Our measures to keep your data safe and secure
Bethany Community Church is committed to the protection of the privacy of all our members and ministry users. Your privacy is very important to us and we understand how important it is to you. Our aim is to be as clear and open as possible about what we do with your personal data and why we do it.
We comply with our obligations under the GDPR by keeping Personal Data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
Definitions we use in this privacy notice
- Members means everyone who has attended our “new member’s” evening and has signed the Bethany Community Church members form, or has informed the Bethany Community Church leadership that they want to be considered a member.
- Visitor means someone who has not indicated that they want to be a member, but is a regular attender at Bethany Community Church services and/or events.
- Ministry means one of our community focused ministries.
- Ministry User or Ministry Receiver means someone who is a client of one of our community focused ministries.
- Kings Pantry is our food bank distribution service which delivers food, toiletries and household items to referrals from Harpenden Money advice centre, other agencies, friend’s neighbours or Bethany Community
- Church members.
- LINK is our 1 to 1 befriending, and weekly drop-in service.
- Bubbles is our weekly toddlers group
- Golden Nuggets is our over 50’s friendship group
- Lighthouse Ministry is our pastoral ministry service.
What is our lawful basis for using your information?
We have various scenarios under which we may use your information, and for each we have identified a lawful basis as described below:
Legal Obligation applies: To those who are employed by Bethany Community Church in order to fulfil our legal obligation
Legitimate Interest applies: To all members, visitors and ministry users/receivers in our pursuit of the aims of the Bethany Community Church charity
Consent applies: To Bethany Community Church ministries that do not have a legitimate interest in holding personal data, but would like to have consent to contact the ministry user with information about other Bethany Community Church activities.
Sharing your Personal Data
The personal data we hold about you will be treated as strictly confidential and we will only share your data with indirectly connected third parties with your prior consent, or unless required to do so by law. Directly connected third parties include:- ChurchSuite, HMRC, Stripe online payment, Interflora and Google Suite.
How secure is your Personal Data?
We take security very seriously and will do everything within our power to keep your data safe. Details of that are listed in the section below “How your data is held”.
How long do we keep your Personal Data?
We keep data in accordance with the guidance set out be GDPR. We endeavour to maintain only data that is relevant, accurate and up to date.
Members are responsible for keeping contact details up to date. This can be done by logging into your ChurchSuite account and making any necessary changes.
- Visitors and ministry users/receivers are responsible for informing either the Bethany Community Church administrator or their ministry leader of any changes to their data. Alterations will be made to ChurchSuite within no more than one calendar month of the request.
- Upon ceasing to be a Bethany Community Church member, visitor or ministry user/receiver all your Personal Data whether electronic or paper will be removed/destroyed, except for such data as needs to be retained for lawful reasons. i.e. Gift Aid personal data.
We have internal processes to periodically review the data we hold and delete data that is no longer relevant to our purpose for processing.
Your Rights and your Personal Data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your Personal Data:-
- Access to your Personal Data: You have the right to request a copy of the Personal Data that we hold about you. We will respond to this request within one calendar month
Correcting your Personal Data: We want to make sure your data is accurate, complete and up to date and you may ask us to correct any Personal data that you believe does not meet these standards. (See previous section regarding self-correction of basic Personal Data).
- Deletion of your Personal Data: You have the right to ask us to delete Personal data about you, where:
You consider that we no longer require the information for the purpose for which it was obtained or that we no longer need to retain it in accordance with our statutory obligations.
You have validly objected to our use of your Personal data – see “Objecting to how we may use your Personal Data.
Our use of your personal Data is contrary to law or other legal obligations
- Objecting to how we may use your Personal Data: Where we use your Personal Data to perform tasks carried out in the public interest then, if you ask us to, we will stop using the Personal Data unless there are overriding legitimate grounds to continue.
- Restricting how we may use your Personal Data: In some cases, you may restrict how we use your Personal Data. This right might apply, for example, where we are checking the accuracy of Personal Data about you that we hold or assessing the validity of any objections you have made to our use of your Data. The right might also apply where there is no longer a basis for using your Personal data but you do not want us to delete the Data. Where this right is validly exercised, we may only use the relevant Personal Data with your consent, for legal claims or where there is other public interest grounds to do so.
