Privacy Statement – Thornhill Baptist Church

Introduction
Under Data Protection legislation the Trustees of Thornhill Baptist Church are the Data Controller for all data processed by TBC. Our Data Protection Lead is Gareth Jenkins, who can be contacted by ringing 02380 464121 or
emailing dataprotection@thornhillbc.org.uk

Data protection legislation allows us to process this information as it is in the legitimate interest of the church. The church database is accessible to church staff and selected admin volunteers only and is stored on an encrypted disk partition on a church computer. Any external data processors that we use are required to have data protection policies in line with our own.

Your rights
You have the right to ask to see any information we hold about you by submitting a ‘Subject Access Request’ to the Data Protection Lead. You also have the right to ask for information which you believe to be incorrect to be rectified – this would normally be done through the church office.
If you are concerned about the way your information is being handled please speak to our Data Protection Lead. If you are still unhappy you have the right to complain to the Information Commissioners Office.

Data categories
We process a number of categories of data, which are described individually below.

Church family database
Church members and others who are regularly involved with TBC activities are considered to be part of our church family. Your name and contact details that you have given us will be entered into our church database along with information about which groups and activities you take part in, any leadership responsibilities you have taken on, basic demographic information (gender, age, marital status etc.) and the dates of pastoral visits.

We process this data in order to stay in touch with you, to publish a church directory, to provide pastoral care and to understand the demographic make up of our church family and other general admin.

If you leave the church this data will be deleted at your request or after a period of two years.

Youth and Children’s Work
We record information relating to children and young people who attend any of our groups or activities and the adults responsible for them. Your name and contact details and those of your children will be entered into our church database along with information about which groups and activities the children take part in, any medical information, basic demographic information (gender, age, marital status etc.) and any special permissions you have given us (e.g. permission to take photographs for use in church publications). Information about group membership and attendance will be made available to the group leaders.

We process this data in order to stay in touch with you, to look after your child safely when they are in our care and to understand the demographic make-up of our youth and children’s activities.

If your child stops attending our groups and activities this information will be deleted at your request or after a period of two years.

One-off Contact and Event forms
We collect information through a number of sign-up forms, booking forms, event permission slips, contact cards and so on. The information on these will be used for the purpose given on the form and then destroyed, unless you have specifically requested to be added to the church database or mailing lists.

Financial information
We store information relating to regular donors and Gift Aid donors including your Gift Aid declarations, bank account details and any financial gifts that you have given to the church. This information is stored in locked filing cabinets, filed electronically or entered into accounting software on an encrypted drive on a PC located on a PC at the home of a member of the finance team and can be accessed by the TBC finance team only. Financial legislation requires us to retain donation information for six years after the end of the financial year in which the gift was given, after which it will be destroyed.

Expense and Disbursement forms
If you provide us with your bank account details to enable us to pay your expenses or fees these will be entered into the church’s online banking system protected by the bank’s standard security procedures. Only the Treasurer and Treasurer’s assistant have access to the bank account. Once the claim or disbursement has been processed the bank account details will be redacted and the form will be stored in a locked cabinet at church as an audit of valid expenditure of the church.

The information will be retained for a period of six years from the date of the claim as proof of expenditure made by the church. As a charity we have a legal obligation to keep financial records for this period.

Safeguarding Information
Certain categories of information which relate to safeguarding must be retained for a period of seventy five years and are exempt from requests for deletion. This includes information about people who have worked in positions of trust with children or adults at risk, DBS checks, safeguarding training and similar data. You may ask to view this data.

Mailing Lists
We maintain a number of mailing lists through the online service MailChimp. These are used to send targeted emails relating to church groups and activities. Your name and email address is stored in their system. Links on each email allow you to change which mailing lists you belong to, or to unsubscribe altogether. If you unsubscribe, your email address is retained on their “unsubscribed” list to prevent us from inadvertently re-subscribing you, although you can request to be removed from this list too.

Job and Volunteer Application forms
Unsuccessful applications are archived securely in a locked filing cabinet or electronically on an encrypted hard drive in the church building for a period of six months after they are received or after the closing date, if applicable.

Successful job applications, references and associated paperwork are retained for the duration of the employment or voluntary role. In cases where the role includes working with children or adults at risk these records come under the category of “Safeguarding information” above.

Contracts of employment and personnel files
Personnel files are stored in a locked filing cabinet to which only the Treasurer and Secretary have access. These are retained securely for a period of six years after the end of a period of employment, other than where the role includes working with children or adults at risk, in which case some elements of these records come under the category of “Safeguarding information” above.

Hall Hire agreements
These are financial contracts and so will be retained as part of our financial audit trail for a period of six years after the end of the financial year in which the hire took place. They will be stored in a locked filing cabinet and destroyed at the end of that period