data protection
policy.

policy statement.

In accordance with the General Data Protection Regulations (GDPR) which became law across the EU in May 2018, WATERBEACH BAPTIST CHURCH is committed to protecting all personal information (data) that we handle, and to respect people’s rights about how we deal with their information. This policy explains our responsibilities and how we will meet them.
We process personal data to help us:

  • maintain our list of church members and regular attenders

  • provide pastoral support for members and others connected with our church

  • provide members and friends of the church with details of events, meetings and activities

  • provide services to the community such as Beach Churches Together, Holiday Club and the Light Party

  • safeguard children, young people and adults at risk

  • maintain our accounts and records

why this policy is important.

We will make sure that we collect and process all personal data lawfully and fairly, and that it is accurate and up to date. We will also store it securely and ensure it is not kept longer than necessary.


​Anyone processing personal information on behalf of the church is required to comply with this policy. If you think that you have accidentally breached the policy it is important that you contact our Data Protection Trustee immediately. Anyone who intentionally breaches the Data Protection Policy or has misused any personal data, may be subject to disciplinary action or be liable to prosecution.

what personal information do we process?

We process personal data in both electronic and paper form and all is protected under data protection law. The personal data we process can include information such as names, contact details, and photographs of people. We will not hold information relating to criminal proceedings or offences or allegations of offences unless there is a clear lawful basis to do so.


If personal data is collected directly from you, we will explain why this is required by issuing a “Privacy Notice” at the time when the personal data is collected.

when we need consent to process data.

When we are required to get your consent to collect information, we will clearly set out what data we require, why we need it, and how we plan to use it. Consent can, however, be refused and can also be withdrawn at any time.

storing and protecting your data.

We will not keep personal data longer than is necessary for the purposes that it was collected for, and we will use appropriate measures to keep data secure at all points of the processing.

your rights regarding personal data.

We will process personal data in line with the GDPR and you have the right to:

  • request access to any of your personal data held by us, and we will respond as soon as possible and at the latest within one calendar month

  • ask to have inaccurate personal data changed

  • withdraw your consent at any time

sharing information with other organisations.

We will only share personal data with other organisations if we have informed you about the possibility of the data being shared (in the Privacy Notice), in which case we will keep records of any information shared with a third party.