Policy Area:    IT, Admin

Author Owner:   Connect Church Directors

Issue Date:    May 2018

Approved By:    Connect Church Directors

Approved Date:    5th May 2018

Review Date:    March 2019

1.0       Introduction

This policy applies to all staff employed by Connect Church, to all contractors, volunteers and casual workers and to the trustees.

Connect Church Directors are ultimately responsible for this policy.


2.0       Definition of personal data

Data is information which is recorded with the intention that it should be processed on computer or is recorded as part of a relevant filing system (i.e. manual system). In the legislation:

  • Personal data is defined as information relating to a living individual who can be identified:
    • from the data and/or;
    • from the data, which includes an expression of opinion about the individual.
  • Sensitive personal data is information relating to:
    • racial or ethnic origins of the data subject;
    • political opinions;
    • religious beliefs or other beliefs of a similar nature;
    • trade union membership;
    • physical or mental health;
    • sexual life;
    • the commission or alleged commission of any offence and
    • any proceedings for any offence committed or alleged to have been committed by the data subject.

In order to process these types of data consent from the data subject must be obtained by the organisation handling the data.  Explicit consent must be given when it is sensitive personal data.

Connect Church is registered with the Information Commissioner as a processor of data for the following purposes:

  • to enable us to provide pastoral care,
  • to organise the life of the church, including the use of its premises, and
  • to raise funds.


3.0       Policy

  • The church recognises the importance of the correct and lawful treatment of personal data. All personal data, whether it is held on paper, on computer or other media, will be subject to the appropriate legal safeguards as specified in the EU General Data Protection Regulation and the Data Protection Bill currently passing through the stages for parliamentary approval.
  • We will do our utmost to ensure that all staff, contractors, volunteers, casual workers and trustees are conversant with good practice in data protection.
  • We will only hold and process data for the prescribed purposes.
  • Where practicable, the purpose for which we collect personal information will be made clear at the time of collection. We will use standard approved statements about data protection where practicable in our literature in which personal data is collected.
  • General Data Protection Regulation – Connect Church will only use personal data in connection with the administration and funding of the life of the church and its premises, and the provision of pastoral care. It will not make personal data available to any third-party organisation or individual except where we are legally required to do so or consent has been given.
  • Users can visit the Church website without revealing who they are or other personal information.  We will not collect any personal information about visitors to the website.


4.0       Maintaining confidentiality

  • The church will treat all personal data as private and confidential and not disclose any personal data to anyone other than those who require access to it in order to facilitate the administration and day to day ministry of the church. In this connection, people who have access to the church’s records of personal data include the staff, volunteer admin staff and the Safeguarding Officer. In each case, they only have access to such data as they require to carry out their duties.
  • We will not pass personal data to third parties. In particular, we will not sell to/exchange data with other organisations.   We will not pass on sensitive personal data without the subject’s consent in writing or by email.
  • The following are exceptions to the above:
    • Where we are legally compelled to disclose the data;
    • Where the disclosure is necessary or, in the view of the Connect Church Directors, beneficial in connection with the good management of any legal proceedings (including prospective legal proceedings).This may include disclosing data in order to obtain legal advice, to pursue an insurance claim or to establish, exercise or defend legal rights;
    • Where there is a duty to the public to disclose the data.This may include situations where the police, social services or tax authorities request access to such data in order to fulfil their duties;
    • Where disclosure is required to protect the data subject; and
    • Where disclosure is made at the subject’s request or with the subject’s consent.


5.0       Security

  • All personal and sensitive data held will be secure against unauthorised access and theft. Password protection is the most obvious means, but the server, filing cabinets and office in which the data is held must also be secure.

We will ensure that:

  • our IT network is as secure as practicable;
  • individuals’ computers are password protected;
  • individuals’ computers are locked when they are away from their desk for more than a few minutes at a time;
  • personnel and other files holding sensitive or confidential personal data are secured and only made available to those with authorised access.


6.0       Subject Access Requests

Employees and other subjects of personal data held by the church have the right to:

  • Ask what information the church has about them and why;
  • Ask how to gain access to it;
  • Be provided with a copy of it;
  • Be informed about how to keep it up to date;
  • Be informed what the church is doing to comply with its obligations under the General Data Protection Regulation

If a data subject makes a written request for a copy of the data held about them, the church may charge the maximum fee permitted by the Information Commissioner for providing such information.  The church will respond to any such requests as quickly as possible and in any event within 40 days of receipt of a written request unless there is good reason for delay. In such cases, the reason for delay will be explained in writing to the individual making the request.

Personal information will not be passed on to any third parties outside of the church environment.


7.0       Specific Data Handlers

Connect Church currently uses HMRC, Mail Chimp, Google.

Connect Church Staff and admin volunteers have access to data for the purposes of marketing.