Important information about how we collect and use your personal information.
WHO ARE WE?
Acts 29 is a diverse, global family of church-planting churches. We are about one thing: church planting. We exist to encourage, resource, facilitate, support and equip churches to plant churches that will plant church-planting churches.
When we refer to “we, us or our” in this policy we mean Acts 29 Network (a corporation registered in the US State of Washington and operated exclusively for religious purposes within the meaning of US Internal Revenue Code 501(c)(3) and its affiliates).
WHAT IS THIS POLICY ABOUT?
In line with data privacy regulations in the European Union (EU), we want to let you know:
- What information we may collect about you;
- What we use your personal information for;
- How we store your personal information;
- Who (if anyone) we pass your information on to and for what purpose;
- How you can raise any concerns about the accuracy, processing or use of your personal information.
WHAT INFORMATION DO WE COLLECT?
We collect general data on how the website is being used using a third-party service, Google Analytics; this is anonymous and is collected using cookies.
If you subscribe to Acts 29 or choose to connect with us via the website links, we will also collect personal information such as:
- Email address;
- Your preferences on the way you receive information;
- A record of any consent you provide; and
- If you email us, any information you choose to include in your message.
For those who are part of the Acts 29 family, donors or members of staff, we will collect household and church information that may include:
- Contact details (name, address, telephone, email);
- Family information (e.g. spouse);
- Financial details (e.g. bank accounts to process donations or pay salaries);
- Tax details for paying income tax or claiming tax relief; and
- Communication history.
The Assessment Process collects the same information as is collected from the Acts 29 family. In addition, personal data that is classified as sensitive under the data protection regulations is collected as part of the assessment process including:
- Applicant views and opinions on various issues;
- Family and relationship history;
- Financial track record;
- Health and wellbeing; and
- Information from external sources (references).
Personal information provided in the assessment process is done so with the explicit consent of the data subject (‘Applicant’); once membership has been achieved a copy of the pastor’s final assessment report is retained for 3 years after which time will be deleted because it has served the purpose of assessment and integration into the Acts 29 network.
In all of these areas, except where stated otherwise, we will keep your personal information only for as long as we consider it necessary to carry out each activity. For those who undergo the ‘potential planter’ assessment, personal contact data will be kept for up to 5 years for the purpose of helping individuals progress towards our main assessment process and the planting of a church.
We have a data retention policy to implement this and have set parameters for keeping personal data in line with the purpose for which it was collected. As we consider reasonable parameters for holding information, we take account of our legal obligations, including accounting and tax guidelines.
For example, we will retain records of donations for 6 years to meet tax and accounting requirements, but we will only hold details of personal accommodation and dietary requirements for the purpose of planning and running an event. This information will be deleted within 6 months of the event occurring.
HOW DO WE COLLECT INFORMATION FROM YOU?
Acts 29 collects information each time a person deals with our organisation, for example, if you request information, sign up for an event, complete a survey, provide a comment, make a donation or register with us to receive newsletters / updates. You may do this electronically or you may complete a form at a conference or exhibition.
We also collect information about our Acts 29 family, including pastors and churches who are members, candidates or applicants. Personal data is collected when a person makes an initial enquiry and completes a questionnaire to determine whether they may be suited to becoming a formal applicant / candidate. This personal information is stored in a bespoke assessment application software.
Acts 29 members also participate annually in the Covenant Renewal or Covenant Update process where they update their details including their personal data. Information is held on our Customer Relationship Management system (CRM) which is a controlled access database.
Acts 29 family provide personal data in relation to specific events when they choose to receive details or book on as a delegate or attendee.
HOW WE USE YOUR INFORMATION
We may use your information to:
- Send you information or communications which you have requested and that may be of interest to you. These may include information about how Acts 29 is growing, stories from our church family around the world, updates on key initiatives, events or specific campaigns.
- Let you know about other activities or updates from our gospel partnerships, for example, The Gospel Coalition, Oak Hill College or Compassion International.
- Process a donation that you have made.
- Manage and support the Acts 29 assessment process for member pastors.
- Facilitate coaching and training opportunities for new member pastors and their churches as part of embedding in their local network and growing their churches.
- Seek your views or feedback on events or aspects of Acts 29 activities.
- Notify you of changes to events, Acts 29 policies or processes.
WHAT DO WE DO WITH IT?
How personal data is used is influenced by the type of relationship that exists between you and Acts 29. These broad categories are set out in the section below with further information on how we process data for each:
- Acts 29 family – member pastors and member churches / candidate pastors and candidate churches / applicant pastors and applicant churches
- Acts 29 Network Directors, Network Leadership Teams and volunteers
- Acts 29 Donors
- Acts 29 Staff and Recruitment Applicants
- Acts 29 Strategic Partners
- Suppliers (including subcontractors / people associated with our suppliers or subcontractors)
- Others who get in touch with us
- Visitors to our website
WHO DO WE SHARE INFORMATION WITH?
We will never sell your data to another party or share your data with third parties for marketing purposes.
We use third-party providers to work on our behalf supporting activity such as sending out mailings, organising events and processing payments or donations.
When we use third party service providers, we disclose only the personal information that is necessary to deliver the service. We have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. Details of the third-parties we work with on an ongoing basis are available here.
In circumstances where we share your information with a third-party providing a service to you, and where they may be acting as a data controller, we advise that you review their privacy policies.
