Privacy & Data Protection
We take the privacy of your personnal information seriously.
We will ensure your personnal data is stored securely and will not sell or give it to third parties or permit unauthorised access.
How your information is used.
The information you provide here will be used in connection with the specified activities, including keeping you informed of events, and for internal record keeping purposes.
Data Protection Policy
This interim policy has been posted on 30th June 2017 and will be reviewed and adopted shortly.
Farnham Christian Community Trust (FCCT) uses personal data about living individuals solely to facilitate:
Normal charitable administration – including employee data, volunteer and donor records, rotas, lettings and financial records of giving for tax purposes
Charity groups, projects and other activities
Communication regarding charitable activities
FCCT is committed to the proper and lawful treatment of personal data. All personal data - which may be held by FCCT on paper, on computer or in other media - will adhere to the appropriate legal safeguards as laid down in the Data Protection Act 1998.
This policy applies to all trustees, staff employed by FCCT, those subcontracted by FCCT and to all volunteers and project leaders – and must be adhered to by them, together with any detailed guidelines published separately for this purpose. We will do our utmost to ensure that all its staff, volunteers and trustees are conversant with data protection legislation and practice.
Categories of Data
Data is information which is recorded with the intention that it should be processed on computer or is recorded as part of a relevant filing system (i.e. manual system).
There are two categories of data:
Personal Data is information relating to a living individual who can be identified:
from the data
from the data which includes an expression of opinion about the individual For Example: membership name and address details
Sensitive Personal Data is information relating to:
racial or ethnic origins of the person
religious beliefs or other beliefs of a similar nature
trade union membership
physical or mental health
the commission or alleged commission of any offence
any proceedings for any offence committed or alleged to have been committed by the data subject (e.g. information held for the purpose of child protection)
In order to process these two types of data, consent from the individual must be obtained by the organisation handling the data. Explicit consent must be given when it is sensitive personal data.
Additional safeguards are therefore in place where sensitive personal data is concerned.
Processing of Data
FCCT will only process data if at least one of the following conditions is satisfied:
The processing is necessary to further the “legitimate interests” of FCCT, provided that such processing does not prejudice the “right and freedoms or legitimate interests” of the person concerned. If FCCT processes data under this condition, there is no requirement to obtain consent from the person concerned, but we will always ensure that FCCT respects that person’s rights. This includes the rights of those who provide services to FCCT – for example tradespeople.
The person concerned has given consent. The consent may be explicit or implicit. By way of an example, a person who emails the charity is deemed to gives implicit consent for his or her contact details to be stored in such a way that enables the charity to respond to the email.
In compliance with a legal obligation – for example a court order requiring disclosure of information.
The Eight Principles of Data Handling
FCCT upholds the eight principles of data handling required by the Data Protection Act. The purpose of these principles is to specify the mandatory conditions that must be satisfied in relation to obtaining, handling, processing, transportation and storage of personal data. Trustees, employees and any others who obtain, handle, process, transport and store personal data for or on behalf of FCCT must always adhere to these principles.
In summary, these principles require that personal data:
Shall always be processed fairly and lawfully and shall not be processed at all unless certain conditions are met.
May only be gathered for a specified and lawful purpose and shall not be processed in any manner incompatible with that purpose.
Shall be adequate, relevant and not excessive for those purposes.
Be accurate and where necessary, kept up to date.
Shall not be kept for longer than is necessary for that purpose.
Shall be processed in accordance with the data subject’s rights.
Must be kept secure from unauthorised or unlawful processing and protected against accidental loss, destruction or damage by using the appropriate technical and organisational measures.
Not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data (FCCT does not envisage any circumstances in which a transfer of data outside the UK would occur)
Therefore, you can be assured that FCCT will treat all the personal information that you provide as private and confidential and not disclose any data about you to anyone other than the FCCT leadership team, employees and project leaders and solely in order to facilitate the administration and ministry of the charity. You should note however that there are four exceptional circumstances to the above permitted by and anticipated in the legislation:
Where we are legally compelled to do so.
Where there is a duty to the public to disclose.
Where disclosure is required to protect your interest.
Where disclosure is made at your request or with your consent.
Applying these Principles
1. All FCCT trustees and staff who process Personal Data on behalf of the charity will be required to agree to sign our Data Processor agreement.
2. The Trustees will appoint one of their number to act as the Charity’s Data Protection Officer. All questions and concerns in relation to this policy should be addressed to them. As at XXXXXXXX this person is XXXXXXXX and can be contacted via the FCCT office.
3. When personal information is collected for use by FCCT we will ensure that:
- This information is necessary for charitable purposes.
- The information is not kept for longer than it is needed.
- Those people supplying the information are aware of this policy and how they can obtain a copy.
- Personal information (including photographs) of individuals will not be published on our website without obtaining explicit and informed consent from the individuals concerned or their parents. We will never publish the names of children and young people alongside their photographs.
- We will ensure that all church members and attendees are aware of who to contact to update the information held about them by FCCT.
- A copy of this policy will be on our charity website and also available from the charity Administrator.
- All personal information held by trustees, staff and volunteers on behalf of FCCT will be held and processed in a sufficiently secure manner (whether in paper or electronic form) to prevent unauthorised access (whether by unauthorised church staff or third parties). This means we will:
- Store paper based information in secure, lockable cupboards.
- Use password protections and, if appropriate, encryption of particularly sensitive electronic documents.
- Restrict access to both paper and electronic personal data to those who need to process it for one of the above uses.
- Ensure that personal information is transmitted securely in a way that cannot be intercepted by unintended recipients.
If you have questions about data protection, please contact XXXXXXX (the FCCT Data Protection Officer) or the Trustees, via the FCCT Office.
FCCT will provide procedures for access to personal data for all those for whom personal data is held. No charge will normally be levied on anyone (staff, personal members or other contacts) requesting access to their personal data. Any such request should be made in writing and a response shall be provided within one calendar month.
This Policy was formally adopted by the Charity Trustees at their meeting on XXXXXX.