GDPR

GDPR policy at Mount Hermon Chapel, Addingham

Information about the General Data Protection Regulation (GDPR)

Legal background

  • In May 2018 changes were made to the law concerning protection of personal data 
  • The changes were brought in by an EU regulation called the GDPR
  • The GDPR is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the EU
  • Under the GDPR an individual or legal person who controls and is responsible for the keeping and use of personal information on computer or in structured manual files is called a ‘data controller’
  • When processing personal data a ‘data controller’ has to comply with certain requirements which are called ‘the data protection principles’
  • The principles require that personal data are:
    • processed in a lawful, fair and transparent manner;
    • collected for specified, explicit and legitimate purpose(s) and not used for other purposes that are incompatible with the original purpose(s);
    • limited to only the personal data that the controller actually needs to process in order to achieve the purposes of the processing;
    • accurate and kept up to date;
    • retained for only as long as is necessary in relation to the purposes for which the personal data were collected; and
    • kept secure, including protecting against unauthorised or unlawful processing and accidental loss, destruction or damage.
  • Processing of personal data will be lawful only if a data controller has at least one lawful basis for such processing
  • The lawful bases set out in the GDPR include that:
    • the individual has consented to the processing of their personal data for one or more specific purposes; and 
    • the controller has a legitimate interest in processing such personal data, provided that the legitimate interest of the controller is not overridden by the rights or freedoms of the affected individuals.
  • There are further lawful bases for processing data which may apply in limited circumstances
  • Further information on GDPR is available here: https://www.gov.uk/data-protection

 

What personal data is held at Mount Hermon and for what purposes?

  • Contact details of members  
    • Purpose is to be able to contact members to let them know what is happening at the church, for advertising events, for pastoral care
  • Contact details of others who come into contact with the church, including those who attend services or courses (such as Alpha) or social activities (such as coffee mornings) or charity activities (such as Knitting for Armenia) or have indicated a wish to be kept informed about what is happening at the church or to be contactable for any reason
    • Purpose is to be able to contact people to let them know what is happening at the church, for advertising events, for pastoral care, to follow up enquiries
  • Contact details of local preachers
    • Purpose is to book visiting preachers to help with Sunday services
  • Contact details of representatives of Addingham Churches Together and Bradford Circuit
    • Purpose is to arrange ACT and circuit meetings, social and fundraising events and services
  • Next of kin contact details for members / attenders where member or attender has obtained permission from next of kin for church to hold these details
    • Purpose is to be able to contact next of kin in the event of pastoral emergencies
  • Where consent has been explicitly provided, photographs of members may appear on the church’s website: www.mounthermonwrc.org.uk  
    • Purpose of photographs is for publicity and to facilitate contact with the church
  • Where consent has been explicitly provided, personal details of members are included in a contact list / address book of members, a copy of which may be provided to members of the church
    • Purpose of the contact list / address book is so that members can contact each other easily
  • Further information about needs of individuals may be held in order to support pastoral care, to respond to prayer requests, to prepare for events such as baptisms, weddings, funerals etc.  Where such information is recorded it will be deleted within 6 months of information no longer being needed

Consent etc

  • The church’s website will contain a link to this document containing the church’s GDPR policy  
  • Each member will be asked whether they agree to their contact details appearing in church contacts list / address book (if consent is not given their contact details will not appear in the list)
  • Each member will be asked whether they agree to photos of them appearing on the church website (if consent is not given photos of that member will not be used on the website)
  • Each member or attender wishing the church to hold next of kin details will be asked to check their next of kin is happy for church to hold their contact details
  • Where practical, consent to hold personal details to be sought from individuals providing such details at the time they provide them (failing which consent to be sought as soon as possible)

 

Security and retention policy etc

  • Personal data held by Mount Hermon will be reviewed every 6 months and any out of date data corrected or deleted as appropriate
  • Hard copies of personal data will be kept locked up (this does not apply to members’ address book)
  • Electronic files of personal data will be password protected

 

Nicola Sharples

Data protection officer

Policy reviewed on 6 June 2020

Powered by Church Edit