Protecting your data is something we take seriously. This policy outlines how we collect, store and process your personal information.
This policy applies to Freedom Church Jersey Limited, its employees, volunteers, leaders and trustees – referred to throughout this document as simply 'Freedom Church'.
If you use our website and/or submit data to us, and you do not have regular contact with Freedom Church in connection with its purposes, then you give your consent that personal data may be processed by us in the manner described in this policy.
If you do have regular contact with Freedom Church in connection with its purposes, then by submitting data to us and/or using our website, we will process your personal data on the legal basis of legitimate interest, as permitted under the GDPR Article 9 Para 2(d):
Churches (not for profit bodies with a religious aim) are permitted to process sensitive data when it is carried out in the course of its legitimate interests with appropriate safeguards and on condition that the processing relates solely to...
- the members or to former members of the church,
- or to persons who have regular contact with it in connection with its purposes,
- ...and that the personal data is not disclosed outside that body without the consent of the data subjects.
Our use of Personal Data
Freedom Church uses personal data about living individuals for the purpose of general church administration and communication. We recognise the importance of the correct and lawful treatment of personal data. All personal data, whether it is held on paper, on computer or other media, will be subject to the appropriate legal safeguards as specified in the General Data Protection Regulation (GDPR) which is applicable to all European organisations as of 25th May 2018.
We fully endorse and adhere to the seven key principles of GDPR, which specify the legal conditions that must be satisfied in relation to obtaining, handling, processing, transportation and storage of personal data. Employees and any others who obtain, handle, process, transport and store personal data for Freedom Church must adhere to these principles.
The principles are summarised as follows:
- Data shall be processed lawfully, fairly and transparently
- Data shall be collected for specified, explicit and legitimate purposes
- Data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
- Data shall be accurate and, where necessary, kept up to date
- Data shall be kept for only as long as necessary
- Data shall be processed and kept securely
- Freedom Church should be accountable to demonstrate compliance with these criteria under scrutiny
We will treat all your personal information as private and confidential and not disclose any data outside of Freedom Church – internally it may be shared where necessary to facilitate the administration and day-to-day operations of Freedom Church.
There are four exceptional circumstances to the above permitted by law:
- Where we are legally compelled to do so.
- Where there is a duty to the public to disclose.
- Where disclosure is required to protect your interest.
- Where disclosure is made at your request or with your consent.
Use of Personal Information
We will use your data for three main purposes:
- The day-to-day administration of the church; e.g. pastoral care and oversight, preparation of ministry rotas, maintaining financial records of giving for audit and tax purposes.
- Contacting you to keep you informed of church activities and events.
- Statistical analysis; gaining a better understanding of church demographics.
Our Database of Personal Information
Information contained in our database will not be used for any other purposes than set out in this policy. The database is accessed online and therefore available through any computer or smart device with internet access.
Access to the database is only available to a limited number of staff and volunteers within Freedom Church, who need it for church operations. Access is strictly controlled through individual usernames and complex passwords, which are selected by the individual. These credentials are not shared.
A subset of data is further available to team leaders and members for the purposes of small group and rota management. Each church member is able to control what personal information is visible to others with the use of the 'My ChurchSuite' tool online or via an app on a tablet or smartphone.
Those authorised to use the database only have access to their specific area of use within the database. This is controlled by the system administrators, who are the only people who can access and set these security parameters.
The database will not be accessed by any authorised users outside of the EU, in accordance with GDPR, unless prior consent has been obtained from the individual whose data is to be viewed.
All access and activity on the database is logged and can be viewed by the system administrators.
Personal information will not be passed onto any third parties outside of Freedom Church.
Rights to Access Information
All individuals who are the subject of personal data held by Freedom Church are entitled to:
Ask what information the church holds about them and why.
Ask how to gain access to it.
Be informed how to keep it up to date.
Be informed what Freedom Church is doing to comply with its obligations under the GDPR.
Personal data subjects for data held by Freedom Church have the right to access any personal data that is being held in manual filing systems. This right is subject to certain exemptions: Personal Information may be withheld if the information relates to another individual.
Any person who wishes to exercise this right should make the request in writing to the Data Protection Officer of Freedom Church. A sample 'Subject Access Request Letter' is available on the Office of the Information Commissioner website.
If personal details are inaccurate, they can be amended upon request.
The Data Protection Officer is:
Phil Le Cheminant
Freedom Church Jersey
4 Britannia Place
Email [email protected]
Any data subject may, at any time, contact our Data Protection Officer directly with any questions concerning data protection.
Right to erasure (Right to be forgotten)
Any data subject may invoke the 'right to be forgotten' by Freedom Church by contacting any employee of the controller. An employee of Freedom Church will promptly ensure that the erasure request is complied with.
There may be a legal basis that prohibits Freedom Church from actioning a data subject's 'right to be forgotten' – e.g. if records must be maintained for financial auditing or child safeguarding purposes. In this instance, the request will be acknowledged but declined, and our actions and timescales will be clearly explained.