top of page

GDPR Policy

Data Protection Policy for Brownhill Road Baptist Church, London

Adopted:  October 2025

1. Policy Statement

Brownhill Road Baptist Church (“we/our/us”), Registered Charity Number: 1185320, is committed to protecting personal data and respecting the rights of all individuals whose personal data we collect and use.

 

We value the trust placed in us as a church, and seek to comply with all relevant laws, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the upcoming Data Use and Access Act 2025. This policy sets out our approach to data protection and the measures we take to ensure compliance.

 

We are the data controller for any personal data processed by us which you provide to us. This means we decide how your personal data is processed and for what purposes. The deacons (i.e. Charity Trustees) at Brownhill Road Baptist Church are responsible for ensuring compliance with this policy.

 

2. Purpose of this policy

 

This policy ensures that personal data is:

  • processed lawfully, fairly, and transparently

  • collected for specified, explicit, and legitimate purposes

  • adequate, relevant, and limited to what is necessary

  • accurate and kept up to date

  • retained only for as long as necessary

  • processed securely to prevent loss, misuse, or unauthorised access

3. Scope

 

This policy applies to:

  • All staff, charity trustees, volunteers, and members handling personal data on behalf of the church

  • All personal data processed by the church, whether held electronically or in paper form


4. What personal data do we collect about you?

 

  1. name and salutation;

  2. contact details such as telephone numbers (landline and mobile), addresses and email addresses;

  3. your attendance at events and meetings run or hosted by us;

  4. your interest in participating in various ministries;

  5. your participation in rotas for service in the church;

  6. information contained in correspondence with you;

  7. your marital status, date of birth (where this is legally required to be collected), gender and information about your immediate family;

  8. details of your financial contributions that you make to us, including your bank account details;

  9. bank details where we make financial reimbursements to you;

  10. information required to perform checks as mandated by the Disclosure & Barring Service (DBS);

  11. information that you share with us for the purposes of pastoral care, encouragement, training and prayer;

  12. information relevant to your suitability for membership;  

  13. medical information where this is shared voluntarily with us; and

  14. photographic images and videos.


5. The purposes of collecting your personal data

 

We may process personal data to:

  • maintain our list of church members and regular attendees;

  • maintain our social media accounts;

  • provide pastoral support and care;

  • deliver services to the community;

  • safeguard children, young people and vulnerable adults;

  • recruit, support, and manage staff and volunteers

  • maintain accounts and records (financial or otherwise)

  • welcome you to the church and promote church activities and events to tell you about news, events, activities and services run by us which we think may be of interest to you;

  • respond to enquiries and handle complaints;

  • ensure that we adhere to any health and safety obligations whilst you are on the premises;

  • include you in our church member’s directory;

  • enable us to fulfil and our legal and statutory obligations (checks with the Disclosure & Barring Service, submitting Gift Aid returns to HMRC, reporting obligations to the Charity Commission and submitting Real Time Information to HMRC for employees);

  • fundraise and promote the interests of the church; and

  • organise/perform baptisms, dedications, weddings and funerals.

 

6. Lawful Bases for Processing

 

We process personal data under one or more of the following lawful bases:

  • Consent (e.g., for inclusion to mailing lists, directories and WhatsApp groups or photographs or for use on social media)

  • Performance of a contract (e.g., employment)

  • Legal obligation (e.g., safeguarding, to process Gift Aid declarations)

  • Legitimate interests (e.g., church administration, organising service rotas, providing pastoral care, keeping members and visitors informed about church activities)

  • Vital interests (e.g., emergency contact information, in instances where someone’s wellbeing is being compromised)

 

7. Data Security and Storage

 

  • Personal data in paper form is kept in locked rooms with restricted access

  • Electronic data is password-protected and encrypted where possible

  • Data stored on portable devices (laptops, USB sticks) is encrypted

  • Cloud storage providers are chosen with care, ensuring servers are located within the EEA or meet UK adequacy requirements

8. Data Retention

  • Personal data is retained only as long as necessary for the purpose for which it was collected

  • Data is securely destroyed or deleted when no longer required

  • Prayer lists and sensitive pastoral notes are confidentially destroyed after use

9. Data Sharing and Disclosure

  • Personal data is not disclosed to third parties without consent, unless required by law or for safeguarding purposes

  • When emailing groups, addresses are placed in the ‘bcc’ field to protect privacy

 

Your personal data may be shared between church members and friends of the church for the following purposes:

 

  • to facilitate prayer for you at your request;

  • to enable them to provide pastoral care and support for you;

  • to inform them that you have become a member or that your membership has ended;

  • to allow other members/listed friends to contact you or to arrange rota swaps

 

We will only share your data with third parties outside of the church where it is necessary for the performance of our legal obligations or where you first give us your prior consent.

10. Rights of Data Subjects

Individuals have the right to:

  • Be informed about how their data is used

  • Access their personal data

  • Have inaccurate data corrected

  • Request erasure (“right to be forgotten”)

  • Restrict or object to processing

  • Data portability (where applicable)

 

Requests should be made in writing to the deacons.

 

11. Training and Awareness

All Charity Trustees/Deacons receive training on data protection and this policy. Regular reviews and updates are provided to ensure ongoing compliance.

12. Breaches

Any data breaches must be reported immediately to the Charity Trustees/Deacons, who will assess the risk and notify the Information Commissioner’s Office (ICO) and affected individuals as required by law.

13. Review

This policy is reviewed regularly by the Charity Trustees/Deacons and will be updated as necessary to reflect changes in legislation or church practice.

 

 


 

Armend Qehaja

 

5 October 2025

BROWNHILL ROAD

BAPTIST CHURCH

020 8697 0754

292 Brownhill Road • Catford • London • SE6 1AU

​

​

​

  • Facebook
  • YouTube
bottom of page