Horley Christadelphian Ecclesia – Data Privacy Notice
• This privacy notice outlines

a) what personal data Horley Christadelphian Ecclesia holds about ecclesial members and those who subscribe to our “Friends of Horley” emailing list, why we hold it, and how we use it.
b) the right of those data subjects to withhold their data and/or to see, check, correct and/or permanently remove their data from our records.

• “The Ecclesia” means Horley Christadelphian Ecclesia (Reg. Charity No. 1034410).
• “The GDPR” means the General Data Protection Regulation 2018.
• “The Elders” means the brothers and sisters appointed from time to time, on the basis of member consultation, to oversee the spiritual welfare of members and to be the Trustees for Charities Act purposes.
• “Personal data” are data relating to a living individual who can be identified from that data, including when the data are taken in conjunction with any other information in the data controllers’ possession or likely to come into their possession.
• “The data subject” is the person about whom personal data are processed.
• “Data processing” is anything done with personal data, including storing it.
• “Member” means any brother or sister who has become a member within the terms of Clause 4 of our charitable constitution and who has not expressed the wish to terminate their membership.
• “Active Member” means any member who has also been present at four or more of our ecclesial Breaking of Bread meetings during the preceding 12 months (but with allowance for ill health etc. preventing attendance at meetings) and who is thus entitled to take part in deciding changes in the ecclesial constitution.
• “The Data controller” refers collectively to the elders of Horley Christadelphian Ecclesia who oversee how, and for what purposes, personal data is processed.

Why have the Horley elders sent out this privacy notice?
• The processing of personal data is from 25th May 2018 governed by the GDPR. All churches and charities, along with other organisations, must comply with the GDPR’s requirements.
• The GDPR gives individuals more rights and protection than previously as to how their personal data is processed by the Ecclesia.
• Among other things, the GDPR increases the accountability of data controllers who must now be able to demonstrate

a) the need to process the personal data in order to meet our objectives
b) the positive consent of the data subject to the processing of their data.
• This privacy notice expands on these points and explains the rights of the data subjects.

Why does the ecclesia need to hold personal data?
• Our formal Constitution, lodged with the Charity Commissioners, requires us to keep a membership register containing names, addresses, dates of birth and dates of baptism.
• The Constitution also allows a register of attendance at meetings to be kept “as deemed appropriate from time-to-time”. In practice attendance has been recorded at the Breaking of Bread meeting only and is the agreed basis for identifying our active members for the purpose of our constitutional and charitable governance.
• In addition to the constitutional requirement, our membership register includes home and mobile telephone numbers and email addresses, to help us contact members.
• Only our Treasurer holds details of standing order mandates signed by those members who wish to donate funds automatically on a regular basis. The original signed mandates are securely lodged with the Ecclesia’s bank, and their ongoing processing is authorised by the data subject having signed the mandate.
• In the case of those who wish to subscribe to our circulation of ecclesial news to non-members (“Friends of Horley”), we hold only names and email addresses.

Undertaking by the Horley elders as Data Controller
• The Elders of Horley Christadelphian Ecclesia undertake to comply with the GDPR by

a) only holding personal data that we have a genuine need for
b) only holding data with the agreement of the data subject
c) ensuring, with the data subject’s help, that data are up to date and accurate
d) not sharing data with others (including ecclesial members) without the consent of the data subject, unless instructed to do so by the authorities (e.g. the police)
e) protecting personal data from loss, theft, misuse, and unauthorised disclosure, including by putting appropriate technical measures in place in the case of data stored electronically
f) deleting personal data promptly and permanently if the data subject so requests, or if we no longer have a reasonable need for it (e.g. if the data subject ceases to be a member of the ecclesia).

How do we use personal data?
• We only use personal data:

a) to maintain a record of our current members;
b) to create a list of members’ names, addresses and contact details that can (but only with those members’ agreement) be made available, in hard copy only, to other members;
c) to co-ordinate the work of members who undertake voluntary duties for the Ecclesia;
d) to maintain our accounting records and facilitate the processing of standing orders and gift aid applications;
e) to email members and subscribing non-members about our ecclesial activities, ecclesial news and other matters of interest and/or spiritual support, and about the welfare of ecclesial members;
f) to send members and subscribing non-members by email event notices and newsletters etc. from other Christadelphian ecclesias and organisations.

What is our legal basis for processing personal data?
• In compliance with the GDPR we hold and process personal data

a) only where such processing is operationally essential or required by our charitable constitution;
b) only with the written consent of the data subject;
c) only if processing does not involve disclosure to a third party without the explicit consent of the data subject.

How long do we keep personal data?
• The ecclesia keeps data only on its current members with the exception of

a) gift aid declarations and associated paperwork which for legal reasons are retained for 6 years after the calendar year to which they relate;
b) names and email addresses only for those who wish only to be included on our “Friends of Horley” emailing list to receive items of ecclesial and welfare news.
• Personal data is immediately deleted on the request of the data subject and, in the case of ecclesial members, on their ceasing to be members.
What are your rights in relation to your personal data?
• All data subjects are entitled to:

a) see, upon request to secretary@horleychristadelphians.org, a copy of all the personal data which the Ecclesia holds about you;
b) require that any inaccuracies be corrected;
c) require that processing of your personal data ceases immediately and that the data be permanently erased from ecclesial records;
d) be consulted and give consent before your personal data are used in any manner which is not described in this privacy notice;
e) lodge a complaint with the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF (Tel: 0303 123 1113)

1 February 2018