Data Protection Policy
GAFCON Data Protection Policy
GAFCON is committed to a policy of protecting the rights and privacy of its supporters, subscribers, givers, volunteers, officers, staff and others in accordance with The Data Protection Act 1998. The policy applies to all staff, officers and volunteers of GAFCON.
Data are protected by the Data Protection Act 1998, which came into effect on 1 March
2000. Its purpose is to protect the rights and privacy of individuals and to ensure that personal data is not processed without their knowledge, nor, wherever possible, processed without their consent.
The Act requires us to acknowledge the fact that we hold personal data and to acknowledge the right of ‘subject access’ – supporters, subscribers, givers, officers, volunteers and staff must have the right to copies of their own data.
Managing Data Protection
We are a not-for-profit organisation that qualifies for an exemption from registration with the Information Commissioner, and are thus currently not registered.
Purpose of data held by GAFCON
Data may be held by us for the following purposes:
3. Staff administration
4. Accounts & Records
5. Marketing & Public Relations
6. Strategic Planning
Data Protection Principles
In terms of the Data Protection Act 1998, GAFCON is the ‘data controller’, and as such determine the purpose for which, and the manner in which, any personal data is, or is to be, processed. We will ensure that:
1. Personal data is processed fairly and lawfully
We will be transparent about our use of personal data; a copy of this policy, giving the reasons for collecting data, will be available on any online form on which we request personal data.
Consent will be sought regarding communications and no personal data will be transferred to a third party without consent.
GAFCON is a global movement comprising GAFCON supporting Anglican provinces, local branches and individual supporters. Data collected across the movement is stored centrally to enable worldwide communications as well as local communications when appropriate. A third party is any person or organisation outside the global movement.
2. Personal data shall be obtained and processed only for specified and lawful purposes
We will only use data for purposes given in this policy. We will be open with data subject about what we intend to do with their personal data.
3. Personal data held by GAFCON should be adequate, relevant and not excessive
GAFCON will monitor the data held for our purposes, ensuring we hold neither too much nor too little data in respect of the individuals about whom the data are held. If data given or obtained are excessive for such purpose, they will be immediately deleted or destroyed.
4. Personal data held by GAFCON should be accurate and up-to-date
It is important to GAFCON that our data is accurate and up to date, to ensure our supporters and subscribers are receiving our communications. We will provide our supporters and subscribers with a copy of their data once a year for information and updating where relevant. All amendments will be made immediately and data no longer required will be deleted or destroyed.
Supporters and subscribers should notify us of any changes, to enable personnel records to be updated accordingly. It is the responsibility of the GAFCON to act upon notification of changes to data, amending them where relevant.
5. Personal data held by GAFCON should not be kept longer than necessary
We discourage the retention of data for longer than it is required. All personal data will be deleted or destroyed by us one year after requests to remove it.
6. Personal data held by GAFCON should be processed in accordance with the individual’s rights
All individuals that GAFCON hold data on have the right to:
- Be informed upon the request of all the information held about them within 40 days.
- Prevent the processing of their data for the purpose of direct marketing.
- Compensation if they can show that they have been caused damage by any contravention of the Act.
- The removal and correction of any inaccurate data about them.
7. Personal data held by GAFCON should be kept secure
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of data.
All data shall be held on secure servers.
8. Personal data held by GAFCON should not be transferred to countries outside the European Economic Area, unless the country has adequate protection for the individual.
Data must not be transferred to countries outside the European Economic Area without the explicit consent of the individual. GAFCON takes particular care to be aware of this and will not publish personal information of supporters or subscribers on its website without their consent.