Waldringfield Baptist Church
Newbourne Road, Waldringfield, IP12 4PT
General Data Protection Regulation (GDPR)
Waldringfield Baptist Church recognises the importance of the correct and lawful treatment of personal data. All personal data whether it is held on paper, on computer or other media, will be subject to the appropriate legal safeguards as specified under the guidelines of GDPR.
Waldringfield Baptist Church fully endorses and adheres to the principles of General Data Protection Regulation.
These principles relate to:
- Lawfulness, fairness and transparency – you must process personal data lawfully, fairly and in a transparent manner in relation to the data subject.
- Purpose limitation – you must only collect personal data for a specific, explicit and legitimate purpose. You must clearly state what this purpose is, and only collect data for as long as necessary to complete that purpose.
- Data minimisation – you must ensure that personal data you process is adequate, relevant and limited to what is necessary in relation to your processing purpose.
- Accuracy – you must take every reasonable step to update or remove data that is inaccurate or incomplete. Individuals have the right to request that you erase or rectify erroneous data that relates to them, and you must do so within a month.
- Storage limitation – You must delete personal data when you no longer need it. The timescales in most cases aren’t set. They will depend on your business’ circumstances and the reasons why you collect this data.
- Integrity and confidentiality – You must keep personal data safe and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
All personal data is to be treated as private and confidential information and is not to be disclosed to anyone other than those who need access to the personal data in order to facilitate Pastoral Care and Church Administration in undertaking the day-to-day ministry of the church.
USE OF PERSONAL INFORMATION
Use of personal data is for the purpose of Pastoral Care and Church Administration.
The list below provides examples of where data can be used. However, this list is not exhaustive as there are other situations and circumstances where information is collated and used.
The Day-to-Day ministry of the Church: e.g. Pastoral care and oversight including calls and visits.
Maintaining a membership roll and also maintaining registers for children’s and young people’s activities.
For the safeguarding of children (e.g. to facilitate speedy contact with parents/guardians and/or a named medical professional should the need arise).
Preparation of Rota’s.
For compiling a church directory contact list.
Maintaining financial records for audit and tax purposes.
For the lawful purpose of discharging our legal obligations.
Data held by and on behalf of Waldringfield Baptist Church will not be used for any other purposes than set out in this policy.
Data is held among a number of computers (both Church and privately owned) and in paper format by those who have a need to either maintain, process or use the data.
Where data is stored electronically it is to be stored on a machine which is adequately protected physically and electronically with the latest updates to the operating system, antivirus, firewall and any other technical measures which are necessary.
All personal data held by Waldringfield Baptist Church has been:
a) Supplied freely by the individuals whose information is held or by their parents/guardians where the individual is a child/young person (a registration form is completed for all children’s and young people’s activities), or
b) Supplied in matters of child safeguarding by appropriate third parties e.g. Child Safeguarding Officer, Police, and Social Workers. In such cases the data will be held in secure files by the appropriate officer.
Waldringfield Baptist Church does not disclose any personal data to third parties other than in matters where we hold a legal obligation and duty of care to do so, such as child safeguarding.
All personal data regarding children and young people that has been supplied by parents/guardians is held in paper form in a file in a secure, locked cupboard.
Personal data is also held securely regarding online requests and registration to attend children’s and young people’s holiday clubs.
A list of current attendees at Sunday School and other children’s and young people’s activities is held in paper form in a locked cupboard.
In the event of any new use of an individual’s personal data, this will be brought to the individual’s attention and discussed prior to implementation.
Spare copies of the church directory contact list are also kept in a locked cupboard.
Rights to Access Information (Subject Access Request)
All personal data held regarding an individual is freely available to that individual upon request. In the case of children, the information is available to the individual’s parents or guardians unless a court order exists whereby this information may only be divulged to specific named parties.
- can be verbal or in writing
- can be submitted by any means, eg via web form, email, letter, phone call, etc
- doesn’t have to explicitly state the phrase ‘subject access request’, but has to be clear that the individual is requesting their own personal data
Every individual has the right to rectification and erasure of their personal data and the right to object to any information held about them.
Waldringfield Baptist Church aims to comply with requests for access to personal information as quickly as possible without undue delay and within one month of the request.