This policy covers DM’s handling of personally identifiable information that you provide to us and that we hold. It sets out how we comply with the General Data Protection Regulation (GDPR) law which came into effect on 25 May 2018.
DM is a global organisation.
WHY DM COLLECTS PERSONAL DATA AND HOW WE USE YOUR DATA
We collect personal data from you in order that we can:
connect you with any of our local church groups or teams you may wish to join and, thereafter, to inform you of DM related updates, services, activities, conferences and resources;
partner with you on your spiritual journey.
We will not use your personal information for any other purpose.
HOW DM COLLECTS PERSONAL DATA
When you first connect with us, we collect your personal data as follows:
ask for consent;
if consent is granted, record your personal data which is then submitted to our Database. It is saved only in our Database.
Principles relating to the processing of personal data are as follows:
Data will be:
processed fairly, lawfully, and in a transparent manner;
collected only for legitimate purposes;
adequate, relevant and limited to meet the need;
accurate and where necessary – kept up to date;
held for only as long as is legitimately necessary;
processed in a manner that protects the data from breach or loss.
There are 4 reasons why we may collect personal data:
2. Legitimate Interest in data (involvement in ministry life as well as Pastoral care) – in order for DM to carry out its tasks – as long as it does not infringe on the person’s other rights.
3. Legal contracts – such as a lease agreement / workplace contracts.
4. Legal obligations to which the controller is subject – Gift Aid Declarations / PVGs.
When Collecting Data
We will ensure that you understand clearly when providing data:
why the data is being collected;
how the data will be used;
and by whom.
If any of the above were to change – you be notified in advance and given the option to then opt-out. The consequences of opting-out should be made clear at the time. If the data was ever to be passed onto another body (e.g. Destiny Church Trust) – you will be advised at the time you give consent.
Consent will be given by a clear, affirmative act establishing a freely given, specific, informed and unambiguous indication of your agreement to the processing of personal data relating to you, such as by a written statement, including by electronic means, or an oral statement.
This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject's acceptance of the proposed processing of their personal data.
Consent will cover all processing activities.
If consent relates to multiples uses – each use will have its own clear consent.
You can withdraw consent at any time – this does not impact on the data collected previously to this happening.
Parental consent is needed for children under 16
Children merit specific protection with regard to their personal data, as they may be less aware of the risks, consequences and safeguards concerned and their rights in relation to the processing of personal data.
Extra care and protection will apply to the use of personal data of children for the purposes of marketing or creating personality or user profiles and the collection of personal data with regard to children when using services offered directly to a child
The consent of the holder of parental responsibility should not be necessary in the context of preventive or counselling services offered directly to a child.
WHO SEES YOUR INFORMATION
Our Processers are competent and demonstrate the appropriate levels of knowledge in handling our information.
Confidentiality Agreements are in place for any volunteers who would regularly process data (e.g. Pastors, Growth Group / Small Group Leaders, Finance team etc).
Training has been given to each along with written instructions and a record that such has been given should be kept.
Processors will not sub-contract their responsibilities without prior consent of Destiny.
All data will be returned or deleted after the processor has finished with it.
Where the processor sub-contracts this responsibility – they too must show compliance of all of the above
REQUESTS AND RIGHTS
You have the right to request a number of things in relation to their data, which includes:
Access: the right to access the data held about you.
Rectification: the right to ensure data is accurate and up-to-date.
Erasure: request to be forgotten.
PHOTOGRAPHS AND FILMING
GDPR does not require us to stop taking photographs or filming within the church or at ministries events because these are considered public places. However, as an individual has the right to privacy as such we ensure that everyone is informed when photography and filming is taking place.
All personal data is held on our Database which is stored on a secure server. We take the necessary steps to keep secure all the personal data we hold.
THIRD PARTY SHARING
DM may share data with Destiny Church Trust
IF YOU NEED TO CONTACT US
Destiny Ministries (DM) (SC020228)
Principal Address: 70 Cathedral Street, Glasgow, G4 0RN, UK
Email: DataProtection@destiny-church.com Tel: 00 44 (0) 141 616 6777