Holiday Bible Club - Booking + Privacy

Holiday Club Privacy Policy

Members

Members are those who attend in the summer holiday Monday-Friday 10am-12:30pm.

Administrator

Nic Boyns is the data  processor who processes the personal data.

How, why and what information is processed

  • Members sent event information, particularly closures and special events (name, email, phone)
  • Attendance data allows staff to plan future clubs
  • Care for children can require contact with parents (name, parent name, phone, email) and knowledge of special needs (name, special needs)
  • Group allocation is by age and school  (name, age, school)

How is it obtained?

On-line and paper bookings forms.

How is it kept accurate?

Members can view, amend or remove their data at any time by request to the Administrator.

Where is it stored?

Soft copy: The Administrator’s Laptop, the Church Secretary’s laptop, and on their backup hard drives.  No further soft copies of the data is made.

Hard copy: Registers

Legal Basis for processing

The processing is necessary for a specific legitimate interest, in a way that the church uses people’s data in ways they would reasonably expect, and in a way that does not cause unjustified harm to the individual’s interests, rights and freedoms.

How is protected?

Hard and soft copies are not left unattended unless inside a locked building. Soft copies are in devices which are password protected.

In the event of a data breach all members would be alerted by email.

Who processes it?

The Group Administrator or, less frequently, the Church Administrator.

Length of time

Group members’ data is removed when the child starts secondary school or at the request of a member.

Passing on to Third parties

No Personal Information held by/for Cherry Hinton Baptist Church is accessed by any other organisation or shared with another organisation.

Notes

The above ensures that our use of data is transparent, fair and lawful; That personal data is only obtained for “specified, explicit and legitimate purposes”; that data is “adequate, relevant, necessary, accurate  and kept no longer than necessary, with appropriate security, giving the data subjects right of access, rectification, erasure, being informed.

As an organisation with a religious aim we could store information about religious beliefs, but currently do not.  We recognize the special status of ethnic, political, trade union membership, physical and medical health, sexual, and offence related personal data.

Data Controller

The Church Trustees collectively determine the purposes and means of processing personal data.