Provided under the UK law on data protection applicable post 25 May 2018.
As part of the work of the church, we need to process personal data. We undertake to gather and process this data on the lawful basis of consent and under condition 9(2)d of GDPR, which applies because we are a church and may consequently process data designated ‘sensitive’ by regulation 9(2)d. We may also hold personal data on the lawful basis of contract in respect of persons receiving a salary from the church. We undertake to process all data in the course of our legitimate activities as a church and with appropriate safeguards.
Whose information do we hold and why?
Processing is in relation to members, former members and friends who are in contact with us, always in connection with the pursuit of our purposes as a church. Personal data is not disclosed outside the church processes without the consent of the data subjects (i.e. those to whom the data belongs).
Provided that you have given your written consent, your name and contact details will be entered into our church database which is held on the church office computer which is password protected and accessed only by the Pastor and Elder(s). Your contact details will be removed from the database once you are no longer a member of the church – unless you ask to remain as one of our “church friends”.
To enable us to provide quality pastoral support to you and your family, the Pastor may, with your consent, also record information which may be regarded as sensitive. This information will be stored (in password protected documents) on the church computer but the password will only be known to the Pastor and Elder(s). This information will NOT be disclosed to anyone else without your consent.
You have the right to ask to see any information we hold about you (including the pastoral support information) by submitting a ‘Subject Access Request’ to the Church Secretary. You also have the right to ask for information which you believe to be incorrect to be rectified and/or updated.
How long will we keep this information? What are your rights concerning it?
We will keep your data for the period of your involvement with the church. It may also be archived as part of our historical record of membership of the church. You can withdraw consent for us to hold your data at any time and we will immediately take action to delete/ destroy it. Your provision of this data is not part of a statutory requirement or obligation on your part unless you are receiving a salary from the church.
The Data Controller is:
Larbert Baptist Church
Art.4(7) of the GDPR defines the role of the ‘Data Controller’
"Controller" means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by EU or Member State laws, the controller (or the criteria for nominating the controller) may be designated by those laws.
Larbert Baptist Church Data Protection Lead Officer is the Church Secretary:
If you are concerned about the way your information is being handled, please speak to our Data Protection Lead Officer, who is the Church Secretary. If you are still unhappy you have the right to complain to the Information Commissioner’s Office, whose contact number is 0303 123 1113.