Short Version of our policy
At Tower Hamlets Community Church we want to be transparent about how we use confidential information and to ensure that we follow the law and treat people’s data with respect. The summary of this policy is that we use data you give to help us run church, keep appropriate records and follow the law. We do all we can to ensure your data is kept securely and limit access to those who need it for church business. We do not sell your data but we ‘share’ it with services which we use for storing it (Dropbox, Churchsuite and Email). You are in control of your data and can tell us if you want us to delete it, change it, restrict what we do with it etc. If you have any questions please speak to a member of church staff and if you want the full details of how we use your data you can read the full version given below.
Detailed version of our policy
Tower Hamlets Community Church must be compliant with GDPR legislation. Data collected by church is only used for the purposes of administrating the church or church events and facilitating communication from our leadership, ministry leads and staff to our members. Further explanation of the ways we collect information, what we do with it and how you can access or delete it is available in more detail in our data collection overview document which is available upon request.
Our data protection controller is Simon Kempson and all matters related to data protection should be referred to him. Our processors are members of church leadership, heads of ministries who organise rotas, trustees and church staff. Most heads of ministries are volunteers.
The key GDPR principles
At the heart of the GDPR are seven key principles – that personal data shall be…
processed lawfully, fairly and in a transparent manner in relation to individuals;
collected for specified, explicit and legitimate purposes and not further processed in a manner that’s incompatible with those purposes; further processing for archiving purposes in the public interest or historical research or statistical purposes shall not be considered to be incompatible with the initial purposes;
adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that’s inaccurate, having regard to the purposes for which they are processed, is erased or rectified without delay;
kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, historical research or statistical purposes subject to implementation of the appropriate measures required by the GDPR in order to safeguard the rights and freedoms of individuals (more on this later);
processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (this also cover secure access to data).
the subject of accountability – i.e. the controller shall be responsible for, and be able to demonstrate, compliance with the principles (this is a brand new principle)
Under GDPR users have several rights which are listed below:
The right to be informed about how data is used
The right to access data stored about them
The right to rectify data that is inaccurate or incomplete
The right to have data pertaining to them erased
The right to restrict processing of data about them to only the ways they permit
The right to receive a full copy of data we hold about them
The right to object to processing for statistical, marketting, or legal reasons if their personal circumstances warrant it
Data Collection Processes
the process we use to collect personal information is details in our ‘Data Collection Overview Document’ which is available upon request. All the processes used by church staff and trustees listed in this document are further detailed separate procedures documents saved in Dropbox to ensure legal compliance and a systematic and thorough approach to data protection.
Information we store
The personally identifiable information here includes:
photos of individuals
dates of birth
details of children
attendance at events
roles in which an individual serves in church
This information is gathered with explicit consent from church members and is kept in the strictest confidence. Consent will be deemed to last for 5 years unless it is actively withdrawn. After 5 years we will seek to reaffirm consent with the individual.
How we secure our data
Access to data we store is restricted to those who need it and all data is stored on secured platforms.
We do keep some paper forms with personal information on them. These are stored in a locked cabinet in a locked office and are only accessed by authorised personnel.
Most of our data is stored on an external service called churchsuite. Information on the GDPR policy of churchsuite can be found on their website. Churchsuite is an EU based company with secure encryption. Only staff members, church elders and key volunteers have access to this data and there are secure access rights to limit what each user can see. Church members can choose to share details with other church members by making it public in ‘My ChurchSuite’ however by default no personally identifiable information is shared. Such privacy settings can be changed by the individual at any time and users can enact their right to be forgotten in the ‘my details’ section of My Chursuite at any time.
Our E-mail is stored on Zoho, an EU based cloud E-mail provider. They use secure encryption for there servers and authentication. The church staff all have their own E-mail account which they use solely for the purposes of conducting church business. Access is restricted to the member of the team running the account and the administrator of the church’s Zoho account, who is the data protection controller. The data protection controller will not access anyone’s E-mail without authorization from the church leadership. There will be occasions where communications are sent about an individual, this is done in the strictest confidence and we do not record this information anywhere outside of the E-mail unless required to do so by law. This data is never processed and we do not share this information. Likewise we do not do any processing of the E-mail addresses or signatures from mail we receive unless the E-mail is explicitly giving permission for us to collect the information by the individual.
We store our documents on Dropbox and Zoho which are fully GDPR compliant as well as compliant with the EU-US Privacy shield. They use strong encryption to store files. We limit access to files based on need. Confidential documents have a strict remit of church staff or church trustees and are not shared beyond that. All documents containing sensitive data must be password protected. Staff and volunteers are prohibited from sharing or making copies of any document containing personal data outside of the church’s systems and processes to prevent data being lost or stolen.
