PRIVACY POLICY AND DATA PROTECTION STATEMENT

  1. GENERAL INFORMATION 

The Hightower Church is a Christ-centered church based in London.

We are a UK registered charity which exists for the advancement of the Christian faith in the United Kingdom and abroad, the worship of God, the preaching and proclamation of the Christian Gospel, the teaching of Christian doctrines and principles, the relief of persons who are in conditions of need, hardship, distress or who are aged, sick, disabled in the United Kingdom and abroad.

We handle all information we collect or which is given to us in line with the requirements of the EU Directive 2016/679 otherwise known as the EU General Data Protection Regulation (GDPR). All enquiries relating to Data Protection should be sent to gdpr@thehightower.org.

  1. DATA PROTECTION STATEMENT 

At The Hightower Church, we take very seriously our responsibilities regarding the management of personal data as required under the GDPR. This document therefore sets out our policy for achieving effective Data management and applies to all Data collected or given to The Hightower Church.

In keeping with The Data Protection principles as set under the GDPR, personal Data will be:

  1. a) lawfully processed, fairly and in a transparent manner in relation to individuals;
  2. b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  3. c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  4. d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, is erased or rectified without delay.

Data subjects will be informed of why data is being collected, what we believe they are consenting to in providing their data and how such data will be used.

All data collected will be handled as sensitive and therefore in confidence and will not be disclosed to third party organisations (including other Charities/not-for-profit organisations) for marketing or other purposes except in cases coming under section 6.

  1. WHAT, WHY AND WHERE INFORMATION IS COLLECTED 

3.1 What- As a church, we will collect data such as personal details (name, address and contact number) and financial details (debit card/payment card details).

3.2 Why – Such information will be used exclusively for outreach/advertising, ministry, and financial/help/donations/record purposes (processing donations, maintaining a database of members and friends of the ministry and to enable us customise information for our outreach audience and obtain feedback.

3.3 Where – Data may be obtained at church services, ministry events, community outreach events, website and through targeted email and telephone enquiries.

  1. DATA SHARE & EXCHANGE

Data will only be shared within the Church on a ‘need to know basis’ for the following purposes: providing pastoral care, providing information for church based activities or events, sharing information within the various departments.

  1. ACCOUNTABILITY: IN-HOUSE. 

Staff or persons acting as agents for the Church who process personal data about fellow staff, congregants, visitors or other third parties whose data is handled by the church must comply with the requirements of this policy in ensuring that all data is secure, kept confidential and not disclosed verbally or in writing, deliberately or negligently to unauthorised persons.

All enquiries regarding data protection including subject access requests, complaints or breaches should be directed to gdpr@thehightower.org.

Where members of staff are responsible for overseeing work undertaken on a voluntary basis by members of the congregation which involves the processing of personal data, the Data Officer must ensure that such congregants are fully aware of the Data Protection Principles, in particular, the requirement to obtain the data subject’s consent and to treat such information as sensitive.

  1. ACCOUNTABILITY: THIRD PARTIES 

Where we use organisations, companies or third parties who operate independent of The Hightower Church, in processing personal data on our behalf, responsibility in ensuring strict adherence to our data policy and all applicable legislation in the handling, use and security of such data remains with such third parties.

In keeping with this policy, we will only use third parties and organisations that have a data protection policy and can provide adequate security measures for the secure processing of personal data.

We will take reasonable steps to verify the existence of such security measures and how they will be applied to personal data supplied by us to such third parties.

We will have clearly defined agreements on what personal data will be processed, what purpose such data is to be used for and how long such data will remain accessible or controlled by the third party and when such data can be returned or destroyed.

  1. LENGTH OF DATA STORAGE 

Information about the retention period applicable to paper and electronic documentation and/or how they are destroyed or deleted, may be obtained from the Data Officer, please email gdpr@thehightower.org for such enquiries.

  1. SUBJECT ACCESS REQUESTS 

We will process any subject access requests falling within the parameters set out under the applicable legislation within 10 working days. Requests for any information that is exempt under the law will regrettably not be processed, or if processed, will be redacted as necessary.

Anyone wishing to access personal data held by us may do so by sending an email request to gdpr@thehightower.org.

  1. SECURITY CHECKS AND BREACHES 

A ‘security check clause’ applies to all data collected and held by us to the extent that some part of such data may be used to verify identities to minimise the risk of unauthorised disclosure of information and security breaches.

However, where a Data Protection breach occurs, or is suspected, it should be reported immediately to the Data Officer using the email gdpr@thehightower.org.

  1. COOKIES

Cookies are small text files that are placed on your computer by websites that you visit. These text files can be read by these websites and help to identify you when you return to a website. Cookies can be “persistent” or “session” cookies. Persistent cookies remain on your computer when you have gone offline, while session cookies are deleted as soon as you close your web browser.

To find out more about cookies, including how to see what cookies have been set and how to block and delete cookies, please visit http://www.aboutcookies.org/.

10.1 THE HIGHTOWER CHURCH COOKIES

We use our own cookies to recognise you when you visit our website. This means that we can track usage information across areas of this website.

10.2 THIRD PARTY COOKIES

In addition to our own cookies, we work with various reputable companies to help us analyse how our website is used, and to optimise our website to deliver the best possible experience.

  1. LINKS TO OTHER WEBSITES 

We will take precautions to ensure that users of our website are only directed to specially selected secure third-party websites. However, users are advised to also verify the privacy and/or data protection policies of such third parties for themselves.

The Hightower Church will not be responsible for any data breaches that may occur from information provided on such external websites.

  1. REVIEW 

This document will be reviewed from time to time and in accordance with any legislation changes.