Our Data Protection Policy

Hello and thanks for visiting our website. Hope Church and its affiliated companies takes the protection of any personal information shared with us seriously. Accordingly, we collect store and process all personal information in line with this policy.

This policy is applicable to the registered companies of Hope Church, Hope Café and Hope shops along with its employees, volunteers, Leaders and Trustees and any other associated personnel. For simplicity, we refer to the afforementioned as “Hope Church”, “we”, “us” or “our” within this document.

Please note that by submitting data to us and/or using our website you give your consent that personal data may be processed by us in the manner described in this policy.

Our use of Personal Data

Hope Church uses personal data about living individuals for the purpose of general church administration and communication. We recognise the importance of the correct and lawful treatment of personal data. All personal data, whether it is held on paper, on computer or other media, will be subject to the appropriate legal safeguards as specified in the Data Protection Act 1998.

We fully endorse and adhere to the eight Data Protection Act principles, which specify the legal conditions that must be satisfied in relation to obtaining, handling, processing, transportation and storage of personal data. Employees and any others who obtain, handle, process, transport and store personal data for Hope Church must adhere to these principles.

The Principles

The principles require that personal data shall:

1.Be processed fairly and lawfully and shall not be processed unless certain conditions are met.
2.Be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with that purpose.
3.Be adequate, relevant and not excessive for those purposes.
4.Be accurate and where necessary, kept up to date.
5.Not be kept for longer than is necessary for that purpose.
6.Be processed in accordance with the data subject’s rights.
7.Be kept secure from unauthorised or unlawful processing and protected against accidental loss, destruction or damage by using the appropriate technical and organisational measures.
8.Not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Maintaining Confidentiality

We will treat all your personal information as private and confidential and not disclose any data outside of Hope Church – internally it may be shared as where absolutely necessary to facilitate the administration and day-to-day operations of Hope Church

All Hope Church staff and volunteers who have access to Personal Data are required to comply with this Privacy Policy.

There are four exceptional circumstances to the above permitted by law:
1.Where we are legally compelled to do so.
2.Where there is a duty to the public to disclose.
3.Where disclosure is required to protect your interest.
4.Where disclosure is made at your request or with your consent.

Use of Personal Information

We will use your data for three main purposes:
1.The day-to-day administration of the church; e.g. pastoral care and oversight, preparation of ministry rotas, maintaining financial records of giving for audit and tax purposes.
2.Contacting you to keep you informed of church activities and events.
3.Statistical analysis; gaining a better understanding of church demographics.

Our Database of Personal Information

We use a Churchapp database to hold any personal information we collect from you. If you are interested, you can read Churchapps privacy policy here: https://churchapp.co.uk/privacy-policy. Churchapp stores all data in the UK within data centres that meet strict industry security requirements.

Information contained in our database will not be used for any other purposes than set out in this policy. The database is accessed online and therefore available through any computer or smart device with internet access.

Access to the database is only available to a limited number of people within Hope Church, who need it for church operations. Access is strictly controlled through individual usernames and complex passwords, which are selected by the individual. These credentials are not shared.

Those authorised to use the database only have access to their specific area of use within the database. This is controlled by the system administrators, who are the only people who can access and set these security parameters.

The database will not be accessed by any authorised users outside of the EU, in accordance with the Data Protection Act, unless prior consent has been obtained from the individual whose data is to be viewed.

All access and activity on the database is logged and can be viewed by the system administrations.

Personal information will not be passed onto any third parties outside of Hope Church.

Rights to Access Information

All individuals who are the subject of personal data held by Hope Church are entitled to:

Ask what information the church holds about them and why.
Ask how to gain access to it.
Be informed how to keep it up to date.
Be informed what Hope Church is doing to comply with its obligations under the 1988 Data Protection Act.

Personal data subjects for data held by Hope Church have the right to access any personal data that is being held in manual filing systems. This right is subject to certain exemptions: Personal Information may be withheld if the information relates to another individual.

Any person who wishes to exercise this right should make the request in writing to the Hope Church Trustees, using the standard letter which is available on line from www.ico.gov.uk. Hope Church reserves the right to charge the maximum fee payable for each subject request. If personal details are inaccurate, they can be amended upon request.

Hope Church aims to comply with requests for access to personal information as quickly as possible, but will ensure that it is provided within 40 days of receipt of a completed form unless there is good reason for delay. In such cases, the reason for delay will be explained in writing to the individual making the request.