Privacy Policy

    February 06, 2024
    Fountain of Life Church Data Privacy Policy

    Your Personal Data

    When we use the term Personal Data in this Privacy Notice we refer to data collected or held by Fountain of Life Church that identifies and relates to you as an individual. Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or which is likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (GDPR). For the purposes of the General Data Protection Regulations and any other applicable data protection and privacy laws and regulations, FoL will be the ‘Data Controller’ FoL is not registered with the Information Commissioner’s office (ICO), being currently exempt.

    How do we process your personal data?

    FoL complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. We use your personal data for the following purposes: -

    • To enable us to provide a service as specified in our constitution;
    • To administer membership records of FoL, and membership records of AMs (Associated Ministries);
    • To promote the interests of the charity;
    • To manage our employees and volunteers;
    • To maintain our own accounts and records (including the processing of Gift Aid);
    • To inform you of news, events, activities and services running at FoL and AM;-
    • To keep you informed about news, events, activities and services from other organisations that may be of interest.

    What is the legal basis for processing your personal data?

    We use ‘legitimate interest’ to keep records on people who have an association with the church either because they come to church, are members, attend our events or courses or have asked to be kept in touch. We also process your data to comply with legal or regulatory obligations we are subject to. Where personal data is collected for marketing purposes this is done with the consent of the data subject.  

    Financial Records and Card Details All financial payments and records are held securely by designated individuals for the purposes of account auditing and retention. We do not store financial details (credit or debit card numbers) obtained through online transactions nor do we pass any information to third parties, except where we are legally required to do so, such as to assist fraud reduction. Information given through Gift Aid forms is held securely and for no longer than required.

    Marketing Purposes

    Where we have your consent, we may also use your personal data for marketing purposes, which may include contacting you by phone, email or post with information and news of services or events you may be interested in. You will not be sent any unlawful marketing or spam. You will always have the opportunity to opt out of receiving such emails, including receiving FoL News.

    Sharing your personal data

    Your personal data will be treated as confidential and will only be shared with other members of the church for purposes connected with the church. We do not share your information unless you have given us explicit instruction to do so. FOL and AM will not share any personal data with outside individuals, companies or organisations unless legally required to do so.

    • FOL Members may give permission for their personal contact details to be shared to other FOL members for the purpose of contact and communication about the activities, ministries or life of FOL.
    • Where a FOL member is aged 16 or 17 a parent/guardian must also consent for their child’s personal contact details to be shared with other FOL members.
    • To assist the running of FOL activities, events and life of the church appropriate contact information of FOL church members can be shared and distributed to other church members, where explicit written consent is given.
    • Due to the separate nature of FOL and its AM personal data will not be shared between these groups without gaining a person or parent/guardians written consent.
    • FOL and its AM will advertise appropriate activities to their members or attendees without any personal data being exchanged.

    Data Security

    We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees who have a need to know.

    • Original copies of any paper based registration forms (Connect cards) and data consent to be kept in locked cabinets within FOL or AM office.
    • Original copies are only to be taken offsite for the express purpose of running activities safely.
    • Digital databases are only to be accessed by relevant staff members, team leaders or authorized volunteers.
    • Digital databases will be held on a password-protected computer and/or password protected FOL church associated cloud storage system.
    • FOL recognises that staff members, team leaders or authorized administrators may need to access protected data remotely, from a home office or an onsite location, on a personal device. In these instances the same precautions must be taken.
    • Registers made from gathered information should only include the relevant information relating to the FOL or AM activity or event.
    • Registers made from gathered data should only be accessed by the required team to ensure the safe running of the FOL or AM activity or event.
    • Registers created for events or activities that solely take place in a specific FOL venue will be stored in permanent lockable on-site storage unit. These registers will only be accessible to authorized team members for the safe running of the event or activity. Registers kept digitally on tablets must be password protected, and stored safely between events.
    • Printed registers will be stored safely between uses in locked cabinets within FOL or AM office.
    • Any printed registers that are inaccurate or no longer in use must be safely disposed of.
    • Any registers handed out to team members for the safe running of an FOL or AM activity or event must be returned to the FOL or AM team leader or authorised administrator, to be returned to its secure storage.
    • Where printed databases or registers need to be left onsite for a longer period of time than an individual activity lasts, no protected data can be left on display or accessible by unauthorized persons. Instead items will be returned to the FOL or AM team leader or authorised administrator and locked away in portable storage and stored safely.
    • Any breach of these regulations or any knowledge of lost paper copies will be reported to the FOL Leadership immediately.

    We have put in place procedures to deal with any suspected personal data breach and will notify you and any regulator of a breach where we are legally required to do so. This may include;

    • If any FOL, AM or personal computing device with the ability to access a FOL or AM digital database is lost or stolen it will be immediately reported to FOL leadership and then reported to the Information Commissioner’s Office (ICO) within 72 hours.
    • Any lost or stolen data will be reported to the ICO within 72 hours of the loss.
    • Any data breaches allowing for an individual’s personal data to be shared with unauthorized persons will be made known to them as soon as is possible.

    Your Rights

    Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: -

    • The right to be informed – to know what information we collect about you and why.
    • The right of access – to see what information we hold about you and to verify the lawfulness of our processing of your data.
    • The right to correction – to correct the information we hold if it is incomplete or inaccurate.
    • The right to erasure – to have your information removed.
    • The right to restrict processing – to change the way in which we use your data.
    • The right to data portability – to obtain your information in order to transfer it to another service or organisation.
    • The right to object; and – to object to the way in which we are using your data.
    • The right not to be subjected to automatic decision-making including profiling – to have your information removed from any databases subject to automatic decision-making processes.
    • The right to lodge a complaint with the Information Commissioners Office.

    If you would like to exercise any of the rights set out above, then please contact us at

    You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is repetitive or excessive. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

    Gathering Data

    • FOL will manage its membership (electoral roll) according to its constitution.
    • FOL and AM will only collect relevant information required for the purposes of its activities and promotion of said activities.
    • FOL and AM will clearly state on registration forms (digital or otherwise) the purposes of collecting a person’s/child’s data.
    • Any gathered data will be regularly audited and data that is no longer relevant will be deleted.
    • FOL and AM will only collect a child’s (0-17 years) personal information from a parent or legal guardian.
    • Any known incorrect data will be corrected, with the appropriate consent, or deleted.
    • FOL and AM will make every effort to help an individual understand the need for holding their, or their families, data.

    Data Retention

    We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting and reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

    Destruction of Data

    Data that is no longer required will be destroyed and securely disposed of. Electronic data will be deleted and completely removed from electronic devices.

    Further Processing

    If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. This may include information provided at certain events or activities as part of the booking process. Where and whenever necessary, we will seek your prior consent to the new processing.

    Changes to this Privacy Notice

    We may change this Privacy Notice from time to time to reflect changes in best practice, security and control and to ensure compliance with any changes or amendments to the Law. An amended version will be available on the FoL website.

     

    January 2024

    Back to Articles