(Protection of Personal Information Act)
Lighthouse Church uses personal data of individuals for the purpose of general church communication & administration. We recognise the importance of the correct & lawful handling of personal data. All personal data, whether it is kept on paper, computer, or other media, will therefore be subject to the appropriate legal safeguards as specified in the POPI ACT 2020 (Protection of Personal Information Act).
Lighthouse Church fully endorses and adheres to the eight principles of the POPIA. These principles specify the legal conditions that must be satisfied in relation to obtaining, handling, processing, transportation, and storage of personal data. Members who obtain, handle, process, transport, and store personal data for Lighthouse Church must adhere to these principles.
Lighthouse Church has initially designated the lead elder as the “Responsible Person” to give effect to the POPI principles stated in this document and to ensure that the principles set out and all the measures that give effect to the principles are complied with.
2 Process limitations:
Personal Information must be processed lawfully and in a reasonable manner that does not infringe the privacy of any individual. Personal information may only be processed for the purpose it was intended for, provided that the information is relevant and not excessive. Personal information must be collected directly from the persons concerned, either when they come to meetings or when they provide information by electronic means.
3 Purpose specifications:
Personal information must be collected for a specific, explicitly defined, and lawful purpose related to a function or activity of the church. It is imperative that records of personal information must not be retained any longer than is necessary for achieving the purpose for which the information was collected or subsequently used. In terms of membership or where minors need to be signed in for security reasons, people need to consent to the retention of the records. For the purposes of COVID-19 meeting registration, details of minors must captured regardless of the presence of a parent or guardian.
4 Further processing limitations:
Lighthouse Church will always consider the following;
- Ensure that the person concerned has given consent to process their information.
- Check whether the member has requested deletion prior to processing their information.
- Ensure that the information is compatible with the purpose of collection, available in a public record.
5 Quality of information:
The church will take reasonably practicable steps to ensure that the personal information is complete, accurate, not misleading and updated where necessary for the purpose it is intended.
Personal information collected as part of membership and attendance recording will include a name, address and/or contact detail such as phone number and email address. This is collected in a fair and transparent manner. To ensure that the processing of information is fair, individuals will be aware of what specific personal information is being held by the church.
7 Security safeguards:
Lighthouse Church will secure the integrity and confidentiality of personal information in its possession or under its control by taking appropriate, reasonable technical and organizational measures. Appropriate internal control measures are in place and will be regularly evaluated.
Anyone processing personal information on behalf of the church will always,
- process this information with the knowledge or authorization of the eldership; and
- treat personal information which comes to their knowledge as confidential and will not disclose it.
Should there be a breach the church will notify the Information Regulator and the data subject as soon as it practically possible. The church will consider the legitimate needs of law enforcement or any another reasonable measures to determine the scope of the breach to the data subject and to restore the integrity of the church. A notification providing sufficient information to allow the affected person/s to take protective measures against the potential consequences of the compromise, including, if known to the church, the identity of the unauthorized person who may have accessed or acquired the personal information will be provided to the data subject concerned.
8 Personal information on record & third-party disclosures:
The church will advise on request to members who have provided adequate proof of identity, what personal information the church holds about them, including third parties the church may have shared the member’s personal information with.
HOW WE COLLECT PERSONAL INFORMATION
We may collect personal information each time members or visitors provide us with their details, e.g. by:
- Submitting details or updated details;
- Registering for an in-person meeting;
- Providing information via social media platforms such as Facebook, YouTube, WhatsApp, Instagram etc.
Lighthouse Church will treat all personal information as private and confidential and will not disclose any data to anyone other than members of the church who facilitate administration and day-to-day ministry of the Church.
There are four exceptional circumstances to the above:
- Where we are legally compelled to do so(e.g. COVID registers);
- Where there is a duty to the public to disclose information;
- Where the disclosure is to protect the interests of the person;
- Where the disclosure is made at the person’s request or with their
Lighthouse Church members who have access to Personal Data will be required to agree to this Policy before receiving any access passwords.
USE OF PERSONAL INFORMATION
Personal information will be used for:
- The day-to-day administration of the church.
- Contacting members to keep them informed about church matters.
No personal information is passed on to third parties outside the church environment without consent with the exception of the COVID-19 protocol attendance register (this is a legal requirement).
Sensitive, personal information is kept strictly confidential. It is never sold, given away or otherwise shared with anyone, unless required by law.
RIGHTS TO ACCESS INFORMATION
The leadership team of Lighthouse Church have the right to access any personal data that is being held in filing systems unless a member has requested that their Personal Information be withheld from the team. Any person who wishes to exercise this right should make the request in writing to the Lighthouse Church.
If personal details are inaccurate, they can be amended upon request.
Lighthouse Church aims to comply with requests for access to personal information as quickly as possible but will ensure that it is provided within 30 days of receipt of a completed request form unless there is good reason for delay. In such cases, the reason for delay will be explained in writing to the individual making the request.
TYPE OF INFORMATION WE COLLECT
- Contact information
- Birthdays and anniversaries
- Membership of any groups
INDIVIDUAL RIGHTS & CHOICES
- Everyone has the right to privacy.
- The right to privacy includes a right to protection against the unlawful collection, retention, dissemination and use of personal information.
- Everyone has the right to privacy regarding the collection, use and storage of their personal information. This includes the right to de-consent to the collection of personal information by the church and the right to decline the provision of your personal information.
- Everyone has the right to de-consent or to decline consent. Such information will be deleted within 72 hours of the. A confirmation of the de-consent will be provided.
CHILDREN CONSENT FORMS FROM GUARDIANS
Personal information may only be processed if the data subject or a competent person where the data subject is a child, consents to the processing.
RETENTION OF DATA
Lighthouse Church will retain personal information for only as long as is necessary for the purposes as set out in this policy.
- We respect your and will not distribute mobile contact details to any third parties;
- If at any time a person wishes to discontinue receiving text messages, they may send a request to delete their mobile number from the applicable broadcast list or group;
- Provision of contact details is understood as consent to send text messages regarding our church’s events and updates. Message frequency varies by events;
- In general, the messages we send provide information or inspiration. Some of the text messages we send may include links to websites.
Please direct any queries or concerns regarding the above to one of the elders (or email us).