Policy: GDPR

GDPR Policy


Responsible Executive: Leadership
Policy No: 1 Issue Date: 26th July 2024
Version No: 1 Review Date: 25th July 2025

Introduction

Member's privacy is important to us, and we want to communicate with them in a way which is in line with the new GDPR regulations.

By signing the GDPR form members are confirming that they are consenting to Clays Community Church holding and processing their personal data for the following purposes:

  • To keep members, attendees, and people interested in the affairs of Clays Community Church informed about news, events, activities, and services (members can unsubscribe at any time);
  • To be included in the prayer network so members receive text messages.
  • To include member's details in the 'Church Directory' which is circulated only to church leaders.

We will hold your details as securely as possible and will not share them with anyone except Leaders of Clays Community Church. The data will be held in the various secure places mentioned below.

Consent

Members can grant consent to all the purposes; one of the purposes or none of the purposes. They can also grant consent for any or all of the methods by which we might contact them.

Where members do not grant consent, we will not be able to use their personal data; (for example, we may not be able to let them know about forthcoming services and events); except in certain limited situations, such as where required to do so by law or to protect members of the public from serious harm.

Members can withdraw or change their consent at any time by contacting the Pastor of Clays Community Church. All processing of personal data will cease once consent is withdrawn, other than where required by law, but this will not affect any personal data that has already been processed prior to this point.

Methods of Collecting Data

Data will be collected by asking members and others (e.g., parents of Children's Club attendees) to fill in the prescribed GDPR forms and sign them.

Access to these forms and the information on them will only be given to designated leaders within the Church. As at 26th July 2024, these will be:

Pastor: Rev. Alan Higgins
Board of Elders: C. Glanville; M. Parsons
Leader of Worship Teams: J. Heasman
Children's Ministries Director: H. Glanville
Child Protection Officers: B. May; C. Glanville
Treasurer: C. Glanville
Gift Aid Secretary: C. Glanville

The protected data will not be used by the spouse or family member of the leader holding it.

Places Data is Stored

The forms will be stored in a locked metal cabinet at the home of our Church Secretary.

Telephone numbers and email addresses will be stored on leader's telephones and computers/tablets. These devices must be protected by a password and/or fingerprint/iris/facial recognition for access.

Leaders should not be in possession of personal data that they have no need for.

Ongoing Management of Held Data

Regular checks will be carried out to ascertain if data is secure and if non-essential data is being held by leaders. This will take the form of a verbal acknowledgement.

This will include Leaders being asked to confirm that any person who has left the Church or its activities is properly managed.

Methods of Using Personal Data

The personal data provided by members will be Name, address, land-line telephone number, mobile telephone number, email address, Facebook details* and WhatsApp* details.

Members will never be sent an email or text that contains other people's emails or text numbers at the top (address line); therefore, their information will not be shared. This does not apply to closed groups on apps that people have elected to join (e.g., Facebook Messenger) and on which they can remove themselves at any time.

The chosen method for most communication from the church will be WhatsApp through our private groups which appears on everyone's mobile phone as if it is a message sent to them alone from the leader.

(*Where appropriate)

Process for Removing Data

When a member leaves the church or a person asks for their personal data to be removed from our records, the original sign-up sheet will be removed from the secure cabinet and destroyed by cross-cut shredder. The Leaders of the church will then be informed by text or email and asked to remove the personal data from their devices. One week later the Leaders will be asked to confirm that they have done this.

Active Data Management

Active data is that which has to be kept on file because it is still relevant or the law requires it (e.g., Permission slips from parents authorising children to go on trips).

This kind of data will always be kept in a locked cabinet and can only be accessed by Leaders who are currently in service.

Breach Action

A breach is where the personal data of members is compromised by the loss of a mobile device with that information on it, the hacking of a device, a phishing virus/malware invading a device, a break-in to locked cabinets, or any type of loss or stealing of data.

When a breach occurs, the person concerned must immediately inform the Senior Leader (i.e., Alan Higgins). Action will be taken to investigate and retrieve the information or the device. The relevant parties will be informed as per national GDPR protocols.

Terms

Members - those who count themselves members of Clays Community Church and are on the members list. For the purpose of this document, 'members' will also refer to members of the wider Church family, i.e., parents of children who attend clubs.

Who Does This Policy Apply To?

Board of Elders
All Department Heads