Please make sure your have received emails or texts about GDPR and have responded, or collect a letter from a Sunday Service.
On 25th May 2018, the General Data protection Regulations come into force. This is important legislation that affects you and the Church.
Please read this post carefully.
Why do we hold and process data on those who are involved in Sutton Coldfield Baptist Church?
There are two ways in which we can lawfully hold and use your personal data.
- We can hold data because you have given us permission, knowing what data we hold and why we use it. We cannot assume you have given us permission but need your clear consent.
- Legitimate Interest. Without information about you there are many things we cannot do as a church or a charity. In these cases we have a ‘Legitimate Interest’ in holding and using your personal data, and do not need specific consent. For example:
- To hold a list of church members and their contact information, key dates such as weddings, baptism and membership etc.
- To have accurate information on children and their families and to keep attendance registers to help ensure safeguarding, to run our children’s activities, and to contact parents/carers in emergencies.
- To hold information of those helping in teams or serving on rotas to enable communication and contact with and between team members.
Our use of your data is covered by our privacy statement www.scbc.org.uk/privacy, which sets out a summary of the data we hold, how we use it, and how we keep it secure.
What does it mean for me?
If you have access to your own data you can see what is held and keep it up to date. This is why we are sending out fresh invitations to log into ‘My ChurchSuite,’ where you can edit the data held on yourself and your children and set up your communication preferences.
We will also be sending out a ‘My Consent’ form, which includes the personal information that we hold on you, partially obscured with ‘***’. This on-line form will not include ‘Legitimate Interest’ information such as pastoral notes and key dates. If you do not receive this by email, we will arrange for an alternative method of obtaining your consent.
If we do not receive consent we may need to remove you from our records, which may mean that we cannot contact you and you will not be able to receive newsletters etc.
You have a right to see the information held by making a subject a subject access request (SAR). This should be made in writing or email to the Admin Team Leader. The ‘My Consent’ form contains the same information, so a SAR would not normally be necessary if you complete the consent form and use My ChurchSuite.
You have a Right to be Forgotten. This can be made in writing to the Admin Team Leader, or by using the link in emails / My ChurchSuite. If we agree that we do not have a Legitimate Interest, we must completely delete all records we hold about you.
ChurchSuite and System Emails – Types of email (and the legal basis for processing)
General emails/SMS are considered any communication sent by a User of your admin-facing system from within ChurchSuite (consent). If “Receive general emails/SMS?” is opted out, general emails/SMS are not sent to that person. It is not possible to add custom communication options for different types of email communications – we would manage different audiences using Tags, but email communication to tags would always respect the “Receive general email?” communication preference.
System notification emails and confirmation emails are not considered general emails, and are therefore always sent and cannot be opted out of. These include:
- Event and small group sign-up notifications (legitimate interest)
- Flow overseer notifications (legitimate interest)
- Booking type/resource overseer notifications (legitimate interest)
- Address Book Embed and Connect “my details” notifications (legitimate interest)
- ‘Areas of interest’ notifications (legitimate interest)
- My ChurchSuite password reset emails (legitimate interest)
- My ChurchSuite invitation emails (to comply with a legal [data protection] obligation)
- Consent request emails (to comply with a legal [data protection] obligation)
- Success emails (to comply with a legal [data protection] obligation).