Mount Pleasant Baptist Church Data Protection Policy

Policy Statement

The Trustees/Deacons of Mount Pleasant Baptist Church are committed to ensuring that it complies with the legal requirements of the Data Protection Act 1998 and General Data Protection Regulations 2018.

We have appointed Peter Welsh to oversee Data Protection for Mount Pleasant Baptist Church. Any questions that arise in relation to Data Protection issues should in the first instance be referred to Peter Welsh (Mount Pleasant Baptist Church Data Protection Officer).

This policy sets out the measures that we are committed to taking as a church and how we comply with the relevant legislation.

The Data Protection Act is underpinned by eight principles which state that personal data:

  • must be processed fairly and lawfully
  • must be obtained only for specified and lawful purposes
  • must be adequate, relevant and not excessive
  • must be accurate and kept up to date
  • must not be held for any longer than necessary
  • must be processed in accordance with the rights of the data subjects
  • must be held securely
  • must be properly protected when transferred overseas

Why is this important?

This policy is important as we are committed to protecting personal data getting into the wrong hands as a result of poor security or being shared carelessly or being inaccurate as we are aware that people can be upset or harmed if any of these things happen.

What is the legal basis for processing personal information?

We process personal information on behalf of the members, employees and friends of Mount Pleasant Baptist Church and others in connection with the activities of the church on the following bases:

  1. Legal Obligation (e.g. processing Gift Aid or Safeguarding.)
  2. Contract (e.g. letting out the church hall to individuals and groups.)
  3. Legitimate Interest (routine church administration, such as publishing membership rolls for internal use, rotas, pastoral notes etc.)
  4. Consent (If we do not have legal, contractual or legitimate reason for processing personal data then we will seek to obtain consent from the individual whose data we wish to process.)

Why do we process personal data?

We process personal data to help us:

  • Maintain our list of church members
  • Pay of stipends and salaries
  • Processing of Gift Aid
  • Provide pastoral support
  • Provide services to the community
  • Safeguard children, young people and vulnerable adults

How do the data protection principles guide us? 

Lawfulness, fairness and transparency Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject
Purpose limitation Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
Data minimisation Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
Accuracy Personal data shall be accurate and, where necessary, kept up to date
Storage limitation Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
Integrity and confidentiality Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures
Accountability The controller shall be responsible for, and be able to demonstrate compliance with the GDPR

 Privacy Notice: In accordance with this policy we have also adopted a Privacy Notice which sets out what information we hold, how we store that information and how that information is processed along with the legal basis for doing so.