Data Protection Policy

The basic guidelines of the Data Protection Act are:

  1. Personal data must be processed fairly and lawfully.
  2. Personal data must be obtained and used for specified and lawful purposes.
  3. Personal data must be adequate, relevant and not excessive.
  4. Personal data must be accurate and, where necessary, kept up to date.
  5. Personal data must not be kept for longer than necessary.
  6. Personal data must be processed in accordance with the rights of data subjects.
  7. Personal data must be kept secure.
  8. Personal data must be properly protected when transferred overseas.

Some definitions of terms used in the Data Protection Act are included at the bottom.

1. Personal data must be processed fairly and lawfully

Christchurch Harpenden (including the congregation at Redbourn) only use personal data for the purposes listed in principle 2 below.

2. Personal data must only be obtained and used for specified and lawful purposes

It is required that data users tell individuals what "specified and lawful purposes" their data is to be used for. In the case of the Christchurch Harpenden these have been identified as:

  • Recording personal information on members, non members, children involved in youth activities and pastoral care.
  • Financial information, including bank details for members giving to the organisation.

3. Personal data must be adequate, relevant and not excessive

In most cases, the data consists of:

  • Name
  • Address
  • Telephone Number
  • E-Mail address
  • Age
  • NINO
  • Bank Details
  • Amount of giving

4. Personal data must be accurate and, where necessary, kept up to date

Personal data on addresses, phone numbers and email addresses is updated annually.

5. Personal data must not be kept for longer than necessary

Personal data is kept for a maximum of 7 years after a member has left. All other information is updated and deleted annually.

6. Personal data must be processed in accordance with the rights of data subjects

Data subjects have the following rights:

  • Inaccurate information is to be corrected or erased
  • A copy of their information must be provided on request

7. Personal data must be kept secure.

All electronic information is stored on password-controlled secure PCs. Paper information is stored in locked filing cabinets

8. Personal data must be properly protected when transferred overseas

This only happens when the church directory of personal information is transmitted by email. All individuals have given their permission for this to happen.

Definitions of terms used

TERM USED

DEFINITION

Data

Information that is either computerised, or it forms part of a manual record (for example a paper-based file or microfiche record.)

Personal Data

Data which relate to a living individual, including expressions of opinion.

Processing

A range of activities from collection to destruction, including the mere holding of personal data.

Data Subject

An individual who is the subject of personal data.

Data Controller

Was called "Data User". Whoever determines the purpose(s) for which data are to be processed.

Data Processor

Any person, other than an employee of the Data Controller, that processes data on behalf of a Controller.

Data Protection Commissioner

Was called "Data Protection Registrar." An appointed official responsible for enforcing the Data Protection Act.

Notification

Was called "Registration". A register is maintained by the Commissioner containing details of Data Controllers' processing activities.


Policy Documents
Webpage icon Safeguarding Policy