Caversham Park Church (LEP)
General Data Protection Regulation Policy
The original Data Protection Act came into force in 1984. It was intended to protect members of the public from exploitation by companies and organisations which held information about them on computers. A new 1998 Act, which came into force in March 2000, extended the protection to information which is held on paper as well as on computer. From 25th May 2018 the Data Protection Act 1998 was replaced by the General Data Protection Regulation 2018. The principal requirement is all individuals who give Personal data have the right to determine how it should be used.
Organisations collecting personal Data, for whatever reason must state the reason why it is being collected, and seek the individual’s permission to use it in those ways. The principles are set out below, and for each principle we have explained how Caversham Park Church (LEP) complies with the requirement.
1 Processed for limited purposes
Data is processed only for the purpose of running Caversham Park Church (LEP) in order to provide support services, to allow us to send out subscription reminders, invoices for the occasional offices and to provide Trustee/Elders with the addresses and (when provided).telephone numbers and e-mails addresses of members and Gift Aid supporters in order to perform their duties. The Caversham Park Church (LEP) will not provide or sell address lists to any organisation or individual outside of the Caversham Park Church (LEP).
2 Adequate, relevant and not excessive
We ask only for your name and address; you can give your telephone number or e-mail address if you choose. This can be helpful in the event of contact problems.
3 Accurate information
You may at any time check that your address details are correct and let us know if not. We will use the annual renewal form as an opportunity to check that these details are correct. You have the right to ask for full details of the information which Caversham Park Church (LEP) holds on you. Caversham Park Church (LEP) will provide these electronically free of charge. Where electronic access is not possible, the Secretary will write to the person concerned.
4 Not kept longer than necessary
Once a member/supporter notifies Caversham Park Church (LEP) that they no longer wish Caversham Park Church to hold information it will be deleted, Caversham Park Church (LEP) would normally keep the records for five years. When we are notified of a member’s death, Caversham Park Church (LEP) will remove records after 2 years allowing time for any legal request for information regarding the deceased member. Caversham Park Church (LEP) needs this information to analyse statistics on membership and supporters. The data that Caversham Park Church (LEP) holds on members will be subject to annual review.
5 Processed in accordance with your rights
Your rights include the enjoyment of privacy and the knowledge that Caversham Park Church (LEP) will not use the information for any purpose which you have not authorised. Caversham Park Church (LEP) needs your address for the reasons set out in section 1.
The membership list is held on a cloud-based file store. This is accessed over the internet using password protection and suitable encryption to prevent data being stolen by a “hacker”. Back-up information is held by the Caversham Park Church (LEP) secretary. Membership details used will be retained for audit purposes for a period of up to and not exceeding 2 years (this also includes PayPal / stripe web-based transactions).
7 Not transferred outside the EU
As explained under “secure”, the data is held on a Cloud based system which is located in the UK under UK regulations. Caversham Park Church (LEP) must ask all members whether they object to their personal data being held.
Dr Alison Johnston
Data Protection Officer
Caversham Park Church (LEP)
Dated: 22nd May 2020