Privacy Policy

Personal Information Act 4 of 2013 (“POPIA”).
Privacy Notice
How We Respect your privacy.


Grace Place Church uses personal data of individuals for the purpose of general church communication & administration.

Grace Place Church recognizes the importance of the correct & lawful handling of personal data. All personal data, whether it is kept on paper, computer, or other media, will be subject to the appropriate legal safeguards as specified in the POPI ACT 2020 (Protection of Personal Information Act).

Grace Place Church fully endorses and adheres to the eight principles of the POPIA. These principles specify the legal conditions that must be satisfied in relation to obtaining, handling, processing, transportation, and storage of personal data. Employees and any others who obtain, handle, process, transport, and store personal data for Grace Place Church must adhere to these principles.

THE PRINCIPLES
The principles require that personal data shall be managed in accordance with stipulations as listed:

    1. Accountability: Grace Place Church has designated a “Responsible Person” to give effect to the POPI principles below and to ensure that the principles set out and all the measures that give effect to the principles are complied with. Process limitations: Personal Information must be processed lawfully and in a reasonable manner that does not infringe the privacy of any individual. Personal information may only be processed for the purpose it was intended for, provided that the information is relevant and not excessive. Personal information must be collected directly from the persons concerned when they come to church or any of its outreach programme.
  1. Purpose specifications: Personal information must be collected for a specific, explicitly defined, and lawful purpose related to a function or activity of the church. It is imperative that records of personal information must not be retained any longer than is necessary for achieving the purpose for which the information was collected or subsequently used. In terms of membership or where minors need to be signed in for security reasons, people need to consent to the retention of the records.
  2. Further processing limitations: Grace Place Church’s “Responsible Person” will always consider the following; (a) make sure that the person concerned has given consent to process their information, (b) whether the member has not requested deletion prior to processing their information and (c) whether the information is compatible with the purpose of collection, available in a public record.
  3. Quality of information: The church’s “Responsible Person” will take reasonably practicable steps to ensure that the personal information is complete, accurate, not misleading and updated where necessary for the purpose it is intended.
  4. Openness: Personal information collected as part of membership or any transaction will include a name, address or contact detail such as an email address. This is collected in a fair and transparent manner. To ensure that the processing of information is fair, individuals will be aware of what specific personal information is being held by the church. Grace Place Church will ‘register’ by submitting a notification to the Regulator before commencing the processing of personal.
  5. Security safeguards: Grace Place Church through the “Responsible Person” will secure the integrity and confidentiality of personal information in its possession or under its control by taking appropriate, reasonable technical and organizational measures. Appropriate internal control measures are in place and regularly evaluated i.e., ensuring that security practices and procedures are effective and in place. All employees and volunteers processing personal information on behalf of the church will always, (a) process this information with the knowledge or authorization of the church; and (b) treat personal information which comes to their knowledge as confidential and will not disclose it. Should there be a breach the church will notify the Information Regulator and the data subject as soon as it practically possible. The church will consider the legitimate needs of law enforcement or any another reasonable measures to determine the scope of the breach to the data subject and to restore the integrity of the church. A notification providing sufficient information to allow the affected person/s to take protective measures against the potential consequences of the compromise, including, if known to the church, the identity of the unauthorized person who may have accessed or acquired the personal information will be provided to the data subject concerned.
  6. Personal information on record & third-party disclosures: The church must make provision for the members, who have provided adequate proof of identity, to request what personal information the church holds about them, including third parties the church may have shared the member’s personal information with.

HOW WE COLLECT DATA & INFORMATION ABOUT YOU
We collect personal information each time you are in contact with us. For example, when you:

  1. Visit our website;
  2. Book for an in- person service;
  3. Register for an event;
  4. Responsible, empowered users Complete any of the online forms;
  5. Communicate with the Church Clear roles and responsibilities in the implementation of the policy by email;
  6. Receive counselling;
  7. Access to social media platforms such as Facebook, YouTube, WhatsApp, Instagram.

MAINTAINING CONFIDENTIALITY
Grace Place Church will treat all your personal information as private and confidential and will not disclose any data about you to anyone other than the leadership and operational team leaders of the church to facilitate administration and day- to- day ministry of the Church.

