Bromley Baptist Church General Data Protection Policy and Privacy Notice 

Bromley Baptist Church is committed to protecting all information that we process about our members and other individuals we support and work with, and to respecting people’s rights around how their information is handled. This policy explains our responsibilities with regard to personal information and how we will meet them. It also serves as a general Privacy Notice that explains how we hold and process personal information. It will be complemented by a more detailed policy which will contain all the privacy notices and procedures appropriate to the church as a whole as well areas of work such as our children’s ministry and pastoral support. These are available on request. The protection of personal information needs to be set in the context of the fast-moving information revolution and therefore our policy, privacy notices and procedures will be reviewed at regular intervals to ensure all are kept up to date. This policy is also consistent with our other organisational policies and practice including those concerned with Confidentiality and Safeguarding. The procedures associated with this policy - and an associated more detailed policy document – will be implemented on a phased basis starting with the general use of personal information with regard to regular and ad hoc communication with members and friends (individuals who have close contact with the church) as well as the church address list. 

We hold and share information in accordance with legal rights. The Data Protection Act 1998 was brought into force to protect an individual’s privacy. From May 2018, this has been replaced by the General Data Protection Regulation (GDPR). This means each individual should know, or be able to find out, why we need to use personal information and with whom we share the information. Individuals are also entitled to know how long their personal information will be held for and that the information is accurate. Everyone has the right to ask us to remove information that is not covered by one or more of the other grounds listed in the Data Protection Regulation (e.g. we hold a record of donations via gift aid). Individuals can write, phone or email us to request this. Once this request is confirmed, the church will immediately stop processing and/or sharing that information and will remove the data as appropriate from the records as soon as reasonably possible. 

The reasons we process personal information are to:

a) maintain lists of members and other individuals who interact with the church. For example, individuals who make donations or request information and the provision of a contact list to members;

b) provide pastoral support to families and individuals;

c) safeguard children, young people and adults at risk;

d) recruit, support and manage staff and volunteers;

e) maintain our accounts and records, including those relating to gifts;

g) promote our activities;

h) maintain the security of property and premises;

i) respond effectively to enquirers and handle any complaints 

In particular, we will make sure that all personal information is:

a) processed lawfully, fairly and with due regard to the need for confidentiality;

b) processed for specified, explicit and legitimate purposes and not in a manner that is incompatible with those purposes;

c) adequate, relevant and limited to what is necessary for the purposes for which it is being processed;

d) accurate and, where necessary, up to date;

e) not kept longer than necessary for the purposes for which it is being processed;

f) processed in a secure manner, by using appropriate technical and organisational means;

g) processed in keeping with the rights of individuals regarding their personal data. 

Sometimes information needs to be shared with other organisations and this will be in accordance with good practice and the relevant data protection regulations. When appropriate, consent will be obtained from 2 individuals and they will be informed about how and when information is shared. We will only share information with organisations for which we have confidence in their data protection procedures.

We process personal information in both electronic and paper form. The personal data we process can include information such as names and contact details, education or employment details, and visual images of people. We hold types of information that are called ‘special categories’ of data. For example, religious faith is a special category as is other information that is processed as a result of pastoral support. This personal data can only be processed under strict conditions. 

‘Special categories’ of data (as referred to in the General Data Protection Regulation) includes information about a person’s: racial or ethnic origin; political opinions; religious or similar (e.g. philosophical) beliefs; trade union membership; health (including physical and mental health, and the provision of health care services); genetic data; biometric data; sexual life and sexual orientation. 

We will not hold information relating to criminal proceedings or offences or allegations of offences unless there is an overarching safeguarding requirement to process this data for the protection of children and adults who may be put at risk. Other data may also be considered ‘sensitive’ such as bank details but will not be subject to the same legal protection as the types of data listed above. 

The church maintains a contact list (names, addresses, email and telephone details) of members and friends. This is made available to those listed within it by request – in either printed or electronic format. Individuals aged 13 years and over will be required to give their consent to be included which will include their agreement and understanding that their information will be shared with others listed. The church will provide advice about the safekeeping of this list and individuals will need to agree to follow this as part of their agreement for inclusion. 

Should you have any questions about our policy and procedures please contact our church administrator, Dave Brown: office@bromleybaptist.com: 020 8460 3307..