1. Policy statement
1.1 Spurgeon Baptist Church is committed to protecting personal data and respecting the rights of our data subjects; the people whose personal data we collect and use. We value the personal information entrusted to us and we respect that trust, by complying with all relevant laws, and adopting good practice.
We process personal data to help us:
a) maintain our list of church members (and regular attenders);
b) provide pastoral support for members and others connected with our church;
c) provide services to the community including via The CrossLinks Centre;
d) safeguard children, young people and adults at risk;
e) recruit, support and manage staff and volunteers;
f) maintain our accounts and records;
g) promote our services;
h) maintain the security of property and premises;
i) respond effectively to enquirers and handle any complaints, and,
j) any other legitimate purpose in the interests of the Church.
1.2 This policy has been approved by the church’s Charity Trustees who are responsible for ensuring that we comply with all our legal obligations. It sets out the legal rules that apply whenever we obtain, store or use personal data.
2.1 We are committed to protecting personal data from being misused, getting into the wrong hands as a result of poor security or being shared carelessly, or being inaccurate, as we are aware that people can be upset or harmed if any of these things happen.
2.2 This policy sets out the measures we are committed to taking as an organisation and, what each of us will do to ensure we comply with the relevant legislation.
2.3 In particular, we will make sure that all personal data is:
a) processed lawfully, fairly and in a transparent manner;
b) processed for specified, explicit and legitimate purposes and not in a manner that is incompatible with those purposes;
c) adequate, relevant and limited to what is necessary for the purposes for which it is being processed;
d) accurate and, where necessary, up to date;
e) not kept longer than necessary for the purposes for which it is being processed;
f) processed in a secure manner, by using appropriate technical and organisational means;
g) processed in keeping with the rights of data subjects regarding their personal data.
3. How this policy applies to you & what you need to know
3.1 As an employee, trustee or volunteer processing personal information on behalf of the church, you are required to comply with this policy. If you think that you have accidentally breached the policy it is important that you contact our Church Secretary immediately so that we can take swift action to try and limit the impact of the breach.
Anyone who breaches the Data Protection Policy may be subject to disciplinary action, and where that individual has breached the policy intentionally, recklessly, or for personal benefit they may also be liable to prosecution or to regulatory action.
3.2 As a leader of a regular Church group or ad-hoc activity run on behalf of the Church: You are required to make sure that any procedures that involve personal data, that you are responsible for in your area, follow the rules set out in this Data Protection Policy.
3.3 As a data subject of Spurgeon Baptist Church: We will handle your personal information in line with this policy.
3.4 As an appointed data processor/contractor: Companies who are appointed by us as a data processor are required to comply with this policy under the contract with us. Any breach of the policy will be taken seriously and could lead to us taking contract enforcement action against the company, or terminating the contract. Data processors have direct obligations under the GDPR, primarily to only process data on instructions from the controller (us) and to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk involved.
3.5 Our Church Secretary is responsible for advising Spurgeon Baptist Church and its staff and members about their legal obligations under data protection law, monitoring compliance with data protection law, dealing with data security breaches and with the development of this policy. Any questions about this policy or any concerns that the policy has not been followed should be referred to them through the form below;
3.6 Before you collect or handle any personal data as part of your work (paid or otherwise) for Spurgeon Baptist Church, it is important that you take the time to read this policy carefully and understand what is required of you, as well as the organisation’s responsibilities when we process data.
3.7 Our procedures will be in line with the requirements of this policy, but if you are unsure about whether anything you plan to do, or are currently doing, might breach this policy you must first speak to the Church Secretary.
4. Training and guidance
4.1 We will provide general training at least annually for all staff to raise awareness of their obligations and our responsibilities, as well as to outline the law.
4.2 We may also issue procedures, guidance or instructions from time to time. As a leader of a regular Church group or ad-hoc activity run on behalf of the Church you must set aside time for their team to look together at the implications for their work at least on an annual basis.