Guarding and proclaiming the unchanging truth in a changing world

Data Protection Policy

GAFCON Data Protection Policy

Policy statement

GAFCON is committed to a policy of protecting the rights and privacy of its supporters, subscribers, givers, volunteers, officers, staff and others in accordance with The Data Protection Act 1998. The policy applies to all staff, officers and volunteers of GAFCON.

Legal Requirements

Data are protected by the Data Protection Act 1998, which came into effect on 1 March
2000. Its purpose is to protect  the rights and  privacy of individuals and to ensure that personal data is not processed without their knowledge, nor, wherever possible, processed without their consent.

The Act requires us to acknowledge the fact that we hold personal data and to acknowledge the right of ‘subject access’ – supporters, subscribers, givers, officers, volunteers and  staff must have the right to copies of their own data.

Managing Data  Protection

We are  a not-for-profit organisation that  qualifies for an  exemption from  registration with the Information Commissioner, and  are thus currently not registered.

Purpose of data held by GAFCON

Data may be held by us for the following purposes:
1.   Communication
2.   Fundraising
3.   Staff administration
4.   Accounts & Records
5.   Marketing & Public Relations
6.   Strategic Planning

Data  Protection Principles

In terms of the Data Protection Act 1998, GAFCON is the ‘data controller’, and as such determine the purpose for which, and the manner in which, any personal data  is, or is to be, processed. We will ensure that:

1.  Personal data is processed fairly and lawfully

We will be transparent about  our use of personal data; a copy of this policy, giving the reasons for collecting data,  will be available on any online form on which we request personal data.

Consent will be sought regarding communications and no personal data will be transferred to a third party without consent.

GAFCON is a global movement comprising GAFCON supporting Anglican provinces, local branches and  individual supporters. Data collected across the movement is stored centrally to enable worldwide communications as well as local communications when appropriate. A third party is any person or organisation outside the global movement.

2.  Personal data shall be obtained and processed only for specified and lawful purposes

We will only use data for purposes given in this policy. We will be open with data subject about what we intend to do with their personal data.

3.  Personal data held by GAFCON should be adequate, relevant and not excessive

GAFCON will monitor the data held for our purposes, ensuring we hold neither too much nor too little data in respect of the individuals about whom the data are held. If data given or obtained are excessive for such purpose, they will be immediately deleted or destroyed.

4.  Personal data held by GAFCON should be accurate and up-to-date

It is important to GAFCON that our data is accurate and up to date, to ensure our supporters and subscribers are receiving our communications. We will provide our supporters and subscribers with a copy of their data once  a year for information and  updating where relevant. All amendments will be made immediately and  data no longer required will be deleted or destroyed.
Supporters and subscribers should notify us of any changes, to enable personnel records to be updated accordingly. It is the responsibility of the GAFCON to act upon notification of changes to data, amending them where relevant.

5.  Personal data held by GAFCON should not be kept longer than necessary

We discourage the retention of data for longer than it is required. All personal data will be deleted or destroyed by us one year after requests to remove  it.

6.  Personal data held by GAFCON should be processed in accordance with the individual’s rights

All individuals that GAFCON hold data on have the right to:

  • Be informed upon the request of all the information held about them within 40 days.
  • Prevent the processing of their data for the purpose of direct marketing.
  • Compensation if they can show that they have been caused damage by any contravention of the Act.
  • The removal and correction of any inaccurate data about them.

7.  Personal data held by GAFCON should be kept secure

Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data  and against accidental loss or destruction of data.

All data shall be held on secure servers.

8.  Personal data held by GAFCON should not be transferred to countries outside the  European Economic Area, unless the country has adequate protection for the individual.

Data must not be transferred to countries outside the European Economic Area without the explicit consent of the individual.  GAFCON takes particular care to be aware of this and will not publish personal information of supporters or subscribers on its website without their consent.

September 2016

Keep informed of the latest news, letters, prayer requests and updates from GAFCON

Gafcon Secretariat, Unit 42/43, Kingspark Business Centre, 152-178 Kingston Road, Surrey, KT3 3ST, United Kingdom

[email protected]

+44 (0)20 3883 8661