Privacy Policy Grace Family Church (Grace)

Grace uses personal data of people for the purpose of general church communication & administration.
Grace recognises the importance of the proper and lawful handling of personal data. All personal data, whether it is kept on paper, computer, or other media, will be subject to the appropriate legal safeguards as specified in the Protection of Personal Information Act, 2013 (the POPI Act).

Grace endorses and complies with the 8 principles / conditions in the POPI Act. These principles relate to how personal data can be obtained, handled, processed, transported, and stored of personal data. Employees and any others who obtain, handle, process, transport, and store personal data for Grace will adhere to these principles.

THE 8 INFORMATION PROTECTION PRINCIPLES
By law Grace is required to manage personal data in as follows:-
1. Accountability Grace’s senior pastors have delegated authority to and have nominated two Responsible Persons (Responsible Person) to give effect to the 8 POPI principles below and to ensure that the principles set out and all the measures that give effect to the principles are complied with.
 
2. Process limitation Personal Information must be processed lawfully and in a reasonable manner that does not infringe the privacy of any person. Personal information may only be processed for the purpose it was intended for, provided that the information is relevant and not excessive. Personal information may only be processed if the person consents to its processing. People may object, at any time, on reasonable grounds and in the prescribed manner like when a member chooses to stop being a member. Where the person has objected the church will no longer process the personal information. Personal information must be collected directly from the person(s) concerned like when the person comes to church, allows their child to attend Grace Kids, Youth, fills in or gives information arising out of or in relation to: Engage, membership, baby dedication, baptism, wedding, funeral, capital campaign contribution card, prayer form, emails, signs up for Grace in Motion (senior pastors’ weekly email), any of the church’s courses, WhatsApp Communality Groups, classes, programs, trainings, volunteer forms, missions and justice serving forms, LifeGroups membership, gives or receives counselling, requests relief aid or assistance, joins or connects through any of Grace’s online or social media platforms and WhatsApp groups, or any transaction etc (for brevity that non exhaustive list shall be referred to here, as “connecting with the life the church” and that phrase should not be seen as derogating from the generality of the non-exhaustive list.)
 
3. Purpose specifications Personal information must be collected for a specific, explicitly defined, and lawful purpose related to a function or activity arising out of or in connection with the church. Personal information must not be retained any longer than is necessary for achieving the purpose for which the information was collected or subsequently used. In terms of membership or where minors need to be signed in for security reasons, people need to consent to the retention of the record. Where retention may be required or prescribed by law or a code of conduct such as when the church stores banking details (like credit card details) it will safeguard such information.

4. Further processing limitations Grace’s Responsible Person will consider: (a) the person’s consent to process their information, (b) whether the member/attendee has not requested deletion and (c) whether the information is compatible with the purpose of collection, or available in a public record.

5. Information Quality Grace’s Responsible Person will take reasonable and practical steps to ensure that the personal information is complete, accurate, not misleading and updated where necessary for the purpose it is intended.

6. Openness Personal information collected as the person connects with the life of the church will usually include: name, address, email address and cell phone contact details and sometimes age. This is collected in a fair and transparent manner. To ensure that the processing of information is fair, individuals will be aware of what specific personal information is being held by the church. Grace will ‘register’ by submitting a notification to the Regulator before commencing the processing of personal.

7. Security safeguards The Responsible Person will secure the integrity and confidentiality of personal information in its possession or under its control by taking appropriate, reasonable technical and organisational measures. Appropriate internal control measures are in place and regularly verified i.e., ensuring that security practices and procedures are effective and in place. All employees and volunteers processing personal information on behalf of the church will, (a) process this information with the knowledge or authorization of the church; and (b) treat personal information which comes to their knowledge as confidential and will not disclose it. Should there be a breach the church will notify the Information Regulator and the data subject as soon as it practically possible. The church will consider the legitimate needs of law enforcement or any another reasonable measures to determine the scope of the breach to the data subject and to restore the integrity of the church’ information system. Such notification should provide sufficient information to allow the affected person(s) take protective measures against the potential consequences of the compromise, including, if known to the church, the identity of the unauthorised person who may have accessed or acquired the personal information.

8. Personal information on record and third-party disclosures Grace must make provision for the attendees/members, who have provided adequate proof of identity, to request what personal information the church holds about them, including third parties the church may have shared the attendee’s/member’s personal information with.

