ChristChurch Harpenden Data Protection Policy

The basic guidelines of the Data Protection Act are:

Personal data must be processed fairly and lawfully.
Personal data must be obtained and used for specified and lawful purposes.
Personal data must be adequate, relevant and not excessive.
Personal data must be accurate and, where necessary, kept up to date.
Personal data must not be kept for longer than necessary.
Personal data must be processed in accordance with the rights of data subjects.
Personal data must be kept secure.
Personal data must be properly protected when transferred overseas
Some definition of terms used in the Data Protection Act

1. Personal data must be processed fairly and lawfully.

Christchurch Harpenden (including the congregation at Redbourn) only use personal data for the purposes listed in principle 2 below.

2. Personal data must only be obtained and used for specified and lawful purposes.

It is required that data users tell individuals what "specified and lawful purposes" their data is to be used for. In the case of the Christchurch Harpenden these have been identified as:

Recording personal information on members, non members, children involved in youth activities and pastoral care.
Financial information, including bank details for members giving to the organisation.

3. Personal data must be adequate, relevant and not excessive.

In most cases, the data consists of:

Name
Address
Telephone Number
E-Mail address
Age
NINO
Bank Details
Amount of giving

4. Personal data must be accurate and, where necessary, kept up to date.

Personal data on addresses, phone numbers and email addresses is updated annually.

5. Personal data must not be kept for longer than necessary.

Personal data is kept for a maximum of 7 years after a member has left. All other information is updated and deleted annually.

6. Personal data must be processed in accordance with the rights of data subjects.

Data subjects have the following rights:

Inaccurate information is to be corrected or erased
A copy of their information must be provided on request

7. Personal data must be kept secure.

All electronic information is stored on password-controlled secure PCs. Paper information is stored in locked filing cabinets

8. Personal data must be properly protected when transferred overseas

This only happens when the church directory of personal information is transmitted by email. All individuals have given their permission for this to happen.

9. Definitions of terms used

TERM USED	DEFINITION
Data	Information that is either computerised, or it forms part of a manual record (for example a paper-based file or microfiche record.)
Personal Data	Data which relate to a living individual, including expressions of opinion.
Processing	A range of activities from collection to destruction, including the mere holding of personal data.
Data Subject	An individual who is the subject of personal data.
Data Controller	Was called "Data User". Whoever determines the purpose(s) for which data are to be processed.
Data Processor	Any person, other than an employee of the Data Controller, that processes data on behalf of a Controller.
Data Protection Commissioner	Was called "Data Protection Registrar." An appointed official responsible for enforcing the Data Protection Act.
Notification	Was called "Registration". A register is maintained by the Commissioner containing details of Data Controllers' processing activities.