Church Policy documents
Data Protection and GDPR
Social Media Policy
Social Media Working with young people
Password Protected Documents
Data Protection and GDPR
The General Data Protection Regulation (GDPR) came into force in May 2018 and consolidated existing legal obligations on organisations such as Yatton Methodist Church.
Yatton Methodist Church does what it can to protect privacy and keep information safe. If as a volunteer, minister or employee in the church you use or have access to personal information, you are responsible for ensuring that such information is handled in accordance with data protection legislation and in line with best practice.
This guide summarises what you need to do as a volunteer, minister or employee in the church to ensure that the information you hold is looked after carefully and kept safe.
What is personal information?
Any information identifying a living individual or information relating to an individual that can be identified from that information. Personal Data can be factual (for example, a name, email address, location or date of birth, photograph, disability, health or ethnicity data) or an opinion about that person’s actions or behaviour.
Code of Practice
- Carefully read and follow the Yatton Methodist Church Data Protection Policy.
- Review and keep under review the personal information you collect and use. What information do you have? Why? Who has access to it? Do you need to keep all the information you have?
If you do not need all the information you hold this could be a great opportunity to dispose of it in accordance with the guidelines.
There are six lawful bases for collecting data as follows. In the context of Yatton Methodist Church it will almost always be either A. or B.
- legitimate interest;
This lawful basis is appropriate if . . .
- The church has a legitimate interest for using the data for the purposes proposed. Note that legitimate interests can range from the trivial to the compelling.
- The proposed use of the data is within the “reasonable expectations” of the individual, and the individual would understand why their personal information is being used for the particular purpose.
- The use of the personal information is targeted and proportionate to achieve the intended purpose.
where the individual has knowingly and freely given their clear consent to the collection and use of their personal information, and for the use (processing) of their information for the specific purpose in question. It can be written or verbal, but must be specific.
- legal obligation;
- vital interest (life or death scenarios);
- public interest (mainly for public bodies);
- Only use the personal information that you need and only for activities relating to the life and work of the Methodist Church.
e.g. do not use information from the Church Directory for your own private or business purposes, and only use personal information you actually need for the purpose required.
- Only collect and use the minimum amount of personal information that you need for a particular task.
e.g. if you are arranging a pastoral visit, you only need to collect sufficient personal information to enable the pastoral visitor to provide pastoral support. The pastoral visitor is meeting the spiritual needs of the Church member rather than providing medical care requiring a full medical history.
- Check the information you have is correct and up-to-date.
e.g. read back personal information given over the telephone, and update information when notified about changes in contact details.
- Destroy/ delete personal information as soon as it is no longer needed by shredding hardcopies and/or deleting computer files (including backups) in accordance with the guidelines detailed in the Yatton Methodist Church church Data Protection Policy. i.e. do not keep hold of information longer than you need it.
- Review how you collect and store personal information and update processes as necessary to ensure its safety.
e.g. do not leave personal information unattended in the vestry; store computer files on a password protected machine; do not print information unless you really need to and if you do store it somewhere safe.
- If you lose or allow unauthorised access to personal information, immediately contact the Yatton Methodist Church Data Championso that they can tell you what to do next.
Take any immediate action that you can to get the information back e.g. recall the email, ask the unintended recipient not to read it and delete the email, retrace your steps to find lost papers or contact the train or bus company if you think you left them on public transport
- Respond to requests to exercise data rights e.g. to erase information or provide details of information held, without delay and notify the Yatton Methodist Church Data Champion.
e.g. if somebody asks for copies of all the personal information you hold about them or asks you to delete personal information.
The Methodist Church uses personal information in many different ways but the following two purposes raise the most queries.
Directories and Circuit Plans
- You can rely on “legitimate interests” if the Directory or Circuit Plan is not shared with third parties.
- If you share the Directory or Circuit Plan with third parties e.g. they are published on your website or made accessible to third parties (left in the church foyer) you will need to obtain consent. Please note there is no need for consent to be obtained from Ministers in Full Connexion or probationers.
- If you have not obtained consent because you do not make the Directory or Circuit Plan available to third parties, ensure those members with a copy know they must keep the information confidential.
- When people give you their personal information to include in the Directory or Circuit Plan, destroy the completed forms; shred or tear up information handed to you in paper form and delete emails, or store the information securely only for so long as you need to. Keep in locked filing cabinets, locked cupboards or password protected files or anywhere that is considered safe and secure.
- You can rely on “legitimate interests” if the information belongs to the Church’s own members, former members, or persons with whom it has regular contact in connection with the Church and will not be shared with third parties.
