Cherry Hinton Baptist Church Website Privacy Policy

Members

Members are those who receive ex-officio emails.

Administrator

Ruth Ivimey-Cook is the data processor who processes the personal data.

How, why and what information is processed

Email redirection: sends generic church emails to particular people (name, position, password, email).

How is it obtained?

As part of the appointment process.

How is it kept accurate?

Members are asked at the start of each calendar year to check the information we have for them.

Members can view, amend or remove their data at any time by request to the Administrator.

Where is it stored?

Soft copy: The Administrator’s Laptop, the Church Secretary’s laptop, and on their backup hard drives. No further soft copies of the data is made.

Hard copies are stored in the Church office Legal Basis for processing. The processing is necessary for a specific legitimate interest, in a way that the church uses people’s data in ways they would reasonably expect, and in a way that does not cause unjustified harm to the individual’s interests, rights and freedoms.

How is protected?

Hard and soft copies are not left unattended unless inside a locked building. Soft copies are in devices which are password protected. In the event of a data breach all members would be alerted by email.

Who processes it?

The Group Administrator or, less frequently, the Church Administrator.

Length of time

Group members’ data is removed immediately after people no longer receive ex-officio emails.

Passing on to Third parties

No Personal Information held by/for Cherry Hinton Baptist Church is accessed by any other organisation or shared with another organisation.

Notes

The above ensures that our use of data is transparent, fair and lawful; That personal data is only obtained for “specified, explicit and legitimate purposes”; that data is “adequate, relevant, necessary, accurate and kept no longer than necessary, with appropriate security, giving the data subjects right of access, rectification, erasure, being informed.

As an organisation with a religious aim we could store information about religious beliefs, but currently do not.

We recognize the special status of ethnic, political, trade union membership, physical and medical health, sexual, and offence related personal data.

Data Controller

The Church Trustees collectively determine the purposes and means of processing personal data.