top of page

Your data is your data

We strongly believe that your data belongs to you — not to us. If we collect or store any information about you, you have the full right to know what we hold and why. We view ourselves as stewards of your data, using it only for purposes that are clear, agreed upon, and genuinely beneficial to you. We deeply value the trust you place in us by sharing your personal information, and we’re committed to honoring that trust with transparency and care.

Data Protection Policy – Gateway

​

1. Introduction

1.1 Scope

This policy applies to all members, volunteers, staff, and contractors working with Gateway. It outlines our approach to data protection and the responsibilities of individuals to ensure full compliance with the UK General Data Protection Regulation (UK GDPR) and relevant legislation.

​

1.2 Legal Framework

Gateway complies with the Data Protection Act 1998 and the General Data Protection Regulation (May 2018), which require the lawful handling and protection of personal and sensitive data.

​

1.3 Registration Details

Gateway is registered to process personal and sensitive data for the following purposes:

 

Personal Data:

  • Personal details

  • Family, lifestyle and social circumstances

  • Education details

  • Employment details

 

Sensitive Personal Data:

  • Physical or mental health information

  • Religious or similar beliefs

  • Offences, including alleged offences

 

We are also registered for the use of CCTV on the premises (governed by a separate policy available in the office). Other administrative and financial data is processed but does not require separate registration.

​

1.4 Definitions

Data refers to any information recorded with the intention of being processed via computer systems or structured manual filing systems.

​

Personal Data includes any information that identifies a living individual, including opinions about them.

Sensitive Personal Data includes data related to:

​

  • Racial or ethnic origin

  • Political or religious beliefs

  • Trade union membership

  • Physical/mental health

  • Sexual life

  • Criminal records or allegations

 

Processing of sensitive personal data will only occur with the explicit consent of the data subject unless covered by specific exceptions outlined below.

​

2. Purpose of This Policy

2.1 Objective

The aim of this policy is to ensure full compliance with data protection legislation (1984, 1998, 2018) and to define the responsibilities, processes, and safeguards in place.

​

2.2 Commitment

Gateway is fully committed to data protection compliance and ensuring that all staff, volunteers, consultants, and trustees understand and implement best practices.

​

2.3 Purpose of Data Processing

Data is only held and processed for legitimate, charitable purposes, including:

  • Personnel and membership administration

  • Financial records and gift aid

  • Marketing and public communications

  • Delivery of charity objectives

 

2.4 Data Access

All individuals for whom data is held are entitled to request access at no charge. Procedures for requesting access are outlined in Section 4.

​

3. Use of Data

3.1 Guiding Principles

In accordance with ICO guidelines, Gateway ensures that personal data is:

  • Processed lawfully, fairly, and transparently

  • Collected for specified, legitimate purposes

  • Adequate, relevant, and limited to necessity

  • Accurate and up to date

  • Retained only as long as necessary

  • Processed securely and in line with subject rights

  • Transferred internationally only with adequate safeguards or explicit consent

 

3.2 Data Types Collected

Examples of data held include:

  • Names, addresses, contact details

  • Dates of birth

  • Bank and Gift Aid details

  • Family and children’s contact information

  • Medical information and permissions

  • Pastoral care and ministry notes

  • Volunteer roles and rotas

  • Event photos/videos

  • Attendance tracking

  • Third-party contracts

 

3.3 Consent

Members will be asked to sign a consent form for data to be used in the following areas:

  • Communication

  • Pastoral and prayer needs

  • Ministry and rota participation

  • Children’s and safeguarding details

  • Financial and promotional purposes

 

3.4 Processing Without Consent

In rare circumstances, data may be processed without consent when:

  • Necessary to fulfil a contract

  • Required by law or court order

  • Vital to protect someone’s life or wellbeing

 

3.5 Data Storage and Retention

Data is stored on:

  • Wix.com

 

Retention Policy:

  • Active individuals: Data retained for the duration of their involvement

  • Departed individuals: Data archived if consent is given, otherwise deleted

  • Pastoral/ministry notes: Securely shredded or deleted after use

  • Regular reviews are conducted to ensure data is accurate and up to date

 

4. Data Access and Sharing

4.1 Staff and Volunteer Access

  • Access is granted by the Data Controller on a need-to-know basis

  • Data is securely stored and protected

  • Data is not sold, shared, or transferred without explicit consent

  • Third-party requests are handled by the Data Controller

  • Police data access requires an official DATA ACCESS REQUEST form

  • Staff must report any data breach to the Data Controller within 72 hours

 

4.2 Rights of Data Subjects

Data subjects have the right to:

  • Access and review their data

  • Correct errors

  • Restrict processing for marketing

  • Request erasure (“right to be forgotten”)

  • Submit complaints to the ICO if they believe data was misused

 

Requests must be made via a form from the office and will be fulfilled within one month. Any third-party references in the data will be redacted unless required for legal/criminal investigations.

 

4.3 Third-Party Access

  • Access may be granted for specific purposes (e.g., IT support, media coordination)

  • All third-party access requires a contract and explicit data subject consent

  • No data will be shared by phone, email, or verbally without consent

  • Most data will be password-protected rather than encrypted due to its low-risk nature

 

5. Complaints and Breaches

5.1 Complaints Procedure

Complaints about data handling should be addressed to the Data Controller. If unresolved, individuals may escalate the issue to the ICO.

​

5.2 Disciplinary Action

  • Non-compliance by staff will result in a warning, followed by disciplinary measures if unresolved

  • Volunteers refusing to comply may be removed from their role until compliance is agreed

 

6. Governance

6.1 Oversight

This policy is overseen by the Board of Trustees. The appointed Data Protection Officer is Mark Reasbeck.

​

6.2 Implementation

This policy will be implemented following trustee review and consultation with affected individuals.

​

6.3 Review

The policy will be reviewed annually for effectiveness and relevance and shared during staff training sessions.

ABOUT US

Welcome to Gateway Church, a place where Christian faith thrives and community flourishes. As you step through our doors, we will greet you with a friendly smile.

  • Youtube
  • Facebook

ADDRESS

07913 386543

 

Mottram Hall,

Mottram St, Barnsley S71 1BH

United Kingdom

​

SUBSCRIBE FOR EMAILS

Thanks for submitting!

© 2024 Gateway Church. Powered and secured by Wix, designed by Sebastian Cis

bottom of page