PRIVACY POLICY

Protecting your data is something we take seriously. This policy outlines how we collect, store and process your personal information.

This policy applies to Lighthouse Christian Church Jersey Limited, its employees, volunteers, leaders and trustees – referred to throughout this document as simply ‘Lighthouse Church’.

Legal Bases

If you use our website and/or submit data to us, and you do not have regular contact with Lighthouse Church in connection with its purposes, then you give your consent that personal data may be processed by us in the manner described in this policy.

If you do have regular contact with Lighthouse Church in connection with its purposes, then by submitting data to us and/or using our website, we will process your personal data on the legal basis of legitimate interest, as permitted under the GDPR Article 9 Para 2(d):

Churches (not for profit bodies with a religious aim) are permitted to process sensitive data when it is carried out in the course of its legitimate interests with appropriate safeguards and on condition that the processing relates solely to…

the members or to former members of the church,
or to persons who have regular contact with it in connection with its purposes,
…and that the personal data is not disclosed outside that body without the consent of the data subjects.

Our use of Personal Data

Lighthouse Church uses personal data about living individuals for the purpose of general church administration and communication. We recognise the importance of the correct and lawful treatment of personal data. All personal data, whether it is held on paper, on computer or other media, will be subject to the appropriate legal safeguards as specified in the General Data Protection Regulation (GDPR) which is applicable to all European organisations as of 25th May 2018.

The Principles

We fully endorse and adhere to the seven key principles of GDPR, which specify the legal conditions that must be satisfied in relation to obtaining, handling, processing, transportation and storage of personal data. Employees and any others who obtain, handle, process, transport and store personal data for Lighthouse Church must adhere to these principles.

The principles are summarised as follows:

Data shall be processed lawfully, fairly and transparently
Data shall be collected for specified, explicit and legitimate purposes
Data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
Data shall be accurate and, where necessary, kept up to date
Data shall be kept for only as long as necessary
Data shall be processed and kept securely
Lighthouse Church should be accountable to demonstrate compliance with these criteria under scrutiny

Maintaining Confidentiality

We will treat all your personal information as private and confidential and not disclose any data outside of Lighthouse Church – internally it may be shared where necessary to facilitate the administration and day-to-day operations of Lighthouse Church.

All Lighthouse Church staff and volunteers who have access to Personal Data are required to comply with this Privacy Policy.

There are four exceptional circumstances to the above permitted by law:

Where we are legally compelled to do so.
Where there is a duty to the public to disclose.
Where disclosure is required to protect your interest.
Where disclosure is made at your request or with your consent.

Use of Personal Information

We will use your data for three main purposes:

The day-to-day administration of the church; e.g. pastoral care and oversight, preparation of ministry rotas, maintaining financial records of giving for audit and tax purposes.
Contacting you to keep you informed of church activities and events.
Statistical analysis; gaining a better understanding of church demographics.

Our Database of Personal Information

We maintain a database of personal information with the ChurchSuite software, by ChurchApp Ltd. ChurchSuite stores all data in the UK within data centres that meet strict industry security requirements. The ChurchSuite Privacy Policy can be read online.

Information contained in our database will not be used for any other purposes than set out in this policy. The database is accessed online and therefore available through any computer or smart device with internet access.

Access to the database is only available to a limited number of staff and volunteers within Lighthouse Church, who need it for church operations. Access is strictly controlled through individual usernames and complex passwords, which are selected by the individual. These credentials are not shared.

A subset of data is further available to team leaders and members for the purposes of small group and rota management. Each church member is able to control what personal information is visible to others with the use of the ‘My ChurchSuite’ tool online or via an app on a tablet or smartphone.

Those authorised to use the database only have access to their specific area of use within the database. This is controlled by the system administrators, who are the only people who can access and set these security parameters.

The database will not be accessed by any authorised users outside of the EU, in accordance with GDPR, unless prior consent has been obtained from the individual whose data is to be viewed.

All access and activity on the database is logged and can be viewed by the system administrators.

Personal information will not be passed onto any third parties outside of Lighthouse Church.

Rights to Access Information

All individuals who are the subject of personal data held by Lighthouse Church are entitled to:

Ask what information the church holds about them and why.
Ask how to gain access to it.
Be informed how to keep it up to date.
Be informed what Lighthouse Church is doing to comply with its obligations under the GDPR.

Personal data subjects for data held by Lighthouse Church have the right to access any personal data that is being held in manual filing systems. This right is subject to certain exemptions: Personal Information may be withheld if the information relates to another individual.

Any person who wishes to exercise this right should make the request in writing to the Data Protection Officer of Lighthouse Church. A sample ‘Subject Access Request Letter’ is available on the Office of the Information Commissioner website.

If personal details are inaccurate, they can be amended upon request.

The Data Protection Officer is:

Gregg Donaldson
Lighthouse Church Jersey
Elmwood
La Grande Route de St Jean, St John,Jersey, JE3 4FL
Email [email protected]

Any data subject may, at any time, contact our Data Protection Officer directly with any questions concerning data protection.

Right to erasure (Right to be forgotten)

Any data subject may invoke the ‘right to be forgotten’ by Lighthouse Church by contacting any employee of the controller. An employee of Lighthouse Church will promptly ensure that the erasure request is complied with.

There may be a legal basis that prohibits Lighthouse Church from actioning a data subject’s ‘right to be forgotten’ – e.g. if records must be maintained for financial auditing or child safeguarding purposes. In this instance, the request will be acknowledged but declined, and our actions and timescales will be clearly explained.

Embedded Third-Party Content

Some content on this website is drawn from third parties.

Video content embedded on this website is hosted on YouTube. YouTube Terms of Service.

Calendar events are drawn from data we host at ChurchSuite, in line with the ChurchSuite Terms of Service.

Embedded maps are provided by the Google Maps Platform via their API, in line with the Google Maps Platform Acceptable Use Policy.