Policy - Privacy

Information that members are made aware of

Group

There are several groups which operate separately from each other in the church (see table below)

Members

Members are those who attend (see table below)

Administrator

Each group has a nominated administrator (see table below) who is the data processor who processes the personal data, that is, data by which a living human being can be identified.

How, why and what information is processed

  • Email redirection: sends generic church emails to particular people (name, position, password, email)
  • Safeguarding incidents are dealt with having accurate records (name, incident details)
  • Members sent event information, particularly closures and special events (name, email, phone)
  • Attendance data allows staff to plan future and care for those who have been absent for a while
  • Care for children can require contact with parents (name, parent name, phone, email) and knowledge of special needs (name, special needs)
  • Hire of Family Centre requires contact with the organiser (name, email, phone, booking details)
  • Care for the elderly via giving lifts, visiting homes and hospital (name, date of birth, address, phone)
  • Staff on Payroll are paid (name, national insurance number, bank details)
  • Group allocation is by age (Youth Group) and age and school (Holiday club)
  • Mutual Care is given and received using opt-in contact list (name, Email, phone, address)
  • DBS list is used to ensure supervisory staff have been checked (name, activity, date)

How is it obtained?

* Either Personal request (Church, Wider Church, Friday Friends, Men’s breakfast),
* Or Booking form (Family Centre, Holiday Club),
* Or Part of appointment process (Paid Staff, All Staff, Web Server),
* Or At information desk on first visit (Youth Group, Messy Play, Community Choir)

How is it kept accurate?

Members are asked at the start of each academic year to check the information we have for them (except Safeguarding Incidents) Members can view, amend or remove their data at any time by request to the Administrator

Where is it stored?

Soft copy: The Group Administrator’s Laptop/PC, the Church Secretary’s laptop, and on their backup hard drives. No further soft copies of the data is made. Data is transferred from Administrator to Secretary using standard email. (All except Messy Play)
Hard copy: available to members’ contact List (Church, Friday Friends), Information desk Register (Holiday Club, Youth Group, Messy Play, Community Choir), Card index (Youth Group),.

Legal Basis for processing

Either: the individual has given clear, recorded opt-in consent for the church to process their personal data for a clearly stated specific purpose from which is easy for people to withdraw, which is not a precondition of a service. (Pastoral Care)

  • Or the processing is necessary for a documented contract the church has with the individual, or because they have asked the church to take specific steps before entering into a contract. (Family Centre, Paid Staff)
  • Or the processing is necessary for a specific legitimate interest, in a way that the church uses people’s data in ways they would reasonably expect, and in a way that does not cause unjustified harm to the individual’s interests, rights and freedoms. (All others)

Photographs

All official church photos used for publicity on our website, magazine, summary sheet and notice boards must have the verbal or written consent of those who can be identified in the photo, or, in case of children and vulnerable adults, the consent of an appropriate adult. No names or personal details are published except those choosing to be in the biannual Sunday morning group photo, and the church leadership team. Photos are not more widely distributed - in particular they are not put on Social Media. All personally taken photos at Church run activities must abide with this policy, and this policy is explained whenever official church photos are taken. Photographs are stored on the church website at ch-bc.org.uk (once uploaded are removed from device) and on the administrator’s computer.

Information made available to members

How is protected?

Hard and soft copies are not left unattended unless inside a locked building.
Soft copies are in devices which are password protected.

In the event of a data breach all members would be alerted by email.

Who processes it?

The Group Administrator or, less frequently, the Church Administrator

Reason for legal basis

The processing of data clearly falls in this legal category

Length of time

Group members’ data (except name and attendance) is removed after two whole academic years of non attendance, or at the request of a member. (all except Safeguarding incidents which are not removed)

Passing on to Third parties

No Personal Information held by/for Cherry Hinton Baptist Church is accessed by any other organisation or shared with another organisation, other than, if necessary, to the police (Youth Group)

Notes

The above ensures that our use of data is transparent, fair and lawful; That personal data is only obtained for “specified, explicit and legitimate purposes”; that data is “adequate, relevant, necessary, accurate and kept no longer than necessary, with appropriate security, giving the data subjects right of access, rectification, erasure, being informed

As an organisation with a religious aim we could store information about religious beliefs, but currently do not. We recognize the special status of ethnic, political, trade union membership, physical and medical health, sexual, and offence related personal data

Data Controller

The Church Trustees collectively determine the purposes and means of processing personal data

Personal information processed by Cherry Hinton Baptist Church

Group / Administrator / Members Those who ….

How, why and what information is processed

Group: Church

Administrator : Nic Boyns

Members of group attend Gathered worship Sundays 10:30am-noon.

  • Mutual Care (name, Email, phone, address)
  • Event information (name, email)

Group: Wider church

Administrator : Nic Boyns

Members of group attend annual inter-church events.

  • Event information (Name, email, phone, address),
  • Attendance (name, event, year)

Group: Family Centre

Administrator : Wendy Hart

Members of group book to use the Family Centre.

  • Family Centre (Name, Organisation name, email, phone)

Group: Paid Staff

Administrator : Tim Wylie

Members of group are paid by the church.

  • Payroll (name, national insurance number, bank details)

Group: All Staff

Administrator : Nic Boyns

Members of group lead activities run by the church.

  • Event information (Name, email, phone, address),

DBS check (name, Date)

Group: Holiday club

Administrator : Nic Boyns

Members of group attend summer holiday Monday-Friday 10am-12:30pm.

  • Event information (parent, email)
  • Group allocation (name, age, school)
  • Care for Children (Parent name, phone, address, special needs)

Group: Youth Group

Administrator : Jo Shields

Members of group attend during Term time Fridays 6:30-9pm.

  • Event information (parent, email)
  • Group allocation (child name, age)
  • Child care (Parent name, phone, address)

Group: Friday Friends

Administrator : Jo Boyns

Members of group attend weekly Friday s 1:30-3:30pm

  • Care of the elderly (name, date of birth, address, phone)

Group: Men’s breakfast

Administrator : Stuart Ross

Members of group attend Monthly Saturday 9-10:30am

  • Event Information (Name, email )

Group: Messy Bible

Administrator : Wendy Hart

Members of group attend Weekly Saturdays 10:30-Noon

  • Event information (name, child name, email)

Group: Messy Play

Administrator : Alison Hallam

Members of group attend Term time Tues 10-11:30am

  • Event in formation (name, child name, email)
  • Attendance (name, date)

Group: Community Choir

Administrator : Tim Wylie

Members of group attend Term time Mondays 8-9:30pm

  • Event Information (Name, email )
  • Attendance (name, date)

Group: Web server

Administrator : Ruth Ivimey-Cook

Members of group receive ex-officio emails

  • Email redirection (name, position, password, email)

Group: Safeguarding incidents

Administrator : Jo Boyns

Members of group are involved in safeguarding incidents

  • Safeguarding incidents (name, incident details)