All Grace Place Church staff & volunteers who have access to Personal Data will be required to agree to sign a Data Protection Policy.
There are four exceptional circumstances to the above:

  1. Where we are legally compelled to do so;
  2. Where there is a duty to the public to disclose information;
  3. Where the disclosure is to protect your interests;
  4. Where the disclosure is made at your request or with your consent.

USE OF PERSONAL INFORMATION
The day-to-day administration of the church. For example, Grace Place Church calls, preparation of service run sheets, notification of team leader days. Contacting you to keep you informed about small groups, church events, services, and activities. Executive reports that require the collation of statistics. For example, church attendance, small group attendance.

The Database (Anatomy)
This database can only be accessed by staff and volunteers who have been authorized to do so by the Senior Leaders.

  1. Access is controlled using a login username;
  2. Only Senior Leaders have access to all information on the database. All other authorized staff & volunteers have limited access to specific sections.
  3. Staff & volunteers who have access are the church administrator and members of the Grace Place staff.
  4. None of your information is passed on to third parties outside the church environment without your consent.
  5. Sensitive, personal information is kept strictly confidential. It is never sold, given away or otherwise shared with anyone, unless required by law.

RIGHTS TO ACCESS INFORMATION
Employees and other subjects of personal data held by Grace Place Church have the right to access any personal data that is being held in certain manual filing systems. This right is subject to certain exemptions: Personal Information may be withheld if the information relates to another individual.

Any person who wishes to exercise this right should make the request in writing to the Grace Place Church Information Officer info@graceplace.co.za

If personal details are inaccurate, they can be amended upon request.

Grace Place Church claims to comply with requests for access to personal information as quickly as possible but will ensure that it is provided within 30 days of receipt of a completed form (linked here) unless there is good reason for delay. In such cases, the reason for delay will be explained in writing to the individual making the request.

TYPE OF INFORMATION WE COLLECT Grace Place Church has a Personal Information Inventory that lists all the areas where the following information is required from guests; volunteers & staff:

  1. Demographic information;
  2. Contact information;
  3. Preferences;
  4. Background information

This inventory includes special personal information that requires extra care:

  1. Client information obtained during counselling.

YOUR RIGHTS & CHOICES

  1. Everyone has the right to privacy;
  2. The right to privacy includes a right to protection against the unlawful collection, retention, dissemination and use of personal information;
  3. You have a right to privacy regarding the collection, use and storage of your personal information. This includes the right to de- consent to the collection of your personal information by the church and the right to decline the provision of your personal information;
  4. Grace Place Church has consent options regarding the collection of personal information on all forms & areas where any kind of personal information is required from you;
  5. Attached to all of these consent options are details regarding our privacy policy that include how the data is collected, what it is intended for and the like;
  6. You have the right to de- consent or to decline consent. There are notification links that assist you in requesting these (linked here). Your information will be deleted within 72 hours of your request. Any hard copies of information requested from you will be shredded by the operator. A report of the de- consent will be noted by the Information Regulator.

CHILDREN CONSENT FORMS FROM GUARDIANS
Personal information may only be processed if the data subject or a competent person where the data subject is a child, consents to the processing.

RETENTION OF DATA
Grace Place Church will retain your personal information for only as long as is necessary for the purposes as set out in this policy.

CHANGES TO OUR PRIVACY POLICY
Grace Place Church reserves the right to change the Privacy Policy at any time. When this policy is revised, we will post the updated version on our website and send a notification to all registered data subjects. Your continued use of our site indicates your acceptance of these changes.

SMS/ WHATSAPP PRIVACY POLICY

  1. We respect your privacy and will not distribute your mobile contact details to any third parties;
  2. If at any time you need our contact information on how to discontinue text messages, please send HELP to info@graceplace.co.za. We will then delete your mobile number from our storage database;
  3. By subscribing, you have provided us with consent to send you text messages regarding our church’s events and updates. Message frequency varies by events;
  4. In general, the messages we send provide you with information about our church events. Some of the text messages we send may include links to websites. To access these websites, you will need a web browser and internet access.

Should you have any queries or concerns regarding the above, please contact the Church office at info@graceplace.co.za.