Friday, July 19, 2019

HILLINGDON PENTECOSTAL CHURCH

GDPR COMPLIANCE IMPLEMENTATION PROJECT

HPC PRIVACY POLICY FINAL VERSION 1.0

(DATE: 23RD MAY, 2018)

 

Introduction

Hillingdon Pentecostal Church (HPC) is a religious and charitable organisation. We are committed to protecting and safeguarding your personal information and data privacy rights. This Privacy Policy describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. 

This Privacy Policy applies to the personal data of our Members, Children, Donors, Staff, Volunteers, Visitors, Board of Directors, Website Users and any other third parties we engage with. It also applies to the emergency contacts of our Staff and Children who attend HPC.

For the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) (the "GDPR"), the organisation responsible for your personal data is Hillingdon Pentecostal Church, otherwise referred to as "HPC" or “Church” or "us" or “we”. 

We will keep this Privacy Policy under regular review and update it from time to time. Please visit this page if you want to stay up to date, all changes will be posted here.

 

What kind of data do we collect?

General

In order to support the smooth running of the organisation and its various programmes, HPC collects and processes personal data of its members, children, web users or any other third parties that we engage with. We only ask for details that are essential to fulfilling this purpose.

Depending on the relevant circumstances and relevant data subject group, we may collect some or all of the information listed below to enable us to engage with you effectively and productively:

  • Your biological information – name, title, date of birth, age and gender
  • Your contact details – address, e-mail address and phone number
  • Your next of kin information – name, relationship, telephone number, e-mail address, contact address
  • Your home address
  • Photographs and/or photographic identification document
  • Nationality/citizenship
  • Medical brief
  • Extra information that you choose to tell us
  • Records of communications sent to you by HPC or received from you
  • Other information such as your bank details so that we can pay for the services you provide (if this is part of the contractual arrangements between us)

***Please note that the above list of categories of personal data that we may collect is not exhaustive.

Other Users, such as Referees and Emergency Contacts

In order to care for and support our Staff and Members, we require some basic background information (such as name, email address and telephone number) from their referees and emergency contacts. We only ask for very basic contact details, so that we can get in touch with you either for a reference or because you have been listed as an emergency contact for one of our Members or Staff members.

 

How do we collect your data?

General

We generally receive information directly from you through the means stated below:

  • Information/Visitors Forms
  • Consent Forms (For Children)
  • E-mail
  • Over the phone
  • Social Platforms
  • Registers at programmes organized by the organisation
  • Web forms submitted via our website
  • Contracts/Agreements

 

How will HPC use my personal data?

The main purpose for processing your personal details is to help with the running of the organisation’s programmes and fulfil its commitments/mandates. We ensure that we receive adequate personal information to be able to do this. 

We may use your information in the following ways:

  • Communication of HPC’s programmes and any other updates 
  • General correspondence to all third parties including web users’ enquiries
  • Monitor members’ attendance for follow up purposes
  • Monitor children’s attendance to events and acknowledge performance
  • Volunteers/Workers’ Rostering (Rota)
  • Acknowledge donation from our donors and keep records for reconciliation purposes
  • Process Gift Aid and meet other HMRC requirements
  • Programme publicities on public platforms
  • During special events such as Annual General Meetings, especially the event’s photographs
  • Process a job application to work with us
  • Respond to job reference on behalf of its members and staff

 

Who HPC shares your data with

Apart from the purpose of meeting our religious and charitable commitments to our members and the community, we will never share your personal data to third parties for their own purposes unless we are required by law to do so.

Your personal data may be shared with:

  • The church Leadership, Men/ Women/Children Ministry leaders and supports 
  • Our affiliated bodies - Assemblies of God and The Evangelical Alliance where required
  • Third parties requesting references on behalf of our staff or members
  • Regulatory bodies 
  • The Trustees and the Board of Directors
  • Other volunteers/workers where an individual appears on our ‘Rota’
  • We have our own obligations under the law, if we believe in good faith that it is necessary, we may therefore share your data in connection with crime detection, tax collection, HMRC, Gift Aid processing or actual or anticipated litigation

 

Some personal information such as photographs and members’ special dates such as birthdays may be shared during presentations at our Annual General Meetings and End of Year Celebrations. We ensure as much as possible that this information is safely presented. However, we do not have full control during general presentations which are obligated accountability events to members and will therefore not take liability for any exposure via this means.

