Information that members are made aware of
Group
There are several groups which operate separately from each other in the church (see final section below)
Members
Members are those who attend (see final section below)
Administrator
Each group has a nominated administrator (see final section below) who is the data processor who processes the personal data, that is, data by which a living human being can be identified.
How, why and what information is processed
- Email redirection: sends generic church emails to particular people (name, position, password, email)
- Safeguarding incidents are dealt with having accurate records (name, incident details)
- Members sent event information, particularly closures and special events (name, email, phone)
- Attendance data allows staff to plan future and care for those who have been absent for a while
- Care for children can require contact with parents (name, parent name, phone, email) and knowledge of special needs (name, special needs)
- Hire of Family Centre requires contact with the organiser (name, email, phone, booking details)
- Care for the elderly via giving lifts, visiting homes and hospital (name, date of birth, address, phone)
- Staff on Payroll are paid (name, national insurance number, bank details)
- People claiming Gift Aid (name, address)
- Group allocation is by age (Youth Group) and age and school (Holiday club)
- Mutual Care is given and received using opt-in contact list (name, Email, phone, address)
- DBS list is used to ensure supervisory staff have been checked (name, activity, date)
How is it obtained?
* Either Personal request (Church, Wider Church, Friday Friends),
* Or Booking form (Family Centre, Holiday Club),
* Or Part of appointment process (Paid Staff, All Staff, Web Server),
* Or At information desk on first visit (Youth Group, Messy Play, Community Choir)
How is it kept accurate?
Members are asked at the start of each academic year to check the information we have for them (except Safeguarding Incidents) Members can view, amend or remove their data at any time by request to the Administrator
Where is it stored?
Soft copy: The Group Administrator’s Laptop/PC, the Church Secretary’s laptop, and on their backup hard drives. No further soft copies of the data is made. Data is transferred from Administrator to Secretary using standard email. (All except Messy Play)
Hard copy: available to members’ contact List (Church, Friday Friends), Information desk Register (Holiday Club, Youth Group, Messy Play, Community Choir), Card index (Youth Group).
Legal Basis for processing
Either: the individual has given clear, recorded opt-in consent for the church to process their personal data for a clearly stated specific purpose from which is easy for people to withdraw, which is not a precondition of a service. (Pastoral Care)
- Or the processing is necessary for a documented contract the church has with the individual, or because they have asked the church to take specific steps before entering into a contract. (Family Centre, Paid Staff)
- Or the processing is necessary for a specific legitimate interest, in a way that the church uses people’s data in ways they would reasonably expect, and in a way that does not cause unjustified harm to the individual’s interests, rights and freedoms. (All others)
Photographs
All official church photos used for publicity on our website, magazine, summary sheet and notice boards must have the verbal or written consent of those who can be identified in the photo, or, in case of children and vulnerable adults, the consent of an appropriate adult. No names or personal details are published except those choosing to be in the biannual Sunday morning group photo, and the church leadership team. Photos are not more widely distributed - in particular they are not put on Social Media. All personally taken photos at Church run activities must abide with this policy, and this policy is explained whenever official church photos are taken. Photographs are stored on the church website at ch-bc.org.uk (once uploaded are removed from device) and on the administrator’s computer.
Information made available to members
How is protected?
Hard and soft copies are not left unattended unless inside a locked building.
Soft copies are in devices which are password protected.
In the event of a data breach all members would be alerted by email.
Who processes it?
The Group Administrator or, less frequently, the Church Administrator
Reason for legal basis
The processing of data clearly falls in this legal category
Length of time
Group members’ data (except name and attendance) is removed after two whole academic years of non attendance, or at the request of a member. (all except Safeguarding incidents which are not removed)
Passing on to Third parties
No Personal Information held by/for Cherry Hinton Baptist Church is accessed by any other organisation or shared with another organisation, other than, if necessary, to the police (Youth Group)
Notes
The above ensures that our use of data is transparent, fair and lawful; That personal data is only obtained for “specified, explicit and legitimate purposes”; that data is “adequate, relevant, necessary, accurate and kept no longer than necessary, with appropriate security, giving the data subjects right of access, rectification, erasure, being informed
As an organisation with a religious aim we could store information about religious beliefs, but currently do not. We recognize the special status of ethnic, political, trade union membership, physical and medical health, sexual, and offence related personal data
Data Controller
The Church Trustees collectively determine the purposes and means of processing personal data
Groups: Personal information processed by Cherry Hinton Baptist Church
For each group we give: Name of Group, Name of Administrator, Definition of Group Membership, Details of information processed
Group: Church
Administrator : Nic Boyns
Members of group attend Gathered worship Sundays 10:30am-noon.
- Mutual Care (name, Email, phone, address)
- Event information (name, email)
Group: Wider church
Administrator : Nic Boyns
Members of group attend annual inter-church events.
- Event information (Name, email, phone, address),
- Attendance (name, event, year)
Group: Family Centre
Administrator : Nic Boyns
Members of group book to use the Family Centre.
- Family Centre (Name, Organisation name, email, phone)
Group: Paid Staff
Administrator : Tim Wylie
Members of group are paid by the church.
- Payroll (name, national insurance number, bank details)
Group: All Staff
Administrator : Nic Boyns
Members of group lead activities run by the church.
- Event information (Name, email, phone, address),
DBS check (name, Date)
Group: Holiday club
Administrator : Nic Boyns
Members of group attend summer holiday Monday-Friday 10am-12:30pm.
- Event information (parent, email)
- Group allocation (name, age, school)
- Care for Children (Parent name, phone, address, special needs)
Group: Youth Group
Administrator : Jo Shields
Members of group attend during Term time Fridays 6:30-9pm.
- Event information (parent, email)
- Group allocation (child name, age)
- Child care (Parent name, phone, address)
Group: Friday Friends
Administrator : Jo Boyns
Members of group attend weekly Friday s 1:30-3:30pm
- Care of the elderly (name, date of birth, address, phone)
Group: Messy Play
Administrator : Alison Hallam
Members of group attend Term time Tues 10-11:30am
- Event in formation (name, child name, email)
- Attendance (name, date)
Group: Community Choir
Administrator : Nic Boyns
Members of group attend Term time Mondays 8-9:30pm
- Event Information (Name, email )
- Attendance (name, date)
Group: Web server
Administrator : Ruth Ivimey-Cook
Members of group receive ex-officio emails
- Email redirection (name, position, password, email)
Group: Safeguarding incidents
Administrator : Casey Png
Members of group are involved in safeguarding incidents
- Safeguarding incidents (name, incident details)
Group: Safeguarding incidents
Administrator : Nic Boyns
Members of group are those who claim Gift Aid on their donations to church
- Gift Aid (name, address)