Data Protection

Our Approach to Data Protection

RCCG My Father’s House, Salford

RCCG My Father’s House, Salford holds and processes personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are committed to respecting your privacy and ensuring your personal data is handled safely, lawfully, and transparently.

What is Personal Data?

Personal data is any information relating to a living, identifiable individual. This includes, but is not limited to:

  • Name
  • Contact details (email, phone number, home address)
  • Attendance records
  • Prayer requests
  • Donation history (e.g., tithes and offerings)
  • Photos and videos captured during church activities

Information Rights

As an individual, you have the following rights under data protection legislation:

  • The right to be informed about how we use your data
  • The right of access to your personal data
  • The right to rectification of inaccurate or incomplete data
  • The right to erasure (“the right to be forgotten”)
  • The right to restrict processing
  • The right to object to processing
  • The right to data portability

We are committed to responding to all valid information rights requests within one calendar month. For complex cases, this may be extended by an additional two months.

To make a request, please email: [email protected]

You may also complete our [Individual Rights Request Form] (Insert downloadable link).

How We Use Personal Data

We explain how personal data is collected and used in our Privacy Policy, which explain:

  • What information we collect
  • Why we collect it
  • The lawful basis for processing
  • How long we retain it
  • Who we share it with (if applicable)

Special Category Data

As a church, we may need to collect special category data, such as:

  • Religious beliefs
  • Health-related information (e.g., for pastoral or prayer support)
  • Ethnicity (e.g., for demographic reporting)

We will always seek explicit consent where required and treat such information with particular sensitivity. Access is strictly limited to authorised personnel on a need-to-know basis.

Information for Staff, Volunteers & Ministry Leads

All church staff, ministry leads, and volunteers who process personal data on behalf of the Church must:

  • Use appropriate technical and organisational measures to protect data
  • Keep all personal information confidential
  • Only use data for its intended and lawful purpose
  • Dispose of data securely when no longer needed
  • Report any suspected data breaches immediately

We provide internal guidance and regular training on data protection to support our team.

Reporting Data Breaches

A personal data breach is any incident that leads to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data.

If you suspect a data breach, please report it immediately by emailing:
 📧 [email protected]

Please include your:

  • Full name
  • Contact details
  • Description of the breach (what happened, what data was involved, when it occurred)

 

All breaches are reviewed and, where necessary, reported to the Information Commissioner’s Office (ICO) within 72 hours, in line with our legal obligations.