Data Protection Policy

Centrepoint Church
Data Protection Policy
2020.04.21

  1.     SCOPE
Centrepoint Church is a Scottish Charity SC037055. Every Nation School of Ministry (ENSM) is a department of Centrepoint Church. This policy applies to all staff employed by Centrepoint Church, those subcontracted by Centrepoint Church and to all volunteers, interns and casual workers and associated companies.
 
  1.     CONTEXT
General Data Protection Regulations (GDPR) requires the protection of personal data and all organisations which process personal data must be registered to do so. Centrepoint Church is registered with the Data Protection Commissioner.
 
  1.     PURPOSE
This policy sets out an understanding of data protection and the requirements of every member of staff, subcontractor, volunteer, intern or casual worker in order that there may be full compliance with the General Data Protection Regulations (GDPR).
 
  1.     DEFINITIONS
4.1 Centrepoint Church is currently engaged in data collection and processing for seven purposes:
  • Accounts and Records
  • Advertising, Marketing and Public Relations
  • Staff, Contractor, and Vendor Administration
  • Administration of Student Records
  • Fundraising
  • Realising the Objectives of a Charitable Organisation or Voluntary Body
  • Local Church Ministry
4.2 Data is information which is recorded with the intention that it should be processed on computer or is recorded as part of a relevant filing system (i.e. manual system). There are two categories of data:
4.2.1 Personal data is information relating to a living individual who can be identified:
  • from the data
  • from the data which includes an expression of opinion about the individual
4.2.2 Sensitive personal data is information relating to:
  • racial or ethnic origins of the data subject
  • political opinions
  • religious beliefs or other beliefs of a similar nature
  • trade union membership
  • physical or mental health
  • sexual life
  • the commission or alleged commission of any offence
  • any proceedings for any offence committed or alleged to have been committed by the data subject.
In order to process these types of data consent from the data subject must be obtained by Centrepoint Church handling the data. Explicit consent must be given when it is sensitive personal data. Record of consent received will be retained where possible, and updated if consent is subsequently withdrawn by the data subject. 
  1.     POLICY
This Centrepoint Church Data Protection Policy exists to ensure compliance with all aspects of data protection legislation by setting out clear policies, responsibilities and codes of practice:
5.1 Centrepoint Church intends to comply fully with all aspects of data protection legislation.
5.2 Centrepoint Church will make all reasonable efforts to maintain a comprehensive written notification with the Data Protection Commissioner.
5.3 Centrepoint Church will do its utmost to ensure that all its staff, consultants and trustees are conversant with data protection legislation and practice.
5.4 Centrepoint Church will only hold data for prescribed charitable purposes. These include student administration, personnel administration, membership administration, accounts and records, advertising marketing and public relations, fundraising, charity objectives and local church ministry.
5.5 Centrepoint Church will not pass personal data to third parties. 
5.6 Centrepoint Church will use standard, approved statements about data protection in all Centrepoint Church’s literature in which personal data is collected. The statements for use are:
“Centrepoint Church will only use personal data in connection with its charitable purposes. It does not make personal data available to any other organisation or individual”.
“ENSM will only use personal data in connection with its educational purposes. It does not make personal data available to any other organisation or individual”.
5.7 Centrepoint Church will provide procedures for access to personal data for all those for whom personal data is held. No charge will be levied on anyone (staff, personal members or other contacts) requesting access to their personal data. 
5.8 Data will not be held longer than is necessary.
5.9. Access to data by staff and volunteers will be allocated on a domain-relevant basis.
 
  1.     SCOPE
This policy pertains to all persons associated with Centrepoint church and its charitable purposes including but not limited to personnel, employee, interns, students and congregants.
6.1 Personal and sensitive personal data are held securely in online clouds, on computers and in manual files. This data may include the following:
  • Name, address and telephone
  • National Insurance number and date of birth
  • Nationality
  • Passport information
  • Health and health insurance information
  • Bank details and details of any previous pension scheme
  • Start date/salary at start date
  • Job title
  • Next of kin and contact details
  • Details of any regular medication
  • Church affiliation and Christian experience
  • Career history/previous employment
  • Qualifications obtained/membership of professional bodies
  • References
  • Appraisals
  • Student records
  • Attendance
  • Discipleship benchmarks
  • Giving records
  • Children’s details
  • PVG status
Privacy statements for databases we use can be found online:
  •       ChurchSuite: https://churchsuite.com/terms-of-service
  •       MailChimp: https://mailchimp.com/legal/privacy/?_ga=2.100453789.224609872.1526389084-1911980369.1516012689
  •       Moodle: https://moodle.org/mod/page/view.php?id=8148
 
6.2 Staff will be asked to sign a form consenting to data being held and processed for the following purposes:
  • Recruitment and selection
  • Performance management and training
  • Absence recording
  • Monitoring
  • Statistical analysis
6.3 All staff may request sight of their personal details on computer provided reasonable notice (at least 14 days in writing) is given. NB: references are exempt from all Data Protection legislation.
6.4 Centrepoint Church’s employment application form has been amended to include the individual’s consent to sensitive personal data being used by Centrepoint Church for recruitment, selection and statistical purposes. Likewise when CV’s are received, the letter in acknowledgement will contain a clause: “The information contained in your letter and CV will only be used by Centrepoint Church for recruitment, selection and statistical purposes.”
6.5 Centrepoint Church’s student application form has been amended to include the individual’s consent to sensitive personal data being used for school-related purposes.
 
  1.  SECURITY
7.1 All personal and sensitive personal data held must be secure against unauthorised access and theft. Password protection is the most obvious means, but the server, filing cabinets and building in which the data is held must also be secure.
7.2 Centrepoint Church needs to ensure that:
  • Our IT network is as secure as possible from unauthorised access including access through the website.
  • Individual PC’s are password protected.
  • Individual PC’s are logged off when individuals are away from their desk for more than a few minutes at a time.
  • Personnel and other files holding sensitive or confidential personal data are secured and only made available to staff with authorised access.
7.3 Security on the Database.
The Database provides for different levels of security giving us the ability to ensure confidentiality of data by restricting access to different records and functions to only those users that need to use them. Persons should not disclose their password to other individuals. Passwords are required to have a minimum password strength and to be changed every 6 months.
 
CONTACTS: COLLECTION OF DATA
8.1 Centrepoint Church will make sure the Data Subject knows our identity and why and how data will be used and that the data is relevant to our charitable work.
8.2 If individuals are being added to Centrepoint Church’s database or Manual filing system they need to be informed how Centrepoint Church will store and use their data at the time the data is collected.
 
  1.  QUERIES
  • Data protection policy and practice is monitored, updated and continuously developed further by Centrepoint Church’s appointed Data Protection Person.