INFORMATION
Privacy Policy
Introduction
Bourne Baptist Church is committed to protecting and respecting the privacy of all individuals with whom it engages. We recognise the importance of safeguarding personal information and are dedicated to ensuring that all personal data is collected, processed, stored, and disposed of in accordance with applicable data protection legislation, including the United Kingdom General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and any other relevant privacy laws.
As part of its ministry, charitable activities, and operational functions, Bourne Baptist Church collects and processes personal data relating to a wide range of individuals, including church members, attendees, volunteers, employees, contractors, visitors, service users, and members of the wider community. Personal data means any information relating to an identified or identifiable living individual.
Personal information may be obtained directly from the individual concerned, for example through membership applications, event registrations, volunteer recruitment processes, correspondence, donations, website forms, or other interactions with the church. In certain circumstances, personal data may also be received from third parties, including referees, previous employers, professional organisations, safeguarding agencies, denominational bodies, or other lawful sources.
Data Controller
Bourne Baptist Church is the Data Controller for the personal data it processes.
As Data Controller, the church determines the purposes for which personal data is collected and processed and the means by which such processing takes place. The church is responsible for ensuring that all processing activities are lawful, fair, transparent, and compliant with applicable legislation.
Purposes for Processing Personal Data
Bourne Baptist Church processes personal data for a variety of legitimate purposes connected with its charitable, pastoral, administrative, and operational activities. These purposes include, but are not limited to:
Maintaining accurate records of church members, regular attendees, volunteers, employees, and supporters.
Facilitating pastoral care and spiritual support for church members and others connected with the church.
Organising and delivering worship services, church activities, ministries, events, and community programmes.
Providing community services, including but not limited to toddler groups, youth work, counselling support, outreach programmes, social action initiatives, and educational activities.
Administering baptisms, dedications, weddings, funerals, membership processes, and other church ordinances.
Safeguarding children, young people, and adults who may be at risk.
Recruiting, supporting, managing, and developing employees and volunteers.
Maintaining communication with church members, attendees, supporters, and members of the wider community.
Managing financial records, donations, Gift Aid declarations, accounting records, and regulatory reporting requirements.
Conducting surveys, consultations, questionnaires, and research activities to improve church ministries and services.
Promoting church events, ministries, services, and community activities through appropriate communication channels.
Managing facilities, bookings, property administration, and health and safety requirements.
Maintaining the security of church premises, property, systems, and information assets.
Responding effectively to enquiries, requests, concerns, complaints, and feedback.
Complying with legal, regulatory, charitable, employment, safeguarding, and governance obligations.
Preserving historical records and documents that form part of the church’s heritage and legal record.
Lawful Basis for Processing
Bourne Baptist Church will only process personal data where there is a lawful basis to do so under the UK GDPR. Depending on the nature of the processing activity, this may include:
Consent from the individual.
Performance of a contract.
Compliance with a legal obligation.
Protection of vital interests.
Performance of a task carried out in the public interest.
Legitimate interests pursued by the church, provided those interests do not override the rights and freedoms of the individual.
Where special category data is processed, such as information relating to religious beliefs, health, safeguarding matters, or other sensitive information, the church will ensure that an appropriate additional condition for processing is satisfied.
How Personal Data is Stored
Bourne Baptist Church takes appropriate technical and organisational measures to ensure that personal data is protected against unauthorised access, loss, destruction, misuse, disclosure, or alteration.
Personal data may be held and processed using:
Church-owned computers, servers, storage devices, and network systems.
Secure paper records and filing systems.
Approved cloud-based services and digital platforms.
Email and communication systems authorised by the church.
Third-party service providers acting on behalf of the church under appropriate contractual arrangements.
Current systems utilised by the church may include:
iKnow Church – Church administration and membership management platform.
Mailchimp – Email communication and marketing platform.
Website hosting and related services provided through DreamHost or other approved providers.
All third-party providers are expected to maintain appropriate data protection standards and comply with applicable legal requirements.
Sharing Personal Data
Bourne Baptist Church will only share personal data where there is a lawful basis for doing so.
Personal data may be shared with:
Regulatory bodies and statutory authorities where required by law.
Safeguarding agencies and organisations where necessary to protect children, young people, or adults at risk.
Professional advisers, insurers, auditors, and legal representatives.
Denominational bodies and church associations where appropriate.
Service providers acting on behalf of the church.
Other organisations where the individual has provided consent or where another lawful basis applies.
Only authorised individuals acting within the scope of their responsibilities may share personal data on behalf of the church.
Records will be maintained of significant data-sharing activities, including details of the lawful basis relied upon and any exemptions applied. The church will follow the Information Commissioner’s Office (ICO) Data Sharing Code of Practice and seek legal advice where appropriate.
Criminal Offence and Safeguarding Information
Bourne Baptist Church does not routinely process information relating to criminal convictions, offences, or allegations.
Such information will only be processed where there is a clear safeguarding necessity and a lawful basis exists for doing so. Any processing of this nature will be carried out in accordance with safeguarding legislation, denominational guidance, and professional advice.
Where safeguarding concerns arise, the church may seek guidance from the Safeguarding Team of the Baptist Union of Great Britain, the East Midlands Baptist Association, statutory safeguarding authorities, or other appropriate safeguarding professionals.
Data Subject Rights
Under data protection legislation, individuals have a number of rights concerning their personal data. These rights include:
- Right of Access
Individuals may request access to personal data held about them through a Subject Access Request. - Right to Rectification
Individuals may request that inaccurate or incomplete personal data be corrected. - Right to Erasure
Individuals may request deletion of personal data in certain circumstances where the law permits. - Right to Restrict Processing
Individuals may request that processing be restricted in specific situations. - Right to Object
Individuals may object to certain forms of processing, including processing for direct marketing purposes. - Right to Data Portability
Individuals may request a copy of certain personal data in a structured, commonly used, and machine-readable format. - Rights Relating to Automated Decision-Making
Individuals have rights relating to decisions made solely through automated processing where applicable. - Right to Withdraw Consent
Where processing is based on consent, individuals may withdraw that consent at any time.
Responding to Rights Requests
Any request relating to an individual’s data protection rights will be referred immediately to the church’s Data Protection Lead.
The church will respond to valid requests promptly and, in most cases, within one calendar month of receipt. Where permitted by law, this period may be extended by up to two additional months if the request is particularly complex or numerous.
Requests will normally be handled free of charge unless legislation permits a reasonable administrative fee.
All communications regarding personal data rights will be clear, concise, transparent, and provided in plain language.
Data Retention and Security
The church maintains policies and procedures governing the retention, security, archiving, and disposal of personal data. Personal information will only be retained for as long as necessary to fulfil the purposes for which it was collected, to satisfy legal or regulatory obligations, or to protect the legitimate interests of the church.
Appropriate safeguards are implemented to ensure the confidentiality, integrity, and availability of personal information throughout its lifecycle.
Complaints
If you have concerns regarding the way Bourne Baptist Church processes your personal data, you are encouraged to contact the Data Protection Lead in the first instance.
Individuals also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if they believe their data protection rights have been infringed.