Privacy Policy

Christ Apostolic Church Surrey Docks London (also referred to as; “we”, “us” or “our”) needs to keep certain information on its members and employee to carry out its day to day operations which is mostly missionary and charitable purposes, to meet its objectives and to comply with legal obligations. The church is committed to ensuring any personal data will be dealt with in line with The General Data Protection Regulation (GDPR). To comply with the law, personal information will be collected and used fairly, stored safely and not disclosed to any other person unlawfully. The aim of this policy is to ensure that everyone handling personal data is fully aware of the requirements and acts in accordance with data protection procedures. This document also highlights key data protection procedures within the church.

The Data (Privacy) Protection procedure addresses the following principles;

1. Management:

We, the Christ Apostolic Church Surrey Docks London, will through appropriate management and strict application of criteria and controls:

Observe fully conditions regarding the collection and use of information.
Meet our legal obligations to specify the purposes for which information is used.
Collect and process appropriate information, and only to the extent that it is needed to fulfil our operational needs or to comply with any legal requirements.

Ensure that everyone managing and handling personal information is trained to do so.
Anyone wanting to make enquiries about handling personal information, whether a member of staff, volunteer or service user, knows what to do;
Any disclosure of personal data will be in line with our procedures.
Queries about handling personal information will be dealt with swiftly and politely.

To meet our responsibilities, we will:  

Ensure any personal data is collected in a fair and lawful way;  
Explain why it is needed at the start;  
Ensure that only the minimum amount of information needed is collected and used;  
Ensure the information used is up to date and accurate;  
Review the length of time information is held;  
Ensure it is kept safely;  
Ensure the rights people have in relation to their personal data can be exercised

Training and awareness about the Data Protection Act and how it is followed in this church will be in the form of a General training/ Awareness raising once a year.

2. Notice:

Christ Apostolic Church Surrey Docks London provides notice about the policies and procedures in all contract agreements, membership forms and visitor forms; the policies and procedures  are  also available on the website, on the purpose for data collection, Christ Apostolic Church Surrey Docks London may collect the following personal details:

personal details
family, lifestyle and social circumstances
education details
employment details

We also process sensitive classes of information that may include:

physical or mental health details
religious or other beliefs of a similar nature
offences including alleged offences.

Personal information is kept in the following forms:  

Hard copies in the church office in well secured location;  
Soft Copies on the Church Database
Copies on church computers

How do we process your personal data?

We comply with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We use your personal data for the following purposes: –

To enable us to provide a voluntary service for the benefit of the public in a particular geographical area as specified in our constitution;

To administer membership records;

To fundraise and promote the interests of the church;

To manage our employees and volunteers;

To maintain our own accounts and records (including the processing of gift aid applications);

To inform you of news, events, activities and services running at the church locally, at District level and national level;

To provide pastoral care and services

3. Legal basis for processing your personal data

A. Explicit consent:

By becoming a member of Christ Apostolic Church Surrey Docks London, you give your explicit consent with respect to the obtaining, using, holding, amending, disclosing, destroying and deleting of data as described in this notice. Explicit consent here means you were clearly presented with an option to agree or disagree with the collection, use, or disclosure of personal information.

B. Legitimate Interest: As a church, we have a legitimate interest of keeping the records of our members. These records will only be used for reasons stated in this privacy policy

4. Collection:

We shall obtain and process personal data fairly and in accordance with statutory and other legal obligations. We collect personal information for the sole purposes of keeping in touch with our members, provide both missionary and pastoral services, legal obligation to government eg. disclosing details of Gift Aids donors

5. Use, retention, and disposal:

In line with GDPR principles, Christ Apostolic Church Surrey Docks London will ensure that personal data will:  

Be obtained fairly and lawfully and shall not be processed unless certain conditions are met  
Be obtained for a specific and lawful purpose  
Be adequate, relevant but not excessive  
Be accurate and kept up to date  
Not be held longer than necessary  
Be processed in accordance with the rights of data subjects  
Be subject to appropriate security measures  

6. Access:

Your rights and your personal data:  

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: –

The right to request a copy of your personal data which CAC Surrey Docks holds about you;

The right to request that CAC Surrey Docks corrects any personal data if it is found to be inaccurate or out of date;  

The right to request your personal data is erased where it is no longer necessary for CAC Surrey Docks to retain such data;

The right to withdraw your consent to the processing at any time

The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable) [Only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means].

The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;

The right to object to the processing of personal data, (where applicable) [Only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics]

The right to lodge a complaint with the Information Commissioners Office.

Anyone whose personal information we process has the right to know what information we hold and process on them, how to gain access to this information, how to keep it up to date and what we are doing to comply with GDPR. They also have the right to prevent processing of their personal data in some circumstances and the right to correct, rectify, block or erase information regarded as wrong.

