CHRIST CHURCH UMHLANGA

POPIA PRIVACY NOTICE

1. Your personal information – what is it?

The processing of personal information in South Africa is governed by the Protection of Personal Information Act^[1] (POPIA). The term “data subject” means the person to whom personal information relates. Personal information is any information that may identify a person such as a name, surname, identity number, contact number, email address, religion, education, financial or any other information that is unique to an individual.

2. Who are we?

Christ Church Umhlanga is a Public Benefit Organisation, situated at 57 Hambridge Avenue, Somerset Park, Durban, 4319, and a member of The Church of England in South Africa, operating as The Reformed Evangelical Anglican Church of South Africa (Hereinafter REACH SA). In accordance with POPIA, Christ Church Umhlanga is the Responsible Party that determines the purpose of and means for processing personal information.

3. How do we process your personal information?

Christ Church Umhlanga complies with its obligations under POPIA by adhering to and operating in accordance with the provisions of the Act as well as the eight (8) conditions for the lawful processing of personal information, including, but not limited to: obtaining personal information in a lawful manner and for a legitimate and lawful purpose; keeping the personal information up-to-date; storing and destroying it as and when required and in a secure manner; not collecting or retaining excessive amounts of data or unnecessarily; protecting personal information from loss, misuse, unauthorised access and disclosure; and by ensuring that appropriate measures are in place to protect personal information. In this regard, CCU is committed to the following 8 conditions:

1. Accountability – CCU has appointed two (2) senior staff as Information Officer and Deputy Information Officer to oversee compliance with the provisions of the Act and the 8 conditions.
2. Processing Limitation – CCU is committed to processing Personal information only in a fair and lawful manner and only with the consent of the data subject.
3. Purpose Specification – CCU is committed to processing Personal information only for specific, explicitly defined and legitimate reasons.
4. Further Processing Limitation – CCU is committed to not processing Personal information for a secondary purpose unless that processing is compatible with the original purpose.
5. Information Quality – CCU is committed to taking reasonable and practicable steps to ensure Personal Information is complete, accurate, not misleading and updated.
6. Openness – The data subject whose information we are collecting is made aware at all times that we are collecting such personal information and the purpose for which the information will be used.
7. Security Safeguard – Personal information must be kept secure against the risk of loss, unlawful access, interference, modification, unauthorised destruction and disclosure.
8. Data Subject Participation – Data subjects may request whether their personal information is held, as well as the correction and/or deletion of any personal information
9. Why do we process your personal information?

We process personal information as follows:

• To manage the day-to-day administration and ministry of the church;
• For purposes of communicating with the church congregation and service providers;
• To provide pastoral support for members, adherents and others connected with our church;
• To provide services to the community;
• To safeguard children and young people;
• To recruit, support and manage staff and volunteers;
• To maintain our church accounts and records;
• To engage with service providers and other third parties;
• To promote our church and activities thereto;
• To track Growth Group attendance. It is also helpful for us to record the number of people that have attended any given event, service or course for statistical purposes;
• To maintain the security of property and premises;
• To respond effectively to enquirers and handle any complaints;
• For any fundraising events that might require this information;
• As may be required by law or policy; and
• For any other valid and legal purpose that supports, furthers and/or is directly related to our vision, mission and values.

5. The kind of information we store and how we store it

Over the years we have collected personal information pertaining to our church members and adherents using various methods, such as completing a connect card, via our website, telephonic or electronic interactions, attending events and courses, etc. The type of information may include the following: name, surname, contact number, email address, physical address, date of birth, profile photo, your relatives and notes. All personal information pertaining to our church members, adherents, teens and children is stored on a secure church management software called “Crowd9” (See https://info.crowd9.co.za/home). A copy of their Privacy Policy is linked here https://media.crowd9.co.za/Documents/Static/Crowd9PrivacyPolicy.pdf . Only authorised staff are permitted access to view and process this personal information and access is password protected. Certain volunteers may have knowledge of certain personal details by virtue of having connected with you for purposes of rostering and serving in our church. We also store personal information in hard copy format using secure filing systems, including information pertaining to weddings, births, baptisms, confirmations, deaths, membership and Special Information, including your religious beliefs.

