Found Church holds and processes personal data about living individuals for the purpose of general church administration and communication. As a church we are committed to complying with data protection law and the rights of individuals under it. We are also committed to complying with the eight principles of the 1998 Data Protection Act as set our below. We recognise that this relates to all personal data, whether it is held on paper, on computer or other media.
All church staff members or volunteers who obtain, handle, process or store personal data for Found Church must adhere to these principles. The Data Controller of Found Church is the Charity Trustees.
The Principles (1988 Data Protection Act)
The Act requires the data controller to ensure that all personal data is dealt with in accordance with the ‘Eight Principles’ set out in the Data Protection Act. These Eight Principles in summary form are as follows:
- Personal data must be fairly and lawfully processed
- Personal data must be processed for limited purposes
- Personal data must be adequate, relevant and not excessive
- Personal data must be accurate and up to date
- Personal data must not be kept for any longer than is necessary
- Personal data must be processed in line with the data subjects’ rights
- Personal data must be secure
- Personal data must not be transferred to other countries without adequate protection
Use of personal information
Found Church holds personal information about staff, church members, regular church attendees and other individuals who have provided such information for a specific purpose. This information is used for the following purposes:
- The production of our annual Church Directory – copies of which are given to all those whose names appear on it.
- The production and updating of the Found Church App – which is available to everybody whose name appears on it. The Found Church App is accessed through the cloud and can be accessed through any internet connected computer or smart device. Access to the App is controlled through the use of name and specific passwords, chosen by the individual. Activity and access on the APP is logged and can therefore be viewed by the App Administrator. The server for the App is located in the UK and hosted by Churchapp.
- The day-to-day administration of the church (including maintaining membership records, providing pastoral care and oversight, preparation of rotas and maintaining financial records of giving for tax purposes)
- The day-to-day administration of church activities and groups
- Contacting those people whose contact details we hold to keep them informed of relevant church activities and events. All personal information which is held by the church (other than the information included in our Church Directory/ APP) will be treated as private and confidential and not disclosed to anyone other than the Church Staff and Charity Trustees in order to facilitate the administration and day-to-day ministry of the church.
Personal data will only be disclosed to a third party if one of the following circumstances applies
- We are legally compelled to do so
- There is a public duty to disclose
- Disclosure is required to protect the interests of the individual concerned
- The individual concerned has requested (or given their consent to) the data being disclosed
Applying the principles
- All Church staff and volunteers who process Personal Data on behalf of the church will be required to agree to sign our Data Processor agreement.
- When personal information is collected for use by Found Church we will ensure that
- this information is necessary for church purposes
- the information is not kept for longer than it is needed
- those people supplying the information are aware of this policy and how they can obtain a copy
- All individuals whose names and contact details are published in the Church Directory/Church App will be asked to give explicit consent for their details to be included. We will ensure that specific information will be removed from the Directory if the individual concerned requests this.
- Personal information (including photographs) of individuals will not be published on our website without obtaining explicit and informed consent from the individuals concerned or their parents. We will never publish the names of children and young people alongside their photographs.
- We will ensure that all church members and attendees can request a change or update to the information held about them by Found Church by making a request to church employees or emailing hello@FoundChurch.co.uk
- Each year, Found Church will identify and record the types of records and data sets held and log this in the Information Asset register. Information which is out of date, obsolete or no longer used will be safely and securely discarded with a record made (including method of disposal) in the Information Asset register.
- A copy of this policy will be on our church website / displayed in the office / available from the Found Church Secretary.
- All personal information held by staff and volunteers on behalf of Found Church will be held and processed in a sufficiently secure manner (whether in paper or electronic form) to prevent unauthorised access (whether by unauthorised church staff or third parties). This means we will:
- Store paper based information in secure, lockable cupboards
- Use password protections and encryption of particularly sensitive electronic documents;
- Restrict access to both paper and electronic personal data to those who need to process it for one of the above uses
- Ensure that personal information is transmitted securely in a way that cannot be intercepted by unintended recipients
Rights to Access Information
Staff, Church Members and other individuals whose personal information is held by Found Church have the right to access that information. This right is subject to certain exemptions outlined in the Data Protection Act. Any person who wishes to exercise this right should make the request in writing or by email to hello@FoundChurch.co.uk. We will aim to comply with such requests as quickly as possible, but will ensure that it is provided within 40 days of receipt of a written request unless there is good reason for delay.
In such cases, the reason for delay will be explained in writing to the individual making the request. Found Church reserves the right to charge the maximum fee payable for each subject request. This Policy was agreed by the Charity Trustees of Found Church on 1st September 2017.