Christ Apostolic Church Surrey Docks London (also referred to as; “we”, “us” or “our”) needs to keep certain information on its members and employee to carry out its day to day operations which is mostly missionary and charitable purposes, to meet its objectives and to comply with legal obligations. The church is committed to ensuring any personal data will be dealt with in line with The General Data Protection Regulation (GDPR). To comply with the law, personal information will be collected and used fairly, stored safely and not disclosed to any other person unlawfully. The aim of this policy is to ensure that everyone handling personal data is fully aware of the requirements and acts in accordance with data protection procedures. This document also highlights key data protection procedures within the church.
The Data (Privacy) Protection procedure addresses the following principles;
We, the Christ Apostolic Church Surrey Docks London, will through appropriate management and strict application of criteria and controls:
To meet our responsibilities, we will:
Training and awareness about the Data Protection Act and how it is followed in this church will be in the form of a General training/ Awareness raising once a year.
Christ Apostolic Church Surrey Docks London provides notice about the policies and procedures in all contract agreements, membership forms and visitor forms; the policies and procedures are also available on the website, www.cacsurreydocks.org.Depending on the purpose for data collection, Christ Apostolic Church Surrey Docks London may collect the following personal details:
We also process sensitive classes of information that may include:
Personal information is kept in the following forms:
How do we process your personal data?
We comply with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for the following purposes: –
•To enable us to provide a voluntary service for the benefit of the public in a particular geographical area as specified in our constitution;
•To administer membership records;
•To fundraise and promote the interests of the church;
•To manage our employees and volunteers;
•To maintain our own accounts and records (including the processing of gift aid applications);
•To inform you of news, events, activities and services running at the church locally, at District level and national level;
•To provide pastoral care and services
A. Explicit consent:
By becoming a member of Christ Apostolic Church Surrey Docks London, you give your explicit consent with respect to the obtaining, using, holding, amending, disclosing, destroying and deleting of data as described in this notice. Explicit consent here means you were clearly presented with an option to agree or disagree with the collection, use, or disclosure of personal information.
B. Legitimate Interest: As a church, we have a legitimate interest of keeping the records of our members. These records will only be used for reasons stated in this privacy policy
We shall obtain and process personal data fairly and in accordance with statutory and other legal obligations. We collect personal information for the sole purposes of keeping in touch with our members, provide both missionary and pastoral services, legal obligation to government eg. disclosing details of Gift Aids donors
In line with GDPR principles, Christ Apostolic Church Surrey Docks London will ensure that personal data will:
6. Access:
Your rights and your personal data:
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: –
•The right to request a copy of your personal data which CAC Surrey Docks holds about you;
•The right to request that CAC Surrey Docks corrects any personal data if it is found to be inaccurate or out of date;
•The right to request your personal data is erased where it is no longer necessary for CAC Surrey Docks to retain such data;
•The right to withdraw your consent to the processing at any time
•The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable) [Only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means].
•The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
•The right to object to the processing of personal data, (where applicable) [Only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics]
•The right to lodge a complaint with the Information Commissioners Office.
Anyone whose personal information we process has the right to know what information we hold and process on them, how to gain access to this information, how to keep it up to date and what we are doing to comply with GDPR. They also have the right to prevent processing of their personal data in some circumstances and the right to correct, rectify, block or erase information regarded as wrong.
Individuals have a right under GDPR to access certain personal data being kept about them on computer and certain files. Any person wishing to exercise this right should apply in writing to the
Church office at following details:
Christ Apostolic Church Surrey Docks
Attn: Data Protection Lead
163 Ilderton Road, South Bermondsey
London SE16 3LA
We may also require proof of identity before access is granted. Groups of people within the church who will process personal information are: Church Administrator, Church Secretary, Presidents and Secretaries of bands and groups, multimedia group and Pastors. Queries about handling personal information will be dealt with swiftly and politely.
The church will take steps to ensure that personal data is kept secure at all times against unauthorized or unlawful loss or disclosure. Any disclosure of personal data will be in line with our procedures. Any unauthorized disclosure of personal data to a third party by any data processor will be seriously frowned at
The church will take steps to ensure that personal data is kept secure at all times against unauthorized or unlawful loss or disclosure. The following measures will be taken:
We maintain accurate, complete, and relevant personal information as reasonable possible and only for the purposes identified in this notice. We retrieve your personal data from emails you shared with us, membership registration form and visitors’ forms. Please note that we have shared responsibility with regard to the accuracy of your personal information. If the collected personal data is incorrect or outdated, please contact us immediately.
We monitor compliance with our privacy policies and procedures and have procedures to address privacy related complaints and disputes.
If you believe that your personal information is not handled in accordance with the applicable law or our privacy policies, you may submit a complaint to The Church Data Protection Leader who will investigate the complaint.
Contact Details
To exercise all relevant rights, queries of complaints please in the first instance contact the Church Office at 163 Ilderton road SE16 3LA.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
CCTV is used for maintaining the security of property and premises and for preventing and investigating crime, it may also be used to monitor staff whencarrying out work duties. For these reasons the information processed may include visual images, personal appearance and behaviours. This information may be about staff, customers and clients, offenders and suspected offenders, members of the
public and those inside, entering or in the immediate vicinity of the area under surveillance. Where necessary or required this information is shared with the datasubjects themselves, employees and agents, services providers, police forces, security organisations and persons making an enquiry.
We most times stream our services online via our website, YouTube and Facebook which is in line with our obligation of reaching out to the whole world for the propagation of the Gospel. Anyone attending any of our services might appear in any of the videos westream online or some of the congregation pictures we display on our website or social media accounts on Facebook and Instagram.
Definitions of Terms
Privacy: The rights and obligations of individuals and the church with respect to the collection, use, retention, disclosure, and disposal of personal information.
Personal information: (sometimes referred to as personally identifiable information or PII) information that is about, or can be related to, an identifiable individual. It includes any information that can be linked to an individual or used to directly or indirectly identify an individual.
Individuals, for this purpose, include prospective, current, and former customers, employees, and others with whom the entity has a relationship. Most information collected by the church about an individual is likely to be considered personal information if it can be attributed to an identified individual. Some examples of personal information are as follows:
Sensitive information: Some personal information is considered sensitive. Some laws and regulations define the following to be sensitive personal information:
Non-personal information: information about or related to people that cannot be associated with specific individuals. This includes statistical or summarized personal information for which the identity of the individual is unknown or linkage to the individual has been removed. In such cases, the individual’s identity cannot be determined from the information that remains because the information is de-identified or anonymized. Non-personal information ordinarily is not subject to privacy protection because it cannot be linked to an individual.
Processing
Is obtaining, using, holding, amending, disclosing, destroying and deleting personal data. This includes some paper based personal data as well as that kept on computer. The church will seek to abide by this code in relation to all the personal data it processes, i.e.
Data Controller
Is responsible for understanding and communicating obligations under the Act, identifying potential problem areas or risks, producing clear and effective procedures, notifying and annually renewing notification to the Information Commissioner and notifying of any relevant interim changes
Explicit consent:
Is the freely given, specific and informed agreement by a relocating individual in the processing of personal information about her/him. Explicit consent is needed for processing sensitive data of our customers.