We make use of third party services, websites and online platforms, such as YouTube, WhatsApp, Zoom, Zapper and Prayer Apps. We also have a CCU website^[2] and make use of social media platforms including Facebook and Instagram. These websites and platforms have their own policies and requirements, and accordingly implore our church family to exercise their own discretion in using these platforms.

With regard to minors, we do not store any personal information without the consent of a parent/guardian, and such information is only processed for purposes of child safety & protection and for ministry purposes.

6. What is the legal basis for processing your personal information?
   • Consent of the data subject so that we can keep you informed about news, events, activities and services and process your donations and keep you informed about appropriate church related matters;
   • The processing is necessary to carry out actions for the conclusion or performance of a contract to which the data subject is party;
   • The processing complies with an obligation imposed by law on Christ

Church Umhlanga and/or REACH SA;

• The processing protects a legitimate interest of the data subject;
• The processing is necessary for the proper performance of a public law duty by public body; and/or
• The processing is necessary for pursuing the legitimate interests of the responsible party or of a third party to whom the information is supplied.

7. Sharing your personal information:

Your personal data will be treated with the strictest confidentiality and will only be shared with appropriate staff including pastoral staff and/or approved volunteers to facilitate proper administration and ministry of the church. We will never share your personal information with any third parties without your consent or unless as may be required or permitted by law.

8. How long do we keep your personal data?

Christ Church Umhlanga will not keep personal data any longer than is necessary for the purpose for which it was collected as set out in this policy.

9. Your rights and your personal data:

Unless subject to an exemption under POPIA, you have the following rights with regard to your personal information:

• To have your personal information processed in accordance with the conditions for the lawful processing; ● To be notified that—

                              ○    Personal information about you is being collected

○ Your personal information has been accessed or acquired by an unauthorised person;

• To establish whether a responsible party holds personal information of that data subject and to request access to your personal information;
• To request, where necessary, the correction, destruction or deletion of your personal information;
• To object, on reasonable grounds relating to your particular situation to the processing of your personal information;
• To object to the processing of your personal information at any time for purposes of direct marketing;
• To not to have your personal information processed for purposes of direct marketing by means of unsolicited electronic communications;
• To not to be subject, under certain circumstances, to a decision which is based solely on the basisof the automated processing of your personal

information intended to provide a profile of such person;

• To submit a complaint to the Regulator regarding the alleged interference with the protection of the personal information of any data subject or to submit a complaint to the Regulator in respect of a determination of an adjudicator; and
• To institute civil proceedings regarding the alleged interference with the protection of your personal information.

10.Further processing:

Should your personal information be for a new purpose not covered by this Privacy Notice or falling within the mission and purposes of the church, we will seek your prior consent to the new processing and/or further process such personal information as may be required or permitted by law.

11.Changes to our Privacy Policy

Christ Church Umhlanga may from time to time amend its Privacy Policy or its POPIA/PAIA manual. When the Privacy Policy is revised, we will post the updated version on our website. Your continued use of our website or interaction with us indicates your acceptance of these changes.

12.Contact Details:

If you do not want us to keep some or all of your information (or your minor child/ren), or would like to find out what information we have stored, or update any information, please contact us below. You also have the right to receive communication from CCU in a manner of your choosing. You are able to unsubscribe from any of our mails via a link at the bottom of each email. Please let us know if you would like to opt out of us sending you SMSs. You may also remove yourself from any WhatsApp group should you wish. To exercise all relevant rights, queries or complaints please contact the office of Christ Church Umhlanga below.

Address: 57 Hambridge Avenue, Somerset Park, Umhlanga, Durban KZN, 4319

Email: [email protected]

Tel: 031 572 6542

Please contact the office should you wish to view our comprehensive POPIA and PAIA manual.

[1] Act 4 of 2013

[2] Our website uses Cookies to improve your user experience. All personal information submitted via our website is sent to and stored on Elvanto with your consent.