Volunteers Rota

Our quarterly rota consists of certain personal data like names and telephone numbers of our Volunteers/Workers who are dedicated to ensuring that the organization and its programmes runs smoothly. This rota is distributed towards the end of the quarter to individuals and is available both electronically and on a hard copy form.

Efforts are made to ensure that only the intended recipients are those with access to these documents. However, HPC has no control over the copies available to each Volunteer and will not take responsibility for any exposure through this means. HPC is committed to educating its Volunteers and staff on data safety measures and will endeavour to continue to do so.

 

Children

At HPC, we take particular care of the personal data provided for children who attend HPC or other children special programmes. We hold and process adequate information about children to be able to support their learning and provide them with adequate support and care. HPC collects children’s data mainly through parent/guardian consent forms on behalf of their ward. Other means through which children’s data are collected include via children’s events such as Holiday Clubs and Parent and Toddler Groups. This information is also required for the smooth preparation and coordination of these special events. Except where consent has been granted to keep the data for a longer period of time, the data is usually deleted after the purpose of collection has been fulfilled.

HPC has a comprehensive safeguarding policy and details of this can be found on our “Children and Young People” page on our website. For more information about our Safeguarding policy and any further enquiry or questions can be directed to:

Mahen Beechook 

The Safeguarding Coordinator 

Hillingdon Pentecostal Church

Kingston Lane

Uxbridge, Middlesex UB8 3PW

London, UK

Telephone no.: 01895 259528

E-mail: hpchurch@btinternet.com                  

 

How long will HPC retain my personal data?

We will hold your personal information on our systems for as long as necessary to enable us to provide you with support and fulfil our obligations to our Members and the community, or as long as it is set out in any relevant contract you hold with HPC after which it will be deleted.

 

If you have shown an interest in us holding your data to enable us connect with and keep you updated with our programmes, we will retain your data until consent is withdrawn or updated. HPC welcomes visitors and maintains their personal data. Where consent has been given to hold and process this data, personal information will be held on our system for a period of 2 years from their last visit, after which it will be deleted. However, core data such as name and e-mail address will be retained for our records. Otherwise, your data will be retained for as long as you are a Member of HPC, or participating in any capacity such as Volunteers/Trustees/Board of Directors, or having contractual engagement with us (Contractors/Suppliers etc.)

 

Your personal data may be held for longer where we believe in good faith that the law or other regulations requires us to preserve it (for example, because of our obligations to tax authorities, Gift Aid or in connection with any anticipated litigation). After this period, it is likely that your data will no longer be relevant for the purposes for which it was collected.

 

How do we safeguard your personal data?

HPC is committed to taking all reasonable and appropriate steps to protect the personal information that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures. These include measures to deal with any suspected data breach.

 If you suspect any misuse or loss of or unauthorised access to your personal data, please let us know immediately by contacting hpchurch@btinternet.com or 01895 259528.

 

Our Legal basis for processing your information

Our legal basis for collecting and using the personal data described above will depend on the personal information being referred to and the specific context in which we collect it.

Consent

We understand that once your personal data is submitted to HPC for the purpose of which it has been requested, we have your consent to process such information to be able to deliver our religious and charitable obligations or meet our contractual obligation. HPC ensures that consent is provided for all children’s personal data collected by authorised individuals. If the circumstances for processing your personal data are no longer in place, your data will be retained for a certain period after which it will be deleted from our system (Please refer to “How long will HPC retain my personal data?”)

In certain circumstances, we may require additional consent to process your personal data in relation to certain activities that are advantageous to you. You will be able to provide your consent via opt-in consent and adequate information will be provided on the reason for such request. 

We are likely to provide you with a tick box for you to check or a reply e-mail requested to make this process clear and unambiguous.

Legitimate Interest 

Processing your personal data may be in our legitimate interests pursued by us or by third party, where such interests are not overridden by your fundamental rights or freedom which require protection of personal data. 

We do not think any of the following activities prejudice individuals in any way, rather, they help us provide community support and deliver our religious responsibilities to our Members.

  • Church Services/Special Events – We organise services where believers, both young and old, come together to study the word of God, worship and pray
  • Community Programmes – We also facilitate programmes such as Outreaches, Christmas Sales Events, Parents and Toddlers Group etc.
  • Referencing – HPC provides reference to our consistent members to support them as deemed appropriate

 

Legal 

In some situations, we may have a legal obligation to collect personal information from you. If we ask you to provide personal information to comply with a legal requirement, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not. We will also advise you on the possible consequences if you do not provide your information.

Sometimes, it may become necessary to process personal data and, where appropriate and in accordance with local laws and requirements, sensitive personal data in connection with exercising or defending legal claims.

