The Data Protection Policy of Tree of Life Church and Tree of Life Family
What is Personal Data?
Personal data is any data that relates to a living individual if that individual can be recognized from that data. This means things like your name, your address, your email address. Identification can be by that information alone, or in conjunction with other information in the data controller’s possession or even if they are likely to come into possession of that data.
How personal data is regulated is governed by the rules set out by the General Data Protection Regulations (also known as the “GDPR”).
Who are Tree of Life Church?
We are a registered charity (1136703) and we collect data from people who come to our services, or who watch us on TV, or listen to us on the internet or radio, or who are interested in our wide range of conferences and guest speakers. We use this data to serve people in the best possible way, such as contact them when guest speakers come to town, or when a service has to move location, or to give them articles to help them learn more about the Christian faith and life.
For the purposes of the GDPR, we are called the data controller because we decide how to store personal data and how to process it, and for what reasons.
How do we process personal data?
Tree of Life Church complies with the obligations we have under the GDPR by keeping all personal data up to date; by storing it securely on a trusted server designed for the purposes of holding personal data for churches; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorized access and disclosure and by ensuring that there are sufficient technical measures in place to protect your personal data.
Why do we process personal data?
We use your personal data for the following purposes:
1. Because we want to serve our people and the general public in the best particular way we can, and to do that we need to be able to communicate with people
2. To fundraise as effectively as we can so we can fulfil our charitable purposes
3. To keep records of the people who come to the church, so we can best help them learn more about the Christian faith
4. To manage our employees and volunteers for our services and conferences and special events
5. To maintain our accounting procedures and keep good accounting records, including the processing of gift aid applications
6. To inform you of what is going on in the church family, such as special events, venue changes, new church plants, special events and conferences.
Is it legal you have our data and process it?
We have spent a lot of time and effort ensuring that we process your data in a way that helps you and is legal. These are some of the things we are doing to ensure that we process your data in a legal and ethical way:
1. We add people to our database only if they fill in a connection card, an offering envelope, or they explicitly ask to be on our database. We contact the people on our database to inform people about news, events, activities and services, and to pass on Christian teaching which will help them in learning more about the Christian faith.
a. From the date of this policy (17th May 2018) we now keep records of consent of everyone added to our database
b. From the date of this policy (17th May 2018) we no longer use the completion of offering envelopes as a valid method of consent for contacting people about non-financial issues. We have restructured our database to ensure that this is implemented consistently.
2. Processing your data is necessary for us as a charity so we can carry out our legal obligations, such as Gift Aid, employment law, or social protection law.
3. There is no disclosure to a third party without consent. This means that we never sell or give away your data to anyone else.
4. We are a charity, we have a specific religious aim, therefore we are legally allowed to process your data if you have regular contact with us for religious purposes.
Do You Ever Share My Personal Data?
Your personal data is treated as strictly confidential. Anyone who processes personal data must sign a confidentiality agreement. We only share data to church leaders or processors for the appropriate purposes of running the church and serving our people.
How Long Do You Keep Our Personal Data?
We keep personal contact data as long as it is current. We keep gift aid declarations for six years and we keep pastoral information and other legal information permanently.
What About My Rights When It Comes to My Personal Data?
Unless there is a clear exemption under the GDPR, you have a number of rights with regard to your personal data:
1. You have the right to request us for a copy of your personal data, and we have to then give it to you.
2. You have the right to ask us to change any personal data if it is found to be inaccurate or out-of-date
3. You have the right to ask us to delete your personal data at any time.
4. You have the right to withdraw your consent to the processing at any time
5. You have the right to ask us at any time to give your data to another data controller. If you have given us specific consent to have your data, consent to move the data (or your data is used because we have a contract together) then we will then move that data across. Otherwise, the other data controller will have to get the data from you.
6. You can ask us to pause processing your data at anytime if you think we have incorrect data.
7. You have the right to complain about us and object to the way we are processing your data if we are sending you marketing directly and you did not give us consent. You can complain to the Information Commissioners Office. Though it is easier to speak to us first so we can sort it.
What if things change?
We do not see things changing in the future, but if we do wish to use your data for a new purpose that we have not used it before, not covered by this policy, then we will create a new Data Protection Policy, and then we will give you a copy of the new policy and explain why we are changing and what we are changing and the conditions of that. When necessary, we will seek your consent before changing the way we process your personal data.
So I want to Exercise my Rights?
To exercise your rights under this policy, or if you have a question or a complaint, you need to contact us by emailing [email protected].
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.