Data Protection

DATA PROTECTION POLICY AND PRIVACY NOTICE 

Ashford Christian Fellowship  (ACF)

1. Personal and sensitive data – what is it?

Personal data is information that relates to a living individual who can be identified from that information.  Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into their possession.  

Sensitive data relates to racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life, or details of criminal offences

From 25th May, 2018, the processing of personal data is governed by the General Data Protection Regulation (“GDPR”).  

2. Who are we?

We are Ashford Christian Fellowship (ACF) (see contact details below), a church and incorporated charity. ACF is the data controller for any information supplied to it by its members or members of the public.  This means it decides how personal data is processed and for what purposes.

3. How do we process personal data, and what types of data to we hold?

ACF complies with its obligations under the “GDPR” as follows:

  • keeping personal data up to date;
  • storing and destroying it securely;
  • not collecting or retaining more data than is required for its purpose;
  • protecting personal data from loss, misuse, unauthorised access or disclosure;
  • ensuring that appropriate technical measures and practices are in place to protect personal data

    We use personal data for the following purposes: -

  • To enable us to provide voluntary including ministry and pastoral services for the benefit of the public in the Ashford area, and also in various mission areas that we may visit from time to time;
  • To enable us to carry out church business or trade, including the provision of space for hire or rent to members of the public who are our clients, and any business activity that we may engage in
  • To administer membership records;
  • To fundraise and promote the interests, services and activities of the church;
  • To manage our employees and volunteers;
  • To maintain our own accounts and records (including the processing of gift aid applications);
  • To inform members and public of news, events, activities and services running at ACF;

    ACF holds the following categories of personal data:

    General Data: Regular use, general information such as contact details, attendance, and participation in courses, events and missions.

  • Contacts lists
  • Registers
  • Rotas
  • Diaries

    Financial Data: Financial information relating to donations, tithing, Gift Aid and related matters. Regular tithing

  • One-off and regular tithes and gifts
  • Donations
  • Transactions linked specifically to Gift Aid
  • Maintaining records of money given for specific purposes, such as outreach or building projects
  • Salaries to paid employees
  • Invoices sent to third parties and members of the public for hiring facilities
  • Invoices received and payments made for items and services purchased from individuals
  • Long-term (aggregated) financial trends data

    Employee Data: Employee records which relate to all paid staff.

  • Salaries
  • Tax, National Insurance and pension contribution information
  • Health records
  • Expenses
  • Qualifications, training, experience and previous employment

    Sensitive Data: Highly sensitive personal information, such as that obtained through counselling and prayer ministries or which relate to areas such as Child Protection and Safeguarding

  • Prayer counselling
  • Social intervention or monitoring
  • Details of children and individuals ‘at risk’
  • Other counselling
  • Healing
  • Court and legal intervention

    Third Party Data: Data held on behalf of other organisations.

  • Where the Freedom of Information Act applies (where linked to the activities of public bodies)
  • Charities linked to the church
  • Internal franchises or businesses owned or operated by the church

    Miscellaneous Data: Data which does not fall into any of the above categories.

  • Relevant qualifications – eg: Health & safety /Use of fire equipment / DBS checked / Qualified to drive minibus

4. What is the legal basis for processing personal data?

ACF processes personal data in the following circumstances :

  • Where it has explicit consent of the data subject so that we can keep them informed about news, events, activities and services and process gift aid donations
  • Where processing is necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement;
  • Where processing can be classified as being carried out by a not-for-profit body with a political, philosophical, religious or trade union aim provided: -
    • the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes); and
    • there is no disclosure of personal data to a third party without consent.

      5. Sharing personal data

      Personal data held by ACF will be treated as strictly confidential and will only be shared with other members or employees of the church where this is necessary in order to carry out a service to other church members or for purposes connected with the church administration or legal obligations.    Personal data will not be shared with third parties without explicit consent of the data subject.

      6. How long do we keep personal data ?

      Specifically, we retain members’ and church attendees’ personal data for as long as it remains current;  accounting and financial data for 6 years or the duration of a financial or trading relationship (whichever is longer);  gift aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate; and any formal or statutory registers (baptisms, marriages, funerals) permanently.

      Where we have captured personal data from members of the public that we have contacted during the course of outreach or mission activity, or who have visited the church or participated in any of our events, but who do not become regular attendees, contacts or members, this data will be retained for 1 year.

      7. Individuals’ rights relating to personal data 

      Unless subject to an exemption under the GDPR, ACF complies with the following rights of individuals (data subjects) with respect to their personal data: -

  • The right to request a copy of any personal data which ACF holds about that individual;
  • The right to request that ACF corrects any personal data if it is found to be inaccurate or out of date; 
  • The right to request that personal data is erased where it is no longer necessary for ACF  to retain such data;
  • The right to withdraw consent to the processing of personal data at any time
  • The right to request that ACF provide the data subject with his/her personal data and, where possible, to transmit that data directly to another data controller.   This is known as the right to data portability, but this only applies where personal data is processed by automated means.
  • The right, where there is a dispute in relation to the accuracy or processing of personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data.   This applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics.
  • The right to lodge a complaint with the Information Commissioners Office.

8. Further processing

If we wish to use personal data for a new purpose, not covered by this Data Protection Policy and Privacy Notice, then we will provide the data subject with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.    Where and whenever necessary, we will seek prior consent to the new processing.

9. Contact Details

To exercise all relevant rights, queries or complaints please in the first instance contact:

The General Manager

Ashford Christian Fellowship

Bank Street

Ashford

Kent TN23 1BA

Email: Office@acfchurch.org.uk

Telephone:  +44(0)1233 334007

The Information Commissioners Office can be contacted on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.