Brackenhurst Baptist Church (“the church”) uses personal data of individuals it collects for the purpose of general church communication and administration. The church recognises the importance of the correct and lawful handling of personal data. All personal data, whether maintained on paper, stored in a computer, or held on any other media, will be subject to the appropriate legal safeguards as specified in the POPI ACT 2020 (Protection of Personal Information Act).
The church endorses and adheres to the eight principles of the POPI Act. These principles specify the legal conditions that must be satisfied in relation to obtaining, handling, processing, transportation, and storage of personal data. Employees and any others who obtain, handle, process, transport, and store personal data for the church must adhere to these principles.
The principles require that personal data shall be managed in accordance with stipulations as listed:
Accountability: The church has designated a “Responsible Person” to give effect to the POPI principles below and to ensure that the principles set out and all the measures that give effect to the principles are complied with.
Process Limitations: Personal information must be processed lawfully and in a reasonable manner that does not infringe the privacy of any individual. Personal information may only be processed for the purpose it was intended for, provided that the information is relevant and not excessive. Personal information must be collected directly from the persons concerned when they come to church, any church event, or supply the information in a registration form for an event or service.
Purpose Specifications: Personal information must be collected for a specific, explicitly defined, and lawful purpose related to a function or activity of the church. It is imperative that records of personal information must not be retained any longer than is necessary for achieving the purpose for which the information was collected or subsequently used. In terms of membership or where minors need to be signed in for security reasons, people need to consent to the retention of the records.
Further Processing Limitations: The church’s “Responsible Person” will always consider the following:
- make sure that the person concerned has given consent to process their information;
- whether the member has not requested deletion prior to processing their information; and
- whether the information is compatible with the purpose of collection, available in a public record.
Quality of Information: The church’s “Responsible Person” will take reasonably practicable steps to ensure that the personal information is complete, accurate, not misleading and updated where necessary for the purpose it is intended.
Openness: Personal information collected as part of membership or any transaction will include (but will not necessarily be limited to) a name, address, or contact detail such as an email address or telephone number. This is collected in a fair and transparent manner. To ensure that the processing of information is fair, individuals will be aware of what specific personal information is being held by the church.
Security Safeguards: The church, through its “Responsible Person,” will secure the integrity and confidentiality of personal information in its possession or under its control by taking appropriate, reasonable technical and organisational measures. Appropriate internal control measures are in place and regularly evaluated (i.e. ensuring that security practices and procedures are effective and in place). All employees and volunteers processing personal information on behalf of the church will always process this information with the knowledge or authorisation of the church and treat personal information that comes to their knowledge as confidential and will not disclose it. Should there be a breach, the church will notify the Information Regulator and the data subject as soon as it practically possible. The church will consider the legitimate needs of law enforcement or any another reasonable measures to determine the scope of the breach to the data subject and to restore the integrity of the church. A notification providing sufficient information to allow the affected person(s) to take protective measures against the potential consequences of the compromise, including, if known to the church, the identity of the unauthorised person who may have accessed or acquired the personal information will be provided to the data subject concerned.
Personal Information on Record and Third-Party Disclosures: The church must make provision for its members, who have provided adequate proof of identity, to request what personal information the church holds about them, including third parties the church may have shared the member’s personal information with.
How We Collect Data and Information
We collect personal and contact information in at least the following manners.
Membership Application: The membership process includes a membership application form, whereby we request personal information such as full name, date of birth, wedding anniversary, physical address, contact numbers, and email addresses for each member applicant.
Booking for Services or Ministries: Where it is required for legislative or logistical purposes, you may be required to complete a registration form to book for an in-person service or ministry of the church. Information provided in the registration process will be maintained in a database.
Email: Personal and contact information is obtained when you email the church or any of its staff for any purpose.
Counselling: The church and its officers may require provision of certain personal and contact information from those who seek counsel from the church. This will be collected directly from the subject.
Website and Social Media: Information may be collected from individuals who visit the church’s website or social media channels (e.g. Facebook, Twitter, YouTube, WhatsApp, Instagram). The church may monitor activity on these channels and gather information about who is visiting and using these channels and how, in order to assess the church’s reach and improve its ministry offering.
Except in exceptional circumstances, the church will treat all your personal information as private and confidential and will not disclose any data about you to anyone other than the leadership and other members and member applicants to facilitate administration and day-to-day ministry of the church. Exceptional circumstances may include:
- where the church is legally compelled to do so;
- where there is a duty to the public to disclose information;
- where the disclosure is to protect the subject’s interests; and
- where the disclosure is made at the subject’s request and/or with the subject’s consent.
Use of Personal Information
The church will use provided personal and contact information for the day-to-day administration of the church. The church will further use the information provided to keep members and member applicants informed about church events, announcements, prayer requests, services, and activities.
The church will further provide its members with a church directory (physically or digitally) containing contact information of the entire membership. The church leadership will use provided information for shepherding purposes, including contacting and visiting church members.
The church may also utilise information for executive reports that require the collation of statistics (e.g. church attendance, small group attendance).
The church may store personal information electronically and/or physically.
The church will endeavour to take reasonable and appropriate measures to keep such information secure. For example, stored digital information is password protected, regularly updated, and maintained by anti-virus and anti-malware software. The church’s buildings are locked and alarm protected after-hours. However, it cannot guarantee the absolute security of personal information.
None of your information will be passed on to third parties outside the church environment without your consent, except in exceptional circumstances as detailed above under “Maintaining Confidentiality.” Sensitive, personal information is kept strictly confidential. It is never sold, given away or otherwise shared with anyone, unless required by law.
Rights to Access Information
Employees and other subjects of personal data held by the church have the right to access any personal data that is being held. If personal details are inaccurate, they can be amended upon request.
Type of Information We Collect
The maintains a database of personal contact information of all its members and member applicants, as well as information obtained by registration for any event where registration is a legislative requirement. This information includes (but is not necessarily limited to):
- full name;
- physical address;
- date of birth;
- wedding anniversary (where applicable);
- contact information (telephonic and email); and
- a family or individual photograph of each member and/or member family.
Your Rights and Choices
Everyone has the right to privacy. The right to privacy includes a right to protection against the unlawful collection, retention, dissemination and use of personal information. You have a right to privacy regarding the collection, use and storage of your personal information. This includes the right to de-consent to the collection of your personal information by the church and the right to decline the provision of your personal information.
By providing your personal and contact information in any form provided by the church, you consent to allow the church to use your information for the legislative and/or ministry purposes for which it has been collected.
You have the right to de-consent or to decline consent. The church maintains the right to refuse services where the required information cannot be collected due to a person’s de-consent or decline to consent. Collected information will be destroyed or deleted within 72 hours of a request for deletion or destruction.
Children Consent Forms from Guardians
Personal information may only be processed if the data subject (or a competent person where the data subject is a child) consents to the processing.
Retention of Data
The church will retain your personal information for only as long as is necessary for the purposes as set out in this policy.
The church respects the privacy of its members and will not distribute contact details to any third parties not related to the church. Email communication will contain a link to update your email address or unsubscribe from email lists. If at any time you need help on how to discontinue communication, send your request for assistance to firstname.lastname@example.org. At your request, we will delete your details from our storage database.
By subscribing to any of our communication channels, you have provided us with consent to send you messages regarding church events and updates. Message frequency varies by event.
In general, the messages we send provide you with information about our church events. Some of the messages we send may include links to websites. To access these websites, you will need a web browser and Internet access.
Should you have any queries or concerns regarding the above, please contact the church office at email@example.com.