carry out a service to other church members or for purposes connected with the church. We will only share your data with third parties outside of Gold Hill Baptist church with your consent.
8. How long do we keep your personal data?
We will keep data only as long as it is deemed necessary – taking into account legal obligations, accounting & tax obligations, and considering what would be reasonable for the activity concerned.
Specifically we retain membership data whilst it is still current, details of donations, gift aid and salary payments (and associated paperwork) for 6 years after the tax year to which they relate to meet tax and accounting requirements, but will hold official registers (e.g. of marriages) permanently.
9. Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- the right to request a copy of the personal data which GHBC holds about you
- the right to request that GHBC corrects any personal data if it is found to be inaccurate or out-of-date
- the right to request your personal data is erased where it is no longer necessary for GHBC to retain such data
- the right to withdraw consent to processing at any time
- the right to request that GHBC provide you with your personal data and where possible to transmit that data directly to another organisation (the right to data portability) where applicable
- the right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing
- the right to object to the processing of personal data – only applies where processing is based on legitimate interests, for the performance of a task in the public interest/exercise of official authority, direct marketing & for the purposes of scientific/historical research & statistics.
- the right to lodge a complaint with the Information Commissioners Office (ICO)
10. Further processing
If GHBC should wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining the new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
11. Use of our website
Information which is input into the various contact forms on the site is stored in the website database for our records. This information may be removed if specifically requested and may also be deleted at various intervals.
Additional site security is provided through encryption with SSL via the WP Engine hosting platform, which is GDPR compliant. To find out more please visit https://wpengine.co.uk/support/gdpr-compliance.
12. Contact details
To exercise all relevant rights, and lodge queries or complaints, please in the first instance contact the Data Protection Lead (Operations Director) at firstname.lastname@example.org, 01753 887173, or Gold Hill Baptist Church, Gold Hill East, Chalfont St Peter SL9 9DG
For the (ICO), 0303 123 1113, Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF, or contact via their website on www.ico.org.uk