Thornbury Baptist Church stores contact details and other information about people who are connected with the church. This helps us to communicate well with you about church activities that you are involved with and new events that are coming up. It also helps the staff team with their oversight of what is happening in the church and who is involved. We may also record attendance information, for instance in children’s groups, to help us manage these groups effectively and for child protection requirements.
We use a computer system and in some cases a hard copy paper system to keep all this data safe and to help us comply with data protection and safe guarding regulations. If you opt in to allowing your data to be shared with other church members then they will have access to read parts of your contact details at your discretion.
The information that we keep usually consists of your name, adult/child, gender and family connections. If you have provided them to us then we will also keep your address, telephone, email addresses, mobile number, occupation, website, company, allergies and date-of-birth. If the church is involved in your pastoral care, then information relating to this may be stored. We will also store information regarding membership of groups or committees within the church, such as being an attendee of a congregation or small group. We may also process and store information on any invitations we have sent to you for activities or events, your attendance at any activities or events, details of any church-related subscriptions and all information we may have requested for the purposes of DBS checks. It will also be necessary to store information about ministries you are involved with and the dates and times of any duties associated with those ministries.
We may “profile” the information we collect about you and use automatic processing particularly for the purposes of choosing how relevant a church activity is to you based on group membership, age, gender or address.
If you are involved with a ministry at the church we may email or text you about this ministry, for instance with rota updates or information about what’s coming up. If you opt-in to receiving emails about new ministries, events or products then we can keep you advised of those things that may interest you.
The data protection champion for the church is Simon Lewis and can be reached at . Requests regarding data protection should be sent here.
The General Data Protection Regulations (GDPR) provide several acceptable reasons for processing your information. If you are a regular attendee at the church, a member or a recent new contact then we use the “Legitimate Interest” reason because keeping your contact details is important to running the church. If you are not a regular attendee or member then we use the “Consent” reason which requires us to get your opt-in consent allowing us to process your data. If you are a church attendee who has left the church, we may keep your name on record, for historical or statistical purposes for a limited period of 3 years. We may keep more details and for longer periods if you have been involved in ministries that have legal record-keeping obligations such as child-protection, employment or accident reporting.
You have various rights under the General Data Protection Regulations:
- You have the right to erasure – the right to request that we delete some or all of your details. This right only applies where we have no legitimate interest or legal requirement (e.g. child protection) to keep them. For example, if you gave us your mobile number but now want us to delete it, since it’s not a requirement for running the church, but just a convenience, then we are obliged to do so.
If you are not currently involved with the church and have not been involved in any ministries that would legally require us to keep records then we require opt-in consent from you to keep your data. You have the right to withdraw this consent at any time.
Legitimate Interest is also overridden by your interests, rights or freedoms. For example, if we want to keep your address to help us provide pastoral care, but you argue that you want your address to be totally secret because you would be at risk of harm if it became known, then that risk would override our convenience and we would be obliged to delete it.
- You have the right to rectification – if we hold incorrect details about you then you can require us to correct them.
- You have the right to be informed about how we use your contact information.
- You have the right of access – we must provide you with details of information we hold about you on request. However, if your request is manifestly unfounded or excessive then we can charge a reasonable fee for responding or we can refuse to respond.
- You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you think we have been mishandling your data.
- You have the right to restrict further processing of your data for example if you have lodged a formal complaint and are awaiting the outcome.
- You have a right of portability – the right to request that all of your information be sent to another church or organisation.
The full detail of your rights can be found on the ICO’s website (ico.org.uk).