Your security is important to us. As part of our due care and diligence as a church, Abundant Life has an obligation to comply with our responsibilities under the new General Data Protection Regulation in respect of the data we hold and how same is handled.
What is “GDPR”
The new General Data Protection Regulations (hereafter referred to as “GDPR”) came into force on 25 May 2018, and is immediately applicable in Ireland and the UK. It marks a significant change in the European Union’s Data Protection regime, with an increased emphasis on transparency and accountability in the way in which organisations (including charities) gather, store and use people’s personal information.
Abundant Life Christian Church (CHY number 19986) is a Company Limited by Guarantee, without a share capital, having is registered office at HDS Partnership, 2nd Floor, RiverPoint, Lower Mallow Street, Limerick. Abundant Life is the Data Controller, and as such holds information on its partners and congregants for the purposes of pastoral care, partnership status, any relevant information pertaining to events, courses and data pertaining to monetary gifts/donations. We also hold what is known as “sensitive data” pertaining to personal religious beliefs and affiliations. As Data Controller, we decide how your Personal Data is processed and for what purposes.
This policy provides details on the information and data we collect from our partners, volunteers and congregants in relation to our core activities: namely helping you and others to CONNECT – GROW – SERVE.
Why does GDPR Matter
GDPR is not only about safeguarding rights and compliance. it is also about meeting individual’s expectations in our increasingly digital age. GDPR brings:
• Additional rights for individuals on how their personal data is being used
• Additional rights on erasure and portability of data
• Tighter rules on transferring data on EU citizens outside the EU
• Ability for individuals to make compensation claims
• Data processors can now be directly held accountable and responsible for data protection
Your Personal Data
“Personal Data” relates to a living individual who can be identified from that data. A living individual can also be referred to as a “Data Subject”. Identification of the Data Subject can be by the information alone or in conjunction with any other information in the Data Controller’s possession or likely to come into such possession. The processing of Personal Data is governed by General Data Protection Regulations (“GDPR”). Personal data can include names, addresses, date of birth, PPS numbers, email addresses, income/financial data and other factors specific to the identity of a person (“Data Subject”) and online identifiers such as an IP address and location data.
Churches can often hold what is classified as “Sensitive Data” – specific categories of personal data related to a person’s profile, to include race or ethnicity, political, religious or philosophical beliefs, sexual orientation, health, genetic or biometric data, criminal record or trade union membership.
What is the legal basis for Processing your Personal Data
This is dependent upon the “Data Subject” (the individual) and the purpose of the data processing. For example, the data processing for an employee in terms of what Personal Data is collected and how it is further processed is different from that of a partner or attendee of our Church. The legal basis we rely on will primarily consist of one or more of the following:
Processing is necessary for the purposes of legitimate interests pursued by us except where such interests are overridden by the interests, rights or freedoms of the Data Subject. This is where we need to use your data to engage in our normal day to day activities e.g. keeping a record of your name and address on our database of Church congregation members, etc;
Processing is carried out by us in our capacity as a not-for-profit body with a religious aim subject to the following provisions:
o This Processing of Personal Data relates only to attendees or former attendees (or those who have regular contact with it in connection with those purposes); and
o There is no disclosure to a third party without explicit consent. An example of this may be where a record of sensitive data may need to be kept by us so that effective pastoral care may be provided to members; and
o Explicit consent of the Data Subject. An example of this would be your consent to joining a mailing list so that we can keep you informed about news, events, activities and services.
o Processing is necessary for us to comply with the law. Examples of this could be our legal obligations to maintain certain records so that we may carry out our legal obligations under employment law, social security law or social protection law; and
o Processing is necessary for us to protect the vital interests of a Data Subject that cannot physically or legally give consent. An example of this may be for us to run special needs activities or providing pastoral care to a vulnerable or incapacitated person.
How we Process Your Data
The “processing” of your Personal Data means any usage, distribution or storage of any data we hold. This includes collecting, recording, storing, adapting, using, disclosing and deleting data. Therefore, we are “processing” personal data, if we store, or use personal data in any way, whether electronically or in hardcopy. We commit to comply with our obligations under “GDPR” by:
keeping Personal Data up to date;
storing and destroying it securely;
not collecting or retaining excessive amounts of data;
protecting Personal Data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect Personal Data.
We use your Personal Data for the following purposes:
Day to day administration of the Church and its ministries including all aspects of pastoral care, preparation of ministry rotas, maintaining financial records of giving for audit and tax purposes to our accountants and auditors
To manage our employees and volunteers;
To maintain our own accounts and financial records, including all financial giving, tithes, offerings, building funds and general fundraising;
To gather vital information to gain a better understanding of church demographics, community needs and help shape policy, development and growth;
To inform you of Church news, events, activities and services.
Sharing your Personal Data
Your Personal Data will be treated as strictly confidential and will only be shared with relevant staff and/or leaders of Abundant Life in order to carry out effective pastoral care or for purposes connected with our core activities. This may include sharing your data with our partner charities/ministries where relevant. We will not share your Personal Data with any third party apart from appropriate external regulators and authorities (such as Revenue Commissioners) and will only share your data with other third parties with your informed consent, unless where legally required.
Abundant Life aims to help you and others to, and to help you along the journey towards all that God has planned for your life. We are grateful to be on this journey with you, and value opportunities to keep you updated by email in relation to our activities, events, Life Groups, etc. If you would prefer not to stay in touch with us by email, please advise us by return, and we will remove you from our mailing list.
How long do we keep your Personal Data?
GDPR states that Personal Data “should be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the Personal Data are processed’. This can vary, but as a general rule, we retain attendees’ and partners’ Personal Data while it is still current.
As a church, we have statutory and legal obligations to keep certain information for up to six years after the calendar year to which they relate. We will not keep any relevant information after it has been used that we are not required to keep under these obligations.
Once information is no longer required for legal reasons or for the provision of our services to you, it will be erased from our systems in a controlled and secure manner.
If the Data Subject has withdrawn consent, if a contract has been entirely completed or if the data is no longer up to date, the relevant Personal Data will be deleted and destroyed securely. Certain elements of data can be held indefinitely if these are anonymised (removing personally identifiable data).
Your Rights and your Personal Data
Unless subject to an exemption under GDPR, you have the following rights with respect to your Personal Data:
The right to request a copy of your Personal Data which we hold about you, which is known as a “Data Access Request”;
The right to request that we correct any Personal Data if it is found to be inaccurate or out of date;
The right to request your Personal Data is erased where it is no longer necessary for us to retain such data;
The right to withdraw your consent to the processing at any time
The right to request that the Data Controller (Abundant Life) provide the Data Subject with his/her Personal Data and where possible, to transmit that data directly to another Data Controller
The right, where there is a dispute in relation to the accuracy or processing of your Personal Data, to request a restriction is placed on further processing;
The right to object to the processing of Personal Data.
The right to lodge a complaint with the Information Commissioner’s Office.
If we wish to use your Personal Data for a new purpose that is not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the Processing and setting out the relevant purposes and processing conditions. Wherever and whenever necessary, we will seek your prior consent to the new processing.
To exercise all relevant rights, queries or complaints please in the first instance contact our office by telephone: 061 405023 or by email:
You can contact the Office of the Data Protection Commissioner
Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland
Phone +353 (0761) 104 800 | LoCall 1890 25 22 31 | email email@example.com