House on the Rock (HOTR), London Lighthouse Data Protection and Privacy Policy 

1. GENERAL INFORMATION 

The London Lighthouse is a parish of House on the Rock Church, which is headquartered in Lagos, Nigeria. 

We are a registered charity geared towards the ideals of the Worship of God, the furtherance of the gospel of our Lord Jesus and general advancement of the Christian faith and the relief of persons in conditions of need, hardship or distress. 

The Information that we collect or which is given to us is kept and protected in accordance with the requirements of the EU Directive 2016/679 otherwise known as the EU General Data Protection Regulation (GDPR). 

All Data Protection enquiries may be directed to the Data Officer on gdpr@hotr.org.uk 

2. DATA PROTECTION STATEMENT 

At the London Lighthouse, we take our responsibilities regarding the management of personal data under the requirements of the GDPR very seriously. This document therefore sets out our policy for achieving effective Data management and applies to all Data collected or given to the London Lighthouse regardless of where such data is held including on personally owned devices or equipment, email correspondence; or outside Church property or premises. 

In keeping with The Data Protection principles set under the GDPR, personal Data will be: 

a) processed lawfully, fairly and in a transparent manner in relation to individuals; 

b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; 

c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed; 

d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, is erased or rectified without delay. 

Data subjects will be informed of why data is being collected, what we believe they are consenting to in providing their data and how such data will be used. 

All data collected will be handled as sensitive and therefore in confidence and will not be disclosed to third party organisations (including other Charities/not-for-profit organisations) for marketing or other purposes except in cases coming under section 6. 

3. WHAT, WHY AND WHERE INFORMATION IS COLLECTED 

3.1 What- As a church, we will collect data such as personal details (name, address and contact number) and financial details (debit card/payment card details). 

3.2 Why - Such information will be used exclusively for outreach/advertising, ministry, and financial/help/donations/record purposes (processing donations, maintaining a database of members and friends of the ministry and to enable us customise information for our outreach audience and obtain feedback. 

3.3 Where - Data may be obtained at church services, ministry events, community outreach events and through targeted email and telephone enquiries 

4. DATA SHARE & EXCHANGE: 

Data will only be shared within the Church on a ‘need to know basis’ for the following purposes: providing pastoral care, providing information for church based activities or events, sharing information within the various departments. 

5. ACCOUNTABILITY: IN-HOUSE. 

Staff or persons acting as agents for the Church who process personal data about fellow staff, congregants, visitors or other third parties whose data is handled by the church must comply with the requirements of this policy in ensuring that all data is secure, kept confidential and not disclosed verbally or in writing, deliberately or negligently to unauthorised persons. 

All enquiries regarding data protection including subject access requests, complaints or breaches should be directed to gdpr@hotr.org.uk 

Where members of staff are responsible for overseeing work undertaken on a voluntary basis by members of the congregation which involves the processing of personal data, the Data Officer must ensure that such congregants are fully aware of the Data Protection Principles, in particular, the requirement to obtain the data subject's consent and to treat such information as sensitive. 

6. ACCOUNTABILITY: THIRD PARTIES 

Where we use organisations, companies or third parties who operate independent of the London Lighthouse, in processing personal data on our behalf, responsibility in ensuring strict adherence to our data policy and all applicable legislation in the handling, use and security of such data remains with us. 

In keeping with this policy, we will only use third parties and organisations that have a data protection policy and can provide adequate security measures for the secure processing of personal data. 

We will take reasonable steps to verify the existence of such security measures and how they will be applied to personal data supplied by us to such third parties. 

We will have clearly defined agreements on what personal data will be processed, what purpose such data is to be used for and how long such data will remain accessible or controlled by the third party and when such data can be returned or destroyed. 

All such agreements will be signed and authenticated by the Data Officer and will include a 'confidentiality clause’ statement on the transfer and use of data collected by us or the third parties acting as agents to the church. 

7. LENGTH OF DATA STORAGE 

Information about the retention period applicable to paper and electronic documentation and/or how they are destroyed or deleted, may be obtained from the Data Officer, please email gdpr@hotr.org.uk for such enquiries. 

8. SUBJECT ACCESS REQUESTS 

We will process any subject access requests falling within the parameters set out under the applicable legislation within 10 working days. Requests for any information that is exempt under the law will regrettably not be processed, or if processed, will be redacted as necessary. 

Anyone wishing to access personal data held by us may do so by sending an email request to gdpr@hotr.org.uk 

9. SECURITY CHECKS AND BREACHES 

A ‘security check clause’ applies to all data collected and held by us to the extent that some part of such data may be used to verify identities to minimise the risk of unauthorised disclosure of information and security breaches. 

However, where a Data Protection breach occurs, or is suspected, it should reported immediately to the Data Officer using the email gdpr@hotr.org.uk 

All reported breaches will be investigated with reference to our disciplinary procedures for any member of staff, or persons acting as agents for the London Lighthouse; who are found to have been negligent or malicious in their handling of personal data such as to cause a security breach. 

10. COOKIES 

The HOTR London Lighthouse website uses cookies and disabling or rejecting the use of cookies may limit the functionality of certain features on our website. 

General information may be collected through the use of cookies to help us monitor website traffic or personalise contents for each individual user. 

11. LINKS TO OTHER WEBSITES 

We will take precautions to ensure that users of our website are only directed to specially selected secure third party websites. However, users are advised to also verify the privacy and/or data protection policies of such third parties for themselves. 

The London Lighthouse will not be responsible for any data breaches that may occur from information provided on such external websites. 

12. REVIEW 

This document will be reviewed once every three years and in accordance with any legislation changes.