Individuals have a right under GDPR to access certain personal data being kept about them on computer and certain files. Any person wishing to exercise this right should apply in writing to the

Church office at following details:

Christ Apostolic Church Surrey Docks

Attn:  Data Protection Lead

163 Ilderton Road, South Bermondsey  

London SE16 3LA

We may also require proof of identity before access is granted. Groups of people within the church who will process personal information are: Church Administrator, Church Secretary, Presidents and Secretaries of bands and groups, multimedia group and Pastors. Queries about handling personal information will be dealt with swiftly and politely.

7. Disclosure to third parties:

The church will take steps to ensure that personal data is kept secure at all times against unauthorized or unlawful loss or disclosure. Any disclosure of personal data will be in line with our procedures. Any unauthorized disclosure of personal data to a third party by any data processor will be seriously frowned at

8. Security for privacy:

The church will take steps to ensure that personal data is kept secure at all times against unauthorized or unlawful loss or disclosure. The following measures will be taken:

Using lockable cupboards (restricted access to keys)
Camera detection;
Computer will be passworded and files as well

9. Quality:

We maintain accurate, complete, and relevant personal information as reasonable possible and only for the purposes identified in this notice. We retrieve your personal data from emails you shared with us, membership registration form and visitors’ forms. Please note that we have shared responsibility with regard to the accuracy of your personal information. If the collected personal data is incorrect or outdated, please contact us immediately.

10. Monitoring and enforcement:

We monitor compliance with our privacy policies and procedures and have procedures to address privacy related complaints and disputes.

If you believe that your personal information is not handled in accordance with the applicable law or our privacy policies, you may submit a complaint to The Church Data Protection Leader who will investigate the complaint.

Contact Details

To exercise all relevant rights, queries of complaints please in the first instance contact the Church Office at 163 Ilderton road SE16 3LA.

You can contact the Information Commissioners Office on 0303 123 1113 or via email or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

11. CCTV for crime prevention

CCTV is used for maintaining the security of property and premises and for preventing and investigating crime, it may also be used to monitor staff whencarrying out work duties. For these reasons the information processed may include visual images, personal appearance and behaviours. This information may be about staff, customers and clients, offenders and suspected offenders, members of the

public and those inside, entering or in the immediate vicinity of the area under surveillance. Where necessary or required this information is shared with the datasubjects themselves, employees and agents, services providers, police forces, security organisations and persons making an enquiry.

12. Online media streaming and social media

We most times stream our services online via our website, YouTube and Facebook which is in line with our obligation of reaching out to the whole world for the propagation of the Gospel. Anyone attending any of our services might appear in any of the videos westream online or some of the congregation pictures we display on our website or social media accounts on Facebook and Instagram.

Definitions of Terms

Privacy: The rights and obligations of individuals and the church with respect to the collection, use, retention, disclosure, and disposal of personal information.

Personal information: (sometimes referred to as personally identifiable information or PII) information that is about, or can be related to, an identifiable individual. It includes any information that can be linked to an individual or used to directly or indirectly identify an individual.

Individuals, for this purpose, include prospective, current, and former customers, employees, and others with whom the entity has a relationship. Most information collected by the church about an individual is likely to be considered personal information if it can be attributed to an identified individual. Some examples of personal information are as follows:

Home or e-mail address
Date of Birth
Identification number (for example, a Social Security or Social Insurance Number)
Physical characteristics
Consumer purchase history

Sensitive information: Some personal information is considered sensitive. Some laws and regulations define the following to be sensitive personal information:

Information on medical or health conditions
Financial information
Racial or ethnic origin
Political opinions
Religious or philosophical beliefs
Trade union membership
Sexual preferences
Information related to offenses or criminal convictions

Non-personal information: information about or related to people that cannot be associated with specific individuals. This includes statistical or summarized personal information for which the identity of the individual is unknown or linkage to the individual has been removed. In such cases, the individual’s identity cannot be determined from the information that remains because the information is de-identified or anonymized. Non-personal information ordinarily is not subject to privacy protection because it cannot be linked to an individual.


Is obtaining, using, holding, amending, disclosing, destroying and deleting personal data. This includes some paper based personal data as well as that kept on computer. The church will seek to abide by this code in relation to all the personal data it processes, i.e.

Data Controller

Is responsible for understanding and communicating obligations under the Act, identifying potential problem areas or risks, producing clear and effective procedures, notifying and annually renewing notification to the Information Commissioner and notifying of any relevant interim changes

Explicit consent:

Is the freely given, specific and informed agreement by a relocating individual in the processing of personal information about her/him. Explicit consent is needed for processing sensitive data of our customers.