Introduction & Scope

This is the data protection policy (the Policy) of Christians Together in Jersey (CTJ).

CTJ is committed to protecting and respecting individual privacy. The purpose of this Policy is to ensure that CTJ complies with the Data Protection (Jersey) Law 2018 governing the use of information relating to natural living persons.

This Policy may be supplemented by guidelines where appropriate and may be updated from time to time.

Terms

This Policy uses the following defined terms:

• Data Protection Officer means the Chairman of CTJ or their nominated deputy.
• Data Subjects means individuals whose Personal Data CTJ Processes in the course of its activities, particularly individuals who represent members of CTJ.
• Personal Data means information that: relates to an identified or identifiable natural living person; and is held either (i) on computer or in other electronic or automatically Processed form; or (ii) in a paper filing system arranged to be accessible according to specified criteria.
• Processing means collecting, storing, analysing, using, disclosing, archiving, deleting or doing anything else with Personal Data (and Process and Processed should be read accordingly).
• Officer means any person who Processes Personal Data for and on behalf of CTJ, including the Joint Presidents, Chair, Secretary and Treasurer.

Data Protection Compliance

All Officers must comply with this Policy.

Data Protection Officer

Queries in relation to this Policy or data privacy issues generally should be directed to the Data Protection Officer in the first instance, by email to ctj.secretary@gmail.com.

The Data Protection Officer is responsible for the oversight of CTJ’s Processing of Personal Data and ensuring that an appropriate record of that Processing is maintained.

If an Officer believes that CTJ may not have complied with this Policy, they should inform the Data Protection Officer as soon as practicable.

If an Officer is in doubt as to the requirements of the Policy in any particular case, they should consult the Data Protection Officer.

Transparency

CTJ will ensure that a suitable privacy notice is made available to Data Subjects. The notice is to be provided in writing, in a concise, transparent, intelligible and easily accessible form, using clear and plain language.

Fairness, Legitimacy & Proportionality

CTJ will only Process Personal Data fairly and for specified purposes. CTJ will not Process Personal Data which is irrelevant or goes beyond what is necessary given the purposes of the Processing.

Having collected Personal Data for a particular purpose, CTJ will not Process that Personal Data in a way which is incompatible with that purpose without notifying the Data Subject.

International Data Transfers

CTJ will not transfer Personal Data outside of Jersey.

Consent

CTJ will only Process Personal Data on the basis that Data Subjects have given, and have not withdrawn, their consent to such Processing.

For the purposes of this Policy, consent means a clear communication of the Data Subject’s wishes and by which they signify agreement to the Processing of their Personal Data by a statement or an action (such as ticking a box).

If CTJ wishes to obtain the consent of a Data Subject for the purposes of this Policy, it will:

• request such consent in an intelligible and easily accessible form, using clear and unambiguous language;
• make sure that the Data Subject understands that they are free to withdraw their consent at any time, and inform them how they may do so;
• keep a record of the consent having been given.

Accuracy

Where CTJ Processes Personal Data it will take reasonable steps to ensure that such Personal Data is accurate and, where relevant, up to date, and will correct inaccurate Personal Data without delay.

Retention & Destruction

CTJ will delete or anonymise Personal Data when it is no longer needed or required to be retained.

Data Security

CTJ will take reasonable care, including implementing and maintaining appropriate technical and organisational security measures, in order to protect all Personal Data that it Processes.

CTJ is obliged to report certain breaches of security affecting Personal Data to the competent data protection authorities and in some circumstances is also obliged to inform affected Data Subjects. An Officer who becomes aware of or suspects such a breach must inform the Data Protection Officer immediately so that CTJ can comply with these obligations and address the possible breach.

Data Subjects’ Rights

Data Subjects have the right to:

• be provided with a copy of any Personal Data that CTJ holds about them;
• require CTJ to update or correct any inaccurate Personal Data, or complete any incomplete Personal Data, concerning them;
• require CTJ to stop processing their Personal Data for direct marketing purposes; and
• object to the processing of their Personal Data more generally.

Data Subjects may also have the right, in certain circumstances, to:

• require CTJ to delete their Personal Data;
• restrict CTJ’s Processing of their Personal Data, so that it can only continue subject to specific conditions.

If CTJ receives a communication from any Data Subject in which they seek to exercise any of these rights, that communication should be passed to the Data Protection Officer as soon as is reasonably practicable so that CTJ can respond appropriately. Officers must comply with the instructions given by the Data Protection Officer in response to the exercise of these rights.

Cooperation with Data Protection authorities

CTJ is obliged to co-operate with the competent data protection authorities in Jersey. Any communication received from a competent data protection authority should be passed to the Data Protection Officer as soon as is reasonably practicable.

Schedule to the Policy

CTJ was notified by the Office of the Information Commissioner that it had been duly registered under the Data Protection (Jersey) Law 2018 on 10^th December 2018. The following is a summary of the register entry:

Notification Number: 61804
Security Code: FR743-2PQ42
Data Controller: Christians Together in Jersey

Address

C/O Georgetown Methodist Church
Georgetown Road
St Saviour
Jersey JE2 7PH

The Data Controller holds data for the following three purposes:

PURPOSE 1: ADVERTISING, MARKETING AND PUBLIC RELATIONS

Data subjects are:

• Complainants, Correspondents & Enquirers
• Customers & Clients
• Members or Supporters

Data classes are:

• Family, Lifestyle & Social Circumstances
• Personal Details
• Religious or other Beliefs of a Similar Nature
• Financial Details

Recipients:

• Business Associates & other Professional Advisers
• The Individual or Customer Themselves
• Suppliers, Providers of Goods & Services
• Voluntary, Charitable and Religious Organisations
• Employees and agents of your organisation

Transfer of data:

• Worldwide

PURPOSE 2: CHARITY AND VOLUNTARY WORK

Data subjects are:

• Complainants, Correspondents & Enquirers
• Members or Supporters
• Staff, Volunteers, Agents, Temporary & Casual Workers

Data classes are:

• Family, Lifestyle & Social Circumstances
• Personal Details
• Religious or other Beliefs of a Similar Nature
• Financial Details

Recipients:

• Business Associates & other Professional Advisers
• The Individual or Customer Themselves
• Suppliers, Providers of Goods & Services
• Voluntary, Charitable and Religious Organisations
• Employees and agents of your organisation

Transfer of data:

• Worldwide

PURPOSE 3: MEMBERSHIP ADMINISTRATION

Data subjects are:

• Complainants, Correspondents & Enquirers
• Members or Supporters
• Staff, Volunteers, Agents, Temporary & Casual Workers

Data classes are:

• Family, Lifestyle & Social Circumstances
• Goods or Services Provided
• Personal Details
• Religious or other Beliefs of a Similar Nature
• Financial Details

Recipients:

• The Individual or Customer Themselves
• Relatives, Guardians or other Persons associated with the Customer or Individual
• Voluntary, Charitable and Religious Organisations

Transfer of data:

• None outside the Bailiwick of Jersey and EEA