The Trustees of Caersalem Baptist Church, St Mellons (also known as the “Church Officers”) collect and retain certain personal information for the purposes of administering and operating the Church.
What data is being collected?
The Church Officers collect the following data:
- Contact information for Church Members;
- Personal information concerning Church Members, such as pastoral needs and medical issues (particularly points for prayer);
- Financial information concerning donations made by Church Members;
- Contact information for parents of children attending Church activities; and
- Personal information relating to children attending Church activities including medical and special needs information.
What is the legal basis for collecting this information?
Generally, the processing of such information is in the legitimate interests of the Church and, as the information processed can be considered to be sensitive information (as it relates to religious affiliation), it is processed in the course of our legitimate activities and only relates to our members and those we are in regular contact with.
In certain areas, such as the retention of information relating to donations, we have a legal obligation to process this information, especially as it relates to gift aid claims and other legislative requirements.
Will the data be shared with any third parties?
The data which the Church collects and processes will not be shared with any third party, unless we are legally obliged to do so, without your consent.
Church members and parents of children attending Church activities are able to specify the consent for disclosure of information through the privacy settings in the ChurchSuite software that we operate. Consents here include:
- Disclosure of Church member’s contact information to other church members
- Use of images on internal and external publications issued by the Church
The Church Officers use various software services to administer the church. These principally include:
- GSuite, provided by Google Inc.;
- ChurchSuite, provided by ChurchApp Limited; and
- Quickbooks, provided by Intuit Inc.
In all three instances, personal data is held on behalf of the Church Officers and therefore these organisations are considered to be Data Processors for the Church.
All three instances are “Software as a Service” solutions, more commonly known as “Cloud-based” software. Such software uses secure data storage servers operated by third parties, all of which operate under the regulations set out by the European Union.
How will the data be used?
The data processed will be used by Church Officers and others appointed by the Church Officers, such as Children’s Clubs workers, to administer the operation of the church and, in the respect of Church Members, provide pastoral care.
From time to time, we will contact you with details of meetings and services relevant to the activities you engage with the Church for. Communications may be via e-mail or SMS. If you wish to opt-out of these communications, you can do so via the ChurchSuite software.
How long will the data be stored for?
We will typically store your data for as long as you remain in contact with the Church. Once we are aware that we are no longer in contact with you, we aim to delete all data (other than that which are legally obliged to retain) within 3 months (NB in respect of Church Members, this will be 3 months from the data of you ceasing to be a Church Member).
What rights do you have?
You have the right to ask to see any information we hold about you (including the pastoral support information) by submitting a ‘Subject Access Request’ to the Data Protection Officer who is the Church Officer responsible for Information Technology as determined from time to time by the Church Officers. The Data Protection Officer can be contacted via firstname.lastname@example.org.
You also have the right to ask for information which you believe to be incorrect to be rectified.
How do you raise a complaint?
If you are concerned about the way your information is being handled please contact our Data Protection Officer. If you are still unhappy you have the right to complain to the Information Commissioners Office.