GDPR Policy
Responsible Executive: | Leadership |
Policy No: | 1 | Issue Date: | 26th July 2024 |
Version No: | 1 | Review Date: | 25th July 2025 |
Introduction
Member's privacy is important to us, and we want to communicate with them in a way which is in line with the new GDPR regulations.
By signing the GDPR form members are confirming that they are consenting to Clays Community Church holding and processing their personal data for the following purposes:
- To keep members, attendees, and people interested in the affairs of Clays Community Church informed about news, events, activities, and services (members can unsubscribe at any time);
- To be included in the prayer network so members receive text messages.
- To include member's details in the 'Church Directory' which is circulated only to church leaders.
We will hold your details as securely as possible and will not share them with anyone except Leaders of Clays Community Church. The data will be held in the various secure places mentioned below.
Consent
Members can grant consent to all the purposes; one of the purposes or none of the purposes. They can also grant consent for any or all of the methods by which we might contact them.
Where members do not grant consent, we will not be able to use their personal data; (for example, we may not be able to let them know about forthcoming services and events); except in certain limited situations, such as where required to do so by law or to protect members of the public from serious harm.
Members can withdraw or change their consent at any time by contacting the Pastor of Clays Community Church. All processing of personal data will cease once consent is withdrawn, other than where required by law, but this will not affect any personal data that has already been processed prior to this point.
Methods of Collecting Data
Data will be collected by asking members and others (e.g., parents of Children's Club attendees) to fill in the prescribed GDPR forms and sign them.
Access to these forms and the information on them will only be given to designated leaders within the Church. As at 26th July 2024, these will be:
Pastor: | Rev. Alan Higgins |
Board of Elders: | C. Glanville; M. Parsons |
Leader of Worship Teams: | J. Heasman |
Children's Ministries Director: | H. Glanville |
Child Protection Officers: | B. May; C. Glanville |
Treasurer: | C. Glanville |
Gift Aid Secretary: | C. Glanville |
The protected data will not be used by the spouse or family member of the leader holding it.
Places Data is Stored
The forms will be stored in a locked metal cabinet at the home of our Church Secretary.
Telephone numbers and email addresses will be stored on leader's telephones and computers/tablets. These devices must be protected by a password and/or fingerprint/iris/facial recognition for access.
Leaders should not be in possession of personal data that they have no need for.
Ongoing Management of Held Data
Regular checks will be carried out to ascertain if data is secure and if non-essential data is being held by leaders. This will take the form of a verbal acknowledgement.
This will include Leaders being asked to confirm that any person who has left the Church or its activities is properly managed.
Methods of Using Personal Data
The personal data provided by members will be Name, address, land-line telephone number, mobile telephone number, email address, Facebook details* and WhatsApp* details.
Members will never be sent an email or text that contains other people's emails or text numbers at the top (address line); therefore, their information will not be shared. This does not apply to closed groups on apps that people have elected to join (e.g., Facebook Messenger) and on which they can remove themselves at any time.
The chosen method for most communication from the church will be WhatsApp through our private groups which appears on everyone's mobile phone as if it is a message sent to them alone from the leader.
(*Where appropriate)
Process for Removing Data
When a member leaves the church or a person asks for their personal data to be removed from our records, the original sign-up sheet will be removed from the secure cabinet and destroyed by cross-cut shredder. The Leaders of the church will then be informed by text or email and asked to remove the personal data from their devices. One week later the Leaders will be asked to confirm that they have done this.
Active Data Management
Active data is that which has to be kept on file because it is still relevant or the law requires it (e.g., Permission slips from parents authorising children to go on trips).
This kind of data will always be kept in a locked cabinet and can only be accessed by Leaders who are currently in service.
Breach Action
A breach is where the personal data of members is compromised by the loss of a mobile device with that information on it, the hacking of a device, a phishing virus/malware invading a device, a break-in to locked cabinets, or any type of loss or stealing of data.
When a breach occurs, the person concerned must immediately inform the Senior Leader (i.e., Alan Higgins). Action will be taken to investigate and retrieve the information or the device. The relevant parties will be informed as per national GDPR protocols.
Terms
Members - those who count themselves members of Clays Community Church and are on the members list. For the purpose of this document, 'members' will also refer to members of the wider Church family, i.e., parents of children who attend clubs.
Who Does This Policy Apply To?
Board of Elders All Department Heads |