Data Privacy Notice
1. Personal data
The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”). Knockconny Baptist Church collects and processes personal information, or personal data, relating to its members, staff, volunteers and those connected with church activities. This personal information may be held by Knockconny Baptist Church on paper or in electronic format.
2. Controller of data
We, Knockconny Baptist Church, are the data controller (contact details below). This means that we decide how your personal data is processed and for what purposes. Knockconny Baptist Church is committed to being transparent about how it handles your personal information, to protecting the privacy and security of your personal information and to meeting its data protection obligations. The purpose of this privacy notice is to make you aware of how and why we will collect and use your personal information through your connection with Knockconny Baptist Church.
3. Processing of Personal data
We comply with our obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for the following purposes: -
• To enable us to provide a service (pastoral care) for the benefit of our members and the wider public in a particular geographical area;
• To administer membership records;
• To run all church activities (including youth and children’s programmes) efficiently;
• To fundraise and promote the interests of the church;
• To manage our employees and volunteers;
• To maintain our own accounts and records (including the processing of gift aid applications);
• To inform you of news, events, activities and services running at or run by us.
4. Legal basis for processing personal data
The lawful basis for processing data is dependent upon the data subject (individual) and the purpose of the data processing. For example: the data processing for an employee in terms of what data is collected and how it is further processed is different from that of a member of our church. Legal bases we rely on will primarily consist of one or more of the following:
• Processing is necessary for the purposes of legitimate interests pursued by us or a third party except where such interests are overridden by the interests, rights or freedoms of the data subject. This is where we need to use your data to engage in our normal day to day activities e.g. keeping a record of your name and address on our membership list;
• Processing is carried out by us in our capacity as a not-for-profit body with a political, philosophical, religious or trade union aim provided: -
o the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes); and
o there is no disclosure to a third party without consent.
An example of this may be where a record of sensitive data may need to be kept by us so that effective pastoral care may be provided to members;
• Explicit consent of the data subject. An example of this would be your consent to joining a mailing list so that we can keep you informed about news, events, activities and services and process your gift aid donations and keep you informed about various events;
• Processing is necessary for us to comply with the law. Examples of this could be our legal obligations to maintain certain records so that we may carry out our obligations under employment, social security or social protection law, or a collective agreement; and
5. Sharing your personal data
We will not share your information with third parties without your consent unless the law requires us to do so.
6. Retention of personal data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
We hold your data for varying lengths of time depending on the type of information in question but in doing so we always comply with Data Protection legislation. Details of Data Retention periods are included in our Data Protection Policy (copy available on request).
7. Security of personal data
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those who need access to it. They will only process your personal data on our instructions.
We have put in place procedures to deal with any suspected personal data breach and will notify you and the ICO where we are legally required to do so.
8. Your rights and your personal data
Under Data Protection legislation, you have the right to request access to your personal data that we hold. For further information on how your personal data is used, how we maintain the security of your personal data and your rights to access your personal data we hold, please contact us (details below).
If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to;
**The Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF
8. Contact Details
If you would like to discuss anything in this Privacy Notice, please contact David Keys, Elder and Secretary at [email protected]