NBC Privacy Policy

Here at Northchurch Baptist Church we take your privacy seriously.
This statement sets out how we will deal with any personal information we collect from you or that you provide to us.

Who are we?

Northchurch Baptist Church will collect and deal with your personal information in accordance with the General Data Protection Regulation and the Data Protection Act 2018, which superseded the Data Protection Act 1998 on 25 May 2018. The Church Trustees as a body is the Data Controller of personal data we hold about you; this means we decide how your personal data is processed and for what purposes.

How we collect personal information

We collect personal information directly from you through surveys, printed forms or information you provide to our website or via ChurchSuite. We may also collect information from others about you including from other members and friends of the church or your previous church.

What information might we collect from you?

We may collect and process the following types of information about you:

• Your contact details – title, name, address, telephone number and email address.
• Your participation in rotas for service in the church.
• Information contained in emails or other correspondence from you and records of telephone calls or meetings with you.
• Your church membership status.
• Details of money that you give to the church.
• Your bank details for payment of expenses claims and payroll.
• Information contained in checks provided by the Disclosure & Barring Service.
• Information that you share with us for the purposes of pastoral care, encouragement, training and prayer.
• Information provided by parents relating to their children, including name, date of birth, medical and contact information in order to comply with child protection rules, to assist social activities and for use in emergencies.
• Other information you optionally enter and maintain in ChurchSuite

You should keep your ChurchSuite and other information up to date.

Sensitive Personal Data

The Data Protection Act recognises some information as Sensitive Personal Data. This includes, but is not limited to information which reveals your religious beliefs, health issues, race or ethnic origin. We will always treat any sensitive personal data we process with the greatest care and in accordance with the Data Protection Act.  We will only use your information with your express consent, or as set out under “What is the legal basis for processing your personal data?” below.

How may we use your personal information?

Personal information that we collect may be used by us in a number of ways:

• To maintain our lists of church members, including the Church Directory.
• To help us organise rotas and groups and to communicate with you.
• To provide pastoral care and support for members and others connected with our church.
• To recruit, support and manage staff and volunteers.
• To maintain our accounts and records.
• To maintain the security of our property and premises.
• To help us provide services to the community and organisations we support, including children’s and youth groups, lifegroups, hire of the church hall.
• To tell you about events that the church is running which we think may be of interest to you.
• To enable us to maintain appropriate safeguarding arrangements for our children, young people and vulnerable adults.
• To properly handle any complaints.
• Exceptionally, to deal with church discipline in accordance with the church’s constitution.

What is the legal basis for processing your personal data?

All personal data which we collect must be fairly and lawfully processed. Personal data may be processed in accordance with any of the following conditions:

• With the consent of the data subject.
• In the legitimate interests of the Church Trustees as Data Controller, provided that this is not unwarranted by reason of prejudice to the rights and freedoms or legitimate interests of the data subject.
• Where processing is necessary for carrying out obligations under a contract with the data subject eg employment.
• Where necessary for the church to meet its legal obligations.
• Where necessary to protect the vital interests of the data subject.

Sharing your personal data

Your personal data will be treated as strictly confidential and will only be shared with other members in order to carry out a service to other church members or with third parties for purposes connected with the church (eg organisations hosting the Church Weekend).

The Church Directory containing your agreed contact details (if you are a church member) may be distributed electronically to church members by email or in hard copy marked “Confidential” where requested by members without internet access.

Similarly, church rotas may also be displayed on notice boards within the church building. We will share your data with third parties outside of Northchurch Baptist Church only with your consent or for our legitimate interests.

The data that we control may be transferred and stored electronically on servers outside the European Economic Area (EEA), for example on Dropbox. All such data files will be password-protected against unauthorised access. We will take all reasonable and necessary steps to ensure that your data is treated securely and in accordance with this privacy statement.

How long do we keep your personal data?

We will store your personal information for no longer than is reasonably necessary, usually only for the time that you are involved with the church. After this we may continue to hold your contact details in order to keep you informed about the ministry of the church until you tell us not to.

Specifically, we retain membership data while it is still current. Church accounts and all associated documentation is retained for a period of 6 years after the calendar year to which the data relates. Church registers and records for baptisms, marriages and funerals are retained permanently, in accordance with legal requirements.

Gift Aid Declarations will be stored indefinitely due to legal requirements.

Your rights regarding your personal data

You have the following rights with respect to your personal data and we must respond within one month if you exercise any of them:

• The right to be informed about the collection and use of your personal data – as detailed in this Privacy Notice.
• The right of access to a copy of the personal data we hold about you.
• The right to require that we correct any personal information if it is found to be inaccurate.
• The right to request that your personal data is erased from our records.
• The right to restrict processing of your personal data; when processing is restricted, we are permitted to store the personal data, but not to process it further without your consent.
• The right to data portability, which allows individuals to obtain and reuse their personal data for their own purposes across different services.
• The right to object to the processing of personal data in certain circumstances, including for direct marketing.
• The right to complain to the Information Commissioner’s Office (ICO) if you believe that the church has not handled your personal data in accordance with data protection law.

Please note that these rights are subject to a number of exceptions allowed by law.  We shall however endeavour to comply with your request as far as we are able and will tell you if we are not.

Contact Details

To exercise all relevant rights, queries or complaints please contact the church Data Protection Officer through the church office at:

Address: 67 High Street, Northchurch, Herts HP4 3QH; marked ‘CONFIDENTIAL; ATTN DPO’

Email: data.protection@northchurch.com

You can contact the Information Commissioner’s Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

Further information can be found on the ICO’s website at https://ico.org.uk/.

Policy Published: 24th May 2018