Data Protection Policy
Hutton Free Church uses personal data of living individuals for the purpose of general church administration and communication.
Hutton Free Church recognises the importance of the correct and lawful treatment of personal data. All personal data, whether it is held on paper, on computer or other media, will be subject to the appropriate legal safeguards as specified in the General Data Protection Regulations 2017 (GDPR).
The Church fully endorses and adheres to the eight principles of the GDPR. These principles specify the legal conditions that must be satisfied in relation to obtaining, handling, processing, transportation and storage of personal data. Employees, volunteers and any others who obtain, handle, process, transport and store personal data for the Church must adhere to these principles.
The principles require that personal data shall:
Be processed fairly and lawfully and shall not be processed unless certain conditions are met.
Be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with that purpose.
Be adequate, relevant and not excessive for those purposes.
Be accurate and where necessary, kept up to date.
Not be kept for longer than is necessary for that purpose.
Be processed in accordance with the data subject’s right.
Be kept secure from unauthorised or unlawful processing and protected against accidental loss, destruction or damage by using the appropriate technical and organisational measures.
Not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
How we collect information about you
The Church collects personal information at certain times when you are in contact with us. For example, when you:
Contact us through our website:
Register your details and your family details at any of our services or meetings
Complete a gift aid form for any donations made
Provide donations by cheque or bank transfer
Provide your contact details in writing or orally to the Church staff or volunteers
Communicate with the church by means such as email, letter, text, telephone
Face to face meetings with staff and volunteers
Access social media platforms such as Facebook, YouTube, WhatsApp
The Church will treat all your personal information as private and confidential and not disclose any data about you to anyone other than;
the leadership and ministry overseers/co-ordinators of the church, in order to facilitate the administration and day to day ministry of the church
third party suppliers who provide services to us.
All Church staff and volunteers who have access to Personal Data will be required to agree and sign a Confidentiality Policy and a Data Protection Policy.
There are four exceptional circumstances where data may be required to be shared to the above which is permitted by law:
Where we are legally compelled to do so.
Where there is a duty to the public to disclose.
Where disclosure is required to protect your interest.
Where disclosure is made at your request or with your consent.
Use of Personal Information
The Church will use your data for the following purposes:
The day to day administration of the church; e.g. pastoral care and oversight including calls and visits, preparation of ministry rotas, maintaining financial records of giving for audit and tax purposes.
Contacting you by phone/text or email to keep you informed of church activities and events
To register you for events or activities
For promotion of services that we believe may be of interest to you
Who Sees Your Information
The information that you provide to us will be held on computers and electronic devices in the UK. Information may be accessed by the Church Leadership Team and Volunteers who have secure and authorized access. However, we may disclose your personal information to third party suppliers who provide services to us or where we are required to.
Example Gift aid donations for the Church are administrated by the Church Treasurer. The name and address of any new donor is required for HM Revenue and Customs purposes. However, once the gift aid donor is established for security reasons donor’s addresses are not utilised and donors are only referenced in gift aid submissions by the use of a unique donor ID number and name.
Sensitive Personal Information. The Church may collect and store sensitive personal information such as health information, religious information (church attendance) when you and/or your family attend or register for church events. Your personal information will be kept strictly confidential. It is never sold, given away, or otherwise shared with anyone, unless required by law.
Keeping Details Up to Date
Please tell us as soon as any of your contact details change so that we can keep our records up to date. You can change the way we contact you or unsubscribe from receiving emails or texts by letting us know either by email or text to remove you from our lists.
Access to Your Information
You can request access to the personal information that the Church holds about you by contacting the Church’s Privacy Officer, using the standard letter which is available online from www.ico.gov.uk
If you wish to change personal information that is out of date or inaccurate, please contact us. The Church will take reasonable steps to correct any of your information which is inaccurate, incomplete or out of date.
The Church aims to comply with requests for access to personal information as quickly as possible and will ensure that it is provided within 30 days of receipt of a request, unless there is good reason for delay. In such cases, the reason for delay will be explained in writing to the individual making the request.
The Church will take reasonable steps to keep secure any personal information, which we hold and to keep this information accurate and up to date. Personal information, held electronically, is stored in secure files.
The internet is not a secure method of transmitting information. Accordingly, the Church cannot accept responsibility for the security of information you send to or receive from us over the internet, or for any unauthorised access or use of that information. We take security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. Your information will be held for a reasonable period or as long as the law requires or permits.
Any documents or files made available to download from our website are provided at users own risk.
Changes to Policy
Data Protection Officer: Helen Martin
Address: c/o Hutton Free Church, The Christian Centre, 165 Hanging Hill Lane, Hutton, Essex. CM13 2QH