Data Protection Policy
City Life Church Exeter - September 2019
City Life Church Exeter (Hereafter CLC Exeter) is fully committed to protecting the privacy and respecting the choices of those who supply us with personal information and will use the information in compliance with The Data Protection Act 1998.
This policy applies to all staff employed by CLC Exeter, volunteers and all members of the church as well as any third parties that supply us with personal information.
The Data Protection Act 1998 requires the protection of personal data. CLC Exeter is not registered with the Data Protection Commission as it is not required.
3. Registration and Compliance
CLC Exeter is committed to complying with the eight principles of good practice as set out in the Data Protection Act 1998 that data must be:
fairly and lawfully processed
processed for limited purposes
adequate, relevant and not excessive
accurate - not kept longer than necessary
processed in accordance with the data subject's rights
secure and not transferred to countries without adequate protection
4. Use of Personal Information
The Privacy Act 1988 defines personal information as "information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable." For the purposes of CLC Exeter this includes postal addresses, email addresses and telephone numbers.
CLC Exeter use personal information for two main purposes:
The day-to-day administration of the church; e.g. pastoral care and oversight including calls, emails and visits, preparation of ministry rotas, maintaining financial records of giving for audit and tax purposes.
Contacting members in order to keep them informed of church activities and events.
5. Confidentiality and Disclosure
Data will not normally be disclosed to any third party unless the following conditions apply:
Under the requirements of The Police and Criminal Evidence Act 1984 where police may obtain access to material in relation to the detection of crime.
Where the material is counselling and advice records, and falls within sections 11 and 12, a warrant must be applied for under section 9 of the Act.
Under the requirements of The Children Act 1989, section 47, where social services require assistance in carrying out an investigation and role of CLC Exeter falls within the definition of an authorised person under the terms of the Act.
CLC Exeter decides that it is in the interests of the person that data is disclosed to social services or the police (in accordance with the Safeguarding Procedures). In this instance the permission of the person will be sought prior to any disclosure but this may be overridden if CLC Exeter believe that the person's health and safety, or the health and safety of another person is at risk.
6.1 Access to personal information is password protected and is accessed only by those who have secure and authorised access to this information: (Mark Plane - accountant, Chris Walker - Church Leader, Esther Thomas - volunteer admin support).
6.2 All individuals who are the subject of personal data held by CLC Exeter may:
Request to see data held by CLC Exeter concerning themselves
Ask how to gain access to it
Be informed how to keep it up to date
Be informed what CLC Exeter is doing to comply with its obligations under 1998 Data Protection Act
6.3 A request must be made in writing to the Data Protection Officer. Data will only be withheld if the Data Protection Officer believes it might cause harm to the physical or mental health of the persons or other persons, or if it forms part of a court report.
6.4 Any person, including CLC Exeter employees and volunteers may request to see data held by City Life Church concerning themselves. A request must be made in writing to the Data Protection Officer.
7.1 An Data Protections Officer will be appointed within the organisation to oversee this policy and review the effectiveness of its implementation.
7.2. The designated Data Protections Officer is the Church Leader, Chris Walker.
To check that our data protection policy is being followed, and to review any changes in legislation or good practice, we will review our policies and procedures every three years.