Financial records and information is stored on personal computers on a programme called Sage Accounts. This database is password protected on a computer which is protected with a different password and access is limited to those who are directly involved with processing the churches accounts. We also have access to some records through an online service called Stewardship of members who have donated via that method however this data is not stored by us and would fall under the jurisdiction of Stewardship itself and not THCC as the data was shared with them.
Access to all our services, E-mail, Dropbox, Churchsuite etc is via secure accounts only. We require all features to automatically log in to be turned off and when access is via an app on a smart phone that device must be protected with a pin or password.
Staff may access the services we use to store data on their mobile phone but in doing so must ensure that the phone is adequately protected. This means that there must be a pin or password on the device and the device must be encrypted. Should that phone get lost or stolen the owner must inform church staff immediately who can log it out of the various services. As data is not stored directly on mobile phones but rather is accessed through various services this will be sufficient to ensure that not data can be obtained from the device. We would also strongly recommend that the phone be remotely wiped which is a feature available through Android and IOS.
The reality of being a community church is that there is information that is given to staff members on a personal basis by church members. It is imperative that this information is not collected by church in this manner. All data collection should be through official channels and with explicit consent. The church is not responsible for information given by individuals on a personal basis.
THCC does very little processing of data it collects. We do group users depending on interests, such as ‘parents’ or ‘students’ so we can send target communication to people for whom it would be of interest. We do use details to send out emails and automated messages to groups of people. We also use details collected to contact people about specific church matters on an individual basis. We also process personal information for record keeping, generally where in line with legal requirements or practical reasons such as children’s medical information or church finances.
Data retention policy
According to the GDPR data must only be kept as long as is requred for the purpose that it was collected for and as such our data retention timescales are dependant on the purpose of collection.
Most data is collected to keep members informed of what is happening and to allow them access to Church Suite which we use to manage church operations such as events, rotas and small groups. We also use this as a way of keeping in touch with our members through E-mail and occasional phone calls. We keep this information until we receive a request to delete it or until one year after a member has ceased all contact with church, including attending events. This applies to all the information we store on Church Suite. We request on a six monthly basis that people check the information we hold is accurate by logging in to church suite and updating their information where they can add, change or remove their details.
Where information is gathered as part of an event or ministry it will be used for the functioning of that event or ministry or to provide information about related church activities as is explicitly stated when we capture that data. We may contact individuals as part of the running of that via any means which they have provided contact details for. This data is only stored for the time period of up to two months after the event or, in the case of an ongoing ministry, until one year after the individual ceases to attend or maintain contact with us.
Where information is shared with the church via E-mail the purpose for which it was sent is to provide the church with the information included in the message from that individual without any time restrictions. As such we can store it indefinitely so long as there is no request to remove it from the individual. In the case of safeguarding matters E-mail should be stored indefinitely as a record. We only retain the personally identifiable information in that E-mail, we do not process it.
Where we store personally identifiable information in documents, and spreadsheets the purpose of the inclusion of such details will dictate the retention timescale. Ordinarily the data will be in the context of a role an individual is fulfilling and once they cease in that role the data can be removed. Occasionally documents containing sensitive information will be stored for reference and in this instance the data should be deleted when it is no longer required for the reference purpose. It is the responsibility of the staff member who stores such documents to ensure that they are removed when no longer required.
Sharing of Information and Confidentiality
Information we gather may be shared with any of the services listed above, although this is usually done by the user interacting directly with that service. The services we use to not share any information with other companies. We also share information with accountant who will have access to some records of giving.
Our staff and trustees follow a strict confidentiality policy and will not reveal any individuals information to anyone outside of the staff and trustees with the exception of where the law requires us to do so.
Responding to Requests
Under GDPR users have right to make several requests listed above about the data we hold on them which we must respond to ‘in a timely manner’. The processes for responding to such requests are detailed in our GDPR requests process document. Requests should be made in writing, by email or post and delivered to a member of church staff who will pass it on to the data protection controller.
Under GDPR we are legally required to inform all users should their data be lost or stolen within 72 hours of detection. In this instance all users will be sent an e-mail informing them of the extent of the loss of data. As almost all information is stored on various services the response to a breach will rely on those services taking steps to mitigating the loss. We will do all we can to inform users of the circumstances and any advise that is being given.
All records of consent, policy changes, procedures and data access requests will be stored indefinitely as a means of legally demonstrating our compliance with the GDPR. Requests from data subjects will be stored and a record of steps we have taken will be made.
Further information around GDPR can be found on the http://ico.org.uk website.