This is our privacy statement for people who are part of Holland Road Baptist Church

Table of Contents

  • Introduction

  • Why are we keeping personal data?

  • Disclosure, or sharing, of personal information

  • Your data rightsWhat information do we have?

  • What do we do with your data?

  • How long will we keep your data?

  • Automated Processing

  • If you contact us via social media or email

  • Access to personal information

  • Data controller

  • Changes to this privacy notice

  • How to contact us

Introduction

At Holland Road Baptist Church (HRBC) we want to be transparent with the ways in which we use the personal data for all the people we interact with.

People who are part of HRBC include church members, people who are part of a community, people who are part of a team and/or people who sign up for Gift Aid.

This document outlines important information we have to tell you by law (the legislation is called the General Data Protection Regulations or GDPR for short).

HRBC complies with its obligations under GDPR by:

  • keeping personal data up to date;

  • storing and destroying it securely;

  • not collecting or retaining excessive amounts of data;

  • protecting personal data from loss, misuse, unauthorised access and disclosure;

  • and ensuring that appropriate technical measures are in place to protect personal data.

This document sets out what you should expect from us and what your rights are about your personal data.

Why are we keeping personal data?

At HRBC, we ask for personal data to enable the church to share information with you about the life of the church and provide appropriate pastoral support. For example:

If you are, or become, a church member, you will be involved in the life of church and play an active part in the decision making process.

If you are, or become, part of a team you will use your God given gifts by serving in the internal and external teams, that support church activities and serve the community.

If you are, or become, part of a Community you will be involved in studying the Bible, worshiping God, sharing the gospel and providing mutual pastoral care.

We therefore believe we have a legitimate interest to keep your details, as defined by the terms of by Article 6(1) (f) of the GDPR.

We do not need your consent to keep this information, but we must tell you why we have your data, what we do with it and for how long we keep it along with other things which are set out in this document.

Disclosure, or sharing, of personal information

Your personal data will be treated as strictly confidential, and will be shared only with HRBC employees and select volunteers. We will only share your data with other organisations outside of HRBC with your explicit consent.

We use third party data processors to help with our administration, for example:

  • ChurchSuite is our main church database - if you gave us an email address, you will be given a login for this via MyChurchSuite, to view and update your data

  • Google Docs for general church administration

  • Mailchimp for our weekly news emails

  • Twilio for SMS

  • QuickBooks for accounting

  • Due Diligence Checking for DBS checks

All our data processors are restricted in what they can do with your information by both the contract they have with HRBC and the GDPR.

In rare circumstances we may need to share your information with regulatory bodies, for example, the police to report a crime.

Your data rights

Unless subject to an exemption under GDPR, you have the following rights with respect to your personal data:

  • The right to request a copy of your personal data which HRBC holds about you;

    1. The right to request that HRBC corrects any personal data if it is found to be inaccurate or out of date;

    2. The right to request that your personal data is erased, unless it is necessary for HRBC to retain such data (e.g. for safeguarding or Gift Aid);

    3. The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction being placed on further processingThe right to lodge a complaint with the Information Commissioner’s Office (ICO).

What information do we have?

This will be information you give us and/or information given to us on your behalf (e.g. by a parent for their child). We will also record data gathered during your time with us, for example baptism date or team/community/church membership.

These are the main types of data we hold:

  • contact details

  • membership of communities, teams, rotas and other groups

  • baptism & membership dates

  • recent (< 6 months) indication of Sunday or mid-week attendance - used to help understand engagement and allow follow up of people we are concerned for

  • safeguarding information

  • photo - for identification in ChurchSuite and, if you provide consent, for publicity

  • email & photo consents

  • event sign ups and payments

  • record of giving and Gift Aid declaration - only shared with the few people who actually operate our accounts

As a church, the data we hold is categorised as special category data which is more detailed and sensitive, as it implies a religious belief. As a church, we have permissions under Article 9 Para 2(d) of the GDPR to process data relating to your religious beliefs.

In addition for children, we may hold sensitive health information which can be used to adapt a ministry team event for them.

What do we do with your data?

Your information is used in ways that you would expect – such as managing serving teams and keeping you informed about events.

We may use your personal data for the following purposes:

  • Maintaining our list of church members

    1. Providing pastoral support

    2. Providing services to the community

    3. Safeguarding children, young people or adults at risk

    4. Recruiting, supporting and managing volunteers

    5. Informing individuals of news, events, activities and services running at HRBC

    6. For events you have signed up for, keeping you updated about the programme, speakers and any practical aspects.

    7. If you volunteer for a team, your details will be used to manage and send out rotas, and will be given to your team leader.

    8. If you join a community, your details will be given to your community leader.

    9. If your child/children attend groups or activities, your details may be used for news, emergency contact and safeguarding purposes.

    10. Information contained in checks provided by the Disclosure & Barring Service and evidence of safeguarding training.

    11. Processing donations, payments (e.g. for events) and gift aid applications.

How long will we keep your data?

We keep your data for no longer than reasonably necessary. We will keep your data as long as you are a member of the church or are in regular contact with the church. e.g. attending Sunday services, volunteering, attending a community or receiving occasional visits.

If you resign from membership or are no longer in regular contact with us, we will retain your data for a maximum of six months, unless you specifically request for your data to be deleted earlier or where it is necessary for us to retain that information for other reasons (e.g. for safeguarding or Gift Aid).

For detailed information about retention of data, please see our Data Retention Policy.

Automated Processing

From time to time, we make use of automated processing to help us with understanding the needs of the church, event planning, managing and reviewing data, providing better pastoral care and helping us meet various legal requirements.

If you contact us via social media or email

We may use Facebook, Twitter or other social media to give information to you or to connect with you. We may also use email and text messages to communicate with you.

If you send us a private or direct message via social media the message will not be shared by us with other organisations.

Access to personal information

If you want to see the data that we hold on you, you will need to make a subject access request. Please contact our church office (see below) if you wish to submit a subject access request.

If you agree, we will try to deal with your request informally for example by providing you with the specific information you need over the telephone.

If you require a copy in a different format e.g electronic or written format we can do this. It can take up to 30 days to do this, depending on how much information there is or whether any information needs to be removed before sharing (such as where there is information about another person connected with your records, and that person has not consented to their information being shared).

There is no charge to make this request.

Data controller

The data controller is usually the organisation that holds your personal data.

In our case, Holland Road Baptist Church Trust is the data controller.

The church keeps your personal data and sensitive information electronically and sometimes in paper format.

If you want to request to see the information we hold about you, you will need to request this in writing to the church office - see below.

Changes to this privacy notice

We keep our privacy notice under regular review. If this there is a significant change to the way we would like to use your data, we will revise this document and re-issue it to you.

How to contact us

If you want to request information about our Data Protection or make a subject access request, you can email office@hrbc.org.uk, phone us or write to the address below:

Holland Road Baptist Church
65 Holland Road
Hove East Sussex
BN3 1JN
Tel 01273 732111

Date Issued: 8 November 2019