PRIVACY POLICY – FIND THE FULL VERSION HERE

1.             Policy statement

1.1       Gateway Church (Kendal) is committed to protecting personal data and respecting the rights of our data subjects; the people whose personal datawe collect and use. We value the personal information entrusted to us and we respect that trust, by complying with all relevant laws, and adopting good practice.

We process personal data to help us:

a)         maintain our list of church members [and regular attenders];

b)         provide pastoral support for members and others connected with our church;

c)         provide services to the community including [Toddler Group, Foodbank];

d)         safeguard children, young people and adults at risk;

e)         recruit, support and manage staff and volunteers;

f)          [undertake research];

g)         maintain our accounts and records;

h)         promote our [goods and] services;

i)           [maintain the security of property and premises;]

j)           respond effectively to enquirers and handle any complaints [and];

k)         we share your personal data only with those that require it in order to achieve the above (e.g. with Mailchimp for sending out communications, Stewardship for the processing of Gift Aid, and Thirty-one Eight who process our DBS checks and provide safeguarding support.)

1.2          This policy has been approved by the church’s Charity Trustees who are responsible for ensuring that we comply with all our legal obligations. It sets out the legal rules that apply whenever we obtain, store or use personal data.

2.             Why this policy is important

2.1          We are committed to protecting personal data from being misused, getting into the wrong hands as a result of poor security or being shared carelessly, or being inaccurate, as we are aware that people can be upset or harmed if any of these things happen.

2.2          This policy sets out the measures we are committed to taking as an organisation and, what each of us will do to ensure we comply with the relevant legislation.

2.3          In particular, we will make sure that all personal data is:

a)     processed lawfully, fairly and in a transparent manner;

b)    processed for specified, explicit and legitimate purposes and not in a manner that is incompatible with those purposes;

c)    adequate, relevant and limited to what is necessary for the purposes for which it is being processed;

d)    accurate and, where necessary, up to date;

e)    not kept longer than necessary for the purposes for which it is being processed;

f)     processed in a secure manner, by using appropriate technical and organisational means;

g)    processed in keeping with the rights of data subjects regarding their personal data.

3.             How this policy applies to you & what you need to know

3.1          As an employee, trustee or volunteer processing personal information on behalf of the church, you are required to comply with this policy. If you think that you’ve accidentally breached the policy, it is important that you contact our Data Protection Officer [Jonny Gios] immediately so that we can take swift action to try and limit the impact of the breach.

Anyone who breaches the Data Protection Policy may be subject to disciplinary action, and where that individual has breached the policy intentionally, recklessly, or for personal benefit they may also be liable to prosecution or to regulatory action.

3.2          [As a leader/manager: You are required to make sure that any procedures that involve personal data, that you are responsible for in your area, follow the rules set out in this Data Protection Policy.]

3.3          As a data subject of Gateway Church (Kendal): We will handle your personal information in line with this policy.

3.4          As an appointed data processor/contractor: Companies who are appointed by us as a data processor are required to comply with this policy under the contract with us. Any breach of the policy will be taken seriously and could lead to us taking contract enforcement action against the company, or terminating the contract. Data processors have direct obligations under the GDPR, primarily to only process data on instructions from the controller (us) and to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk involved.

3.5          Our Data Protection Officer [Jonny Gios]is responsible for advising Gateway Church (Kendal)and its staff and members about their legal obligations under data protection law, monitoring compliance with data protection law, dealing with data security breaches and with the development of this policy. Any questions about this policy or any concerns that the policy has not been followed should be referred to themat hello@gatewaychurchkendal.org

3.6          Before you collect or handle any personal data as part of your work (paid or otherwise) for Gateway Church (Kendal), it is important that you take the time to read this policy carefully and understand what is required of you, as well as the organisation’s responsibilities when we process data.

3.7          Our procedures will be in line with the requirements of this policy, but if you are unsure about whether anything you plan to do, or are currently doing, might breach this policy you must first speak to the Data Protection Officer [Jonny Gios]

4.             Training and guidance

4.1          We will provide general training at least annually for all staff to raise awareness of their obligations and our responsibilities, as well as to outline the law. 

4.2          We may also issue procedures, guidance or instructions from time to time.  [Managers/leaders must set aside time for their team to look together at the implications for their work.]