HOW WE COLLECT DATA & INFORMATION ABOUT YOU
Grace collects personal information each time you are in contact with us. For example, when you connect with the life of the church, including but not limited to: Visit, access and or interact with our website or social media including but not limited to Facebook, YouTube, WhatsApp, Instagram Book for an in-person service Register for an event, course, conference, LifeGroup, as a volunteer, give or receive counselling, training Complete any of our online or paper forms or submit email enquiries.

MAINTENANCE OF CONFIDENTIALITY
Grace will treat all your personal information as private and confidential and will not disclose any data about you to anyone other than appropriate staff including pastoral staff and or approved volunteers to facilitate proper administration and ministry of the church. Grace staff and volunteers who have access to Personal Information will be required to agree to sign a Data Protection Policy.

There are four exceptional circumstances to the above:-
1) Where we are legally compelled to do so;
2) Where there is a duty to the public to disclose information;
3) Where the disclosure is to protect your interests;
4) Where the disclosure is made at your request or with your consent.

USE OF PERSONAL INFORMATION
Such is used in the day-to-day administration and ministry of the church. For example when you connect to the life of the church e.g. Planning Center rosters, preparation of service run sheets, notification to attendees/volunteers etc.
Contacting you to keep you informed about GroupLife, church events, church news, services, and activities.
Executive reports that require the collation of statistics. For example, church attendance, Alpha Course/GroupLife attendance. The Database (Planning Center). This database can only be accessed by staff and volunteers who have been authorized to do so and who have signed the Data Protection Policy.
- Access is controlled using a login username;
- Only Senior Leaders have access to all information on the database. All other authorized staff and volunteers have limited access to specific sections.
- None of your information is passed on to 3rd parties outside the church environment without your consent.
- Sensitive, personal information is kept strictly confidential. It is never sold, given away or otherwise shared with anyone, unless required by law.

RIGHTS TO ACCESS INFORMATION
Employees and people whose data is held by Grace have the right to access personal information that is being held.
This right is subject to certain exceptions: Personal Information may be withheld if the information relates to the privacy of a third party.
Any person who wishes to exercise this right should make the request in writing addressed to the Grace POPI Act Responsibly Party at grace@grace.org.za. 
If personal details are inaccurate, they can be amended upon request by email. Grace will endeavour to deal with requests for access to personal information as quickly as possible but will ensure that it is provided within 30 days of receipt of an email unless there is good reason for delay. In such cases, the reason for delay will be explained in writing to the person making the request.

TYPE OF INFORMATION WE COLLECT
For the day to day running and ministry of the church we often require from attendees, volunteers and staff:-
-Demographic information
-Contact information
-Preferences
-Background information
-Sometimes this includes special personal information and that requires extra care: that being client information obtained during lay and pastoral care and counselling.

YOUR RIGHTS & CHOICES
The Constitution of the Republic provides that everyone has the right to privacy. The right to privacy includes a right to protection against the unlawful collection, retention, dissemination and use of personal information. You have a right to privacy regarding the collection, use and storage of your personal information. This includes the right to de-consent to the collection of your personal information by the church and the right to decline the provision of your personal information. Grace has consent options regarding the collection of personal information on forms and areas where personal information is required from you and has reference to this, our privacy policy. You have the right to withdraw or decline consent. There are notification links that assist you in requesting these. Your information will be deleted within one week of your request.

GRACE KIDS CHILDREN CONSENT FORMS FROM PARENTS/GUARDIANS
Personal information may only be processed if the data subject or a competent person where the data subject is a child, consents to the processing.

DATA RETENTION
Grace will retain your personal information for only as long as is necessary for the purposes as set out in this policy.

CHANGES TO OUR PRIVACY POLICY
Grace reserves the right to change our Privacy Policy at any time. When this policy is revised, we will post the updated version on our website and send a notification to all registered data subjects. Your continued use of our website or interaction with us indicates your acceptance of these changes.

SMS/ WHATSAPP PRIVACY POLICY
We respect your privacy and will not distribute your mobile contact details to any third parties. If at any time you wish to discontinue receiving sms text messages, WhatsApp messages or emails or other electronic communication please send an email to grace@grace.org.za addressed to Grace Information Officer with the subject line “Discontinue” wherein you describe what sms group, WhatsApp group etc you would like your cell number deleted from. By subscribing to our WhatsApp Community Groups or our App, you have provided us with consent to send you sms, WhatsApp or push messages regarding our church’s events and updates. Message frequency varies by events. In general, the messages we send provide you with information about the life of the church. Some of the messages we might send may include, sound or video recordings or links to websites. To access those sound or video or websites, you will need your own data and internet access.

Should you have any queries or concerns regarding the above, please email send an email addressed to the Grace POPI Act Responsibly Party at grace@grace.org.za.