 

What are my rights?

Right to access

You have a right to request copies of the data held about you by the church at any time, and request us to modify, update or delete such information. We may ask you to verify your identity and for more information about your request. While we expect your request does not become "noticeably unsubstantiated or excessive", in which case, we may refuse your request where legally permitted to do so.

Your request will detail a description of your personal data that we hold, why we hold it, who it could be disclosed to and we will let you have a copy of the information in an understandable form.

To request an access or correct any mistakes, please contact hpchurch@btinternet.com

 

Right of rectification

You also have the right to request that we update or rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible. Where appropriate, we will also tell you which third parties we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.

Please send request to hpchurch@btinternet.com

 

Right to erasure

You have the right to request that we erase your personal data in certain circumstances. Generally, the basis must be consistent with the following criteria:

  • the data is no longer necessary for the purpose for which we originally collected and/or processed them
  • where previously given, you have withdrawn your consent to us processing your data, and there is no other valid reason for us to continue processing
  • if we process the data because we believe it to be necessary to do so for our legitimate interests, you object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing

Please note that in certain circumstances where we comply with additional local law requirements regarding data subject right to erasure, we may refuse your request in accordance with local laws.

Request may be refused where there is a need to comply with a legal obligation, resolve a complaint or defend a legal claim

Please send request to hpchurch@btinternet.com

 

Right to withdraw consent 

Where HPC have obtained your consent to process your personal data for certain activities (for example, notification of special events), you may withdraw this consent at any time and we will cease to carry out the particular activity that you previously had consented to unless we consider that there is an alternative reason to justify our continued processing of your data for this purpose in which case we will inform you of this condition.

Please send request to hpchurch@btinternet.com

 

Right to restrict processing

You have the right to request that we restrict our processing of your personal data in certain circumstances. This implies that we can only continue to store your data but will not be able to carry out any further processing activities with it until either: 

  • You give consent to commence processing
  • further processing is necessary for either the establishment, exercise or defence of legal claims, the protection of the rights of another individual, or reasons of important EU or Member State public interest
  • Surrounding circumstances for restricting processing are resolved

You may request for your personal data to be restricted under the following circumstances:

  • where you dispute the accuracy of the personal data that we are processing about you. In this case, our processing of your personal data will be restricted for the period during which the accuracy of the data is verified
  • where you object to our processing of your personal data for our legitimate interests. Here, you can request that the data be restricted while we verify our grounds for processing your personal data
  • where our processing of your data is unlawful, but you would prefer us to restrict our processing of it rather than erasing it; and
  • where we have no further need to process your personal data but you require the data to establish, exercise, or defend legal claims

If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible. We will, of course, notify you before lifting any restriction on processing your personal data.

Please send request to hpchurch@btinternet.com

 

Right to data portability

You have the right to obtain a copy of your personal data so that it can be reused for your own purposes in another IT environment. This right of data portability applies to personal data provided by you and personal data that we process based on your consent or in order to fulfil a contract. To request a copy, please send an e-mail to hpchurch@btinternet.com

 

Right to make a complaint to the supervisory authority

You also have the right to lodge a complaint with your local supervisory authority. Details of how to contact them can be found below:

Phone: 0303 123 1113

E-mail: casework@ico.org.uk

Post:    Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

 

Offensive or inappropriate content on HPC websites

We may choose to remove posted or sent content that may practically be deemed to be offensive, inappropriate or objectionable anywhere on or to HPC websites or social media channels, or otherwise engage in any disruptive behaviour on any HPC outreaches. 

Where we reasonably believe that you are in breach of any applicable laws, we may disclose your personal information to relevant third parties, including law enforcement agencies or your internet provider. HPC would only do so in situations where such disclosure is allowed under applicable laws, including data protection law.

 

Changes to HPC’s website privacy policy and notices

We keep our Privacy Policy under regular review. So you may wish to check it each time you submit personal information to HPC. The date of the most recent revisions will appear on this page and we may notify you by e-mail if material changes are made to the Privacy Policy. If you do not agree to these changes, please re-consider the use of HPC websites to submit personal information to us.

 

Contacting HPC about the privacy policy

We take privacy seriously and promise to get back to you as soon as possible if you have any comments or questions about this privacy policy. To do so, please contact:

 

The Data Compliance Officer

Hillingdon Pentecostal Church

Kingston Lane

Uxbridge, Middlesex UB8 3PW

London, UK

Email: hpchurch@btinternet.com