- Keep any health information to a minimum. The person may want to share details of their illness with you but you do not need to take written records of this. What do you need to record? What information is essential for the pastoral records?
- As the information may include special category information e.g. health data, take special care of it. Keep any paper records in a locked filing cabinet (or cupboard) if possible, keep any computer records password protected, do not leave the files unattended and only share information with others involved in pastoral visits on a need to know basis.
Where to find more help?
Contact: Martin Buckley, Yatton Methodist Church Data Champion
Social Media Working with Young people
Policy and Guidelines
This policy document relates to social networking, internet, email and use of mobile phones.
We recognise that for many young people, technology is their preferred means of communication and it can also be an extremely effective tool within youth work. However while it brings opportunities there are also significant risk and it is important that guidelines are followed.
Leaders communicating with young people or vulnerable adults via the internet, email, social networking or mobile phone must be DBS checked in accordance with the Methodist Church safeguarding guidelines.
It is recommended that:
- If a worker expects to communicate with young people via email, messenger, social networking sites or texting, written permission from the child’s parents should be given.
- One-to-one communication between a worker and a young person should normally be avoided. Communication should always be in a page or group context, using an approved ‘Work’ account that a supervisor or approved third party can access and review.
- Clear and unambiguous language should be used in all communications. Avoid abbreviations and symbols that could be mis-interpreted.
- Do not use any comment or picture of a young person without written parental permission.
- Employed workers should be supplied with a mobile phone dedicated for work purposes. This allows for the phone to be switched off outside working hours, and for usage to be accountable.
- The work phone number should be the only number that young people are given; a worker’s personal number should remain private.
- Any texts received that raise concerns should be saved and passed on to a supervisor, safeguarding officer or approved third party within the organisation. Conversations raising concerns should be discussed as soon as possible.
Email and Messenger services, including Whatsapp etc:
- Be aware of who has access to computers, or other devices, used for communication between workers and young people.
- There should be a ‘curfew’ on instant messenger communication and mobile phone texting and this should only take place during reasonable ‘working hours’ and not late into the night etc.
- Log and save all conversations and regularly review these with your supervisor before they are deleted. Make sure that young people know that a supervisor has access to the conversations.
- Video or Voice messenger should be done in public so that other people are aware of what you are doing and to whom you are speaking.
Facebook & Social Networking Sites:
- Best practice is that it is not appropriate to use a personal Facebook account and profile for work with young people, so you should create a professional account to manage your communications with young people
- To create a professional or ‘work’ account and profile, enter your work email in the sign up box, adding ‘Work’ or another suitable term after your last name to distinguish your professional profile from your personal (i.e. Sue Brice Work)
- Your supervisor/Named Person should be aware of the account name and password so that they can at any time log onto the account to monitor the communications. Young people should be made aware that information is shared in this way.
- You should ensure your organisation/church name is entered onto the profile you create. Also make sure you use work contact details and web address.
- You should use a photo of you in an official/work setting.
- Adding interests makes your profile more interesting, but only share information appropriate to the young people you will be working with. Likes or endorsements of political causes might not be appropriate.
- You should consider entering a ‘expectations statement’ under ‘about’ in your profile such as:
I am a youth worker with a keen interest in social media which I use to share about the groups and events we run through Yatton Methodist Church. I also post lots of links that I think young people who come to our groups would find interesting. I only log-in to Facebook a few times a week so if you need to contact someone from Yatton Methodist Church urgently then please call 0XXXXXXXX or email theYW@xxxxxxxx.org.uk.
- Any communication or content that raises concerns should be saved or printed, shared and discussed with your supervisor/named person.
- Workers should only accept friend requests for this profile from young people known to them, that they have first met offline.
- Communication should normally be in the public domain wherever possible using group mailings or public wall posts.
- Workers with personal social networking accounts should customise their privacy settings in order to maintain the boundaries between their personal and professional lives.
At Yatton Methodist Church we welcome all gifts in Wills, however large or small, and we promise to use those gifts to make a difference in our church and/or community.
Our legacy policy is to use gifts to help fund significant activities or projects, whether buildings, equipment or staff, rather than day to day expenditure.
Since needs change over the years, we encourage gifts left in wills to be for the general purposes of the church rather than for a restricted purpose. Church Council representatives may discuss possible uses of a particular gift with executors, bearing in mind any known areas of interest in the church by the benefactor (e.g. music, buildings, children and youth, evangelism, overseas mission or aid) and the churches priority at the time.
Gift left to the church will be used as soon as practically possible, to make a real difference to the church’s mission and ministry.