- Lodging a complaint: If you feel we have used your Personal Data incorrectly or without lawful basis, or you dispute our lawful basis, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
Personal Data we may hold
Bethany Community Church collects a range of information depending on whether you are a member, visitor or ministry user/receiver. Basic information such as name, address, D.O.B. phone/mobile phone number and email address are the essential minimum data we would hold.
In addition to this we may hold data regarding DBS Disclosure certificates, personal medical/allergy information, disabilities, medication, additional emergency contact details, and dietary information. Where necessary we will hold personal financial information mainly for the processing of Gift Aid contributions.
In addition data legally required for the processing of employee’s salary, tax and NI contributions, holiday allowance, pensions and sickness benefit will also be held where appropriate
How your data is held
ChurchSuite is the online, third party, database we use to process personal data for all our members, visitors and ministry users/receivers. ChurchSuite has extremely strong security protocols. ChurchSuite only access our database in order to support the proper function of the database. All the Bethany Community Church office computer that have access to ChurchSuite are password protected. Individual’s access to ChurchSuite is personal password protected.
Ministry leaders and key workers with specific responsibilities may have contact details on their mobile phones. This only applies to Kings Pantry, LINK and Golden Nuggets ministry workers who may have a reason to contact a ministry user/receiver. All these phones are either password, PIN or biometrically protected.
CCPAS (Churches Child Protection Agency Services) – Holds information on all members, ministry leaders and volunteers on whom we need to have DBS Disclosure checks carried out. Those it involves are invited to register with CCPAS in order for the appropriate checks to be carried out. CCPAS hold this information on behalf of Bethany Community Church. Only the Bethany Community Church administrator and lead Safeguarding officer have access to this database.
GOOGLE SUITE Bethany Community Church uses the following Google Suite facilities: Gmail and Google Drive. Contacts are held on ChurchSuite and this is used as the platform to send out emails. This links to staff, ministry leader’s and volunteer who have Bethany Community Church Gmail addresses. Group emails will be sent out via ChurchSuite to ensure automatic use of the Blind Carbon Copy facility.
HMRC For lawfully processing employees income tax and NI
MailChimp. Use for generating and distributing the newsletter. This online program allows for the production of more complex emails than the basic ChurchSuite email module. MailChimp is synchronised with the ChurchSuite database. MailChimp do not use your Personal Data for any other purpose than processing our emails.
Newday Youth Camp. Youth Personal Data is input by our Bethany Community Church administrator into the Newday database. This is done by parental consent via an application form.
Interflora. Personal Data is provided on an Ad Hoc basis as and when floral tributes or bouquets are sent to members, visitors or ministry users/receives for the purposes of encouraging, thanking, remembering or honouring the individual who’s Personal Data is provided to Interflora for this purpose.
Stripe online payment services. This is an integrated service for online payment for Bethany Community Church activities and events. Users of Stripe input their information, Bethany Community Church receives notification of payment and Personal Data details associated with a particular payment. No bank or Credit Card details are passed to Bethany Community Church. Stripe is synchronised with the ChurchSuite database.
Handling a Privacy Breach. GDPR defines a data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed”.
Privacy breaches can be by way of an external source i.e. hacking, malware, phishing or other devious means. They may be due to breaches within Bethany Community Church through employees, contractors or support partners.
In order to prevent security breaches on electronic devices appropriate software and firewalls have been activated on all Bethany Community Church office computers. Internet traffic is also monitored in order to proactively prevent potential breaches from occurring.
Bethany Community Church has a “Personal Data Clear Desk” policy. That is, no Personal Data will be left open on a desk. Any documents or papers displaying Personal Data will be cleared from desks and stored in the locked desk units provided.
All Bethany Community Church staff will logoff computers, tablets or phone if they leave them unattended, ensuring no Personal Data is displayed while they are away from these devices.
The Bethany Community Church office WiFi has separate access for staff and guests, ensuring that guests cannot “see” office devices.
Privacy breaches will not be ignored.
Once it is known that a privacy breach has occurred the immediate concern is to contain and stop the breach from continuing. Once that has been done it is important to ascertain the risk level and follow the appropriate reporting and remedial procedures. (See Bethany Community Church’s GDPR data protection policy for details).
Bethany Community Church Contact Details
Address:- Bethany Community Church
Unit 5a, 40 Coldharbour Lane
Phone:- 01582 318171
Administrator:- Nicola Hill
Data Protection Controllers:- John Swain and Nicola Hill