An example of this would be a hotel being used for an Acts 29 event; the relevant third-party will use your details to provide you with information to carry out their obligations in relation to any contracts you have entered into with them (for example, a reservation for your accommodation and to provide you with what you require during your stay).
We have strategic partnerships with whom we collaborate to build God’s kingdom and extend the reach of the gospel. Where we are working on projects with a partner and are linking up with parts of the Acts 29 family to do so, contact details and information on related member pastors / churches may be shared with our partners.
We may share information with governmental agencies or other companies assisting us in fraud prevention or investigation. We may do so when: (1) permitted or required by law; or, (2) trying to protect against or prevent actual or potential fraud or unauthorized transactions; or, (3) investigating fraud which has already taken place. The information is not provided to these companies for marketing purposes.
HOW AND WHERE WE STORE YOUR INFORMATION
We are committed to holding your personal data securely; your information may be stored digitally (held on servers or computers) or in some areas hard copy (paper based).
The security controls we have in place, which combine both technical and physical measures to protect any personal data you provide, include:
- Data transfers from the EU to third party suppliers in the US operate under the EU-US Privacy Shield framework. This requires:
- Strong data protection obligations on companies receiving personal data from the EU
- Effective protection and redress for individuals
- Access to systems for Acts 29 teams is through secure, encrypted logins and network / access level controls to ensure that data is accessible only to relevant team members.
- Sensitive information is held in password protected files.
- Third parties must use secure servers.
- Encrypted sending and receiving of personal data.
- Locked cabinets in locked offices where personal data is stored in hard copy.
- Clear desk policies for personal data in hard copy format.
- Screen locks and password protected PC’s and laptops.
We use cloud-based systems to process data, and therefore data may be processed outside of the EU. We adopt the UK Information Commissioners approved measures and therefore ensure that personal data is held in compliance with European data protection regulations, wherever it is in the world. We take all reasonable steps to ensure that your data is stored and processed securely in accordance with this policy. By submitting your personal data, you agree to this transfer, storing and processing of your information.
TRANSFERRING PERSONAL INFORMATION OUTSIDE EUROPE
As part of the services offered to you by Acts 29, the information which you provide to us may be transferred to countries outside the European Union (“EU”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU. These countries may not have similar data protection laws to the UK. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take the necessary steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.
If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
EU CITIZEN RIGHTS WITH PERSONAL DATA
Unless subject to an exemption under the GDPR, EU citizens have specific rights in relation to personal data:
- Access – you have the right to receive confirmation that your data is being processed and to have access to it. You can make a Subject Access Request if you wish to get a copy of your personal data.
- Accuracy – personal data can be rectified if it is inaccurate, incomplete or out of date.
- Erasure – you may request for your personal data to be erased if it is no longer necessary for Acts 29 to retain your information, if you withdraw your consent, if there is no overriding legitimate interest to continue processing it, or your data has been processed unlawfully.
- You may request a restriction is placed on further processing where there is a dispute in relation to the accuracy or processing of your personal data.
- You have the right to data portability in some circumstances, this enables you to move, copy or transfer your data from one IT environment to another securely and without affecting its usability.
- You have the right to object to processing based on legitimate interests or direct marketing.
- You have the right to object to your personal data being used for automated decision making and profiling i.e. where decisions are being made solely by automated means and without any human involvement.
YOUR CHOICES AND TELLING US WHEN THINGS CHANGE
You can change your preferences about what you receive from us at any time. We have added to our communications an opportunity to unsubscribe or amend your preferred ways of being contacted.
This can be done by using the update preferences option in the communications you receive from us. Or, if you prefer, you can write to email@example.com or to our postal address in Sheffield, UK (see Queries or Complaints section).
Updating your details
We do appreciate it if you keep your details up to date. You can do so in the same way as updating your preferences or, if you are a member pastor, candidate or applicant you can log into the assessment app and update your profile.
Telling us to stop processing
You have the right to ask us to erase your personal data, restrict our processing or object to our processing of your personal data, so long as the lawful purpose for processing is not for a statutory reason. You can do so at any time by writing to us at firstname.lastname@example.org.
ACCESS TO PERSONAL INFORMATION
We aim to be as open as possible in terms of giving you access to your personal information.
Individuals who are EU citizens can find out if we hold any personal information by making a ‘subject access request’ under the data protection regulations. If we do hold information about you we will:
- Give you a description of it.
- Tell you why we are using it.
- Tell you who has access to it.
- Provide you with a copy of it in an accessible form.
To make a subject access request to Acts 29 for any personal information we may hold, you need to put the request in writing to: email@example.com.
Further Information about how we will handle subject access requests can be found here.
QUERIES OR COMPLAINTS
Acts 29 strives to meet a high standard when collecting, storing and using personal information. For this reason, we take any concerns or complaints we receive about this very seriously.
If you have any queries about your personal data and how we are processing it, we are happy to provide additional information or explanation.
We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
Please send any queries, suggestions or complaints to firstname.lastname@example.org.
Alternatively, you can write to:
Data Protection Officer – Acts 29 Central (UK)
Sharrow Vale Road
You may also contact the Information Commissioner’s Office with any concerns or complaints:
- Telephone: +44 303 123 1113
- Email: https://ico.org.uk/global/contact-us/email/
- Mailing address: The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
DISCLOSURE OF PERSONAL INFORMATION
We will never disclose personal data without consent, except where required by law.
16 OR UNDER
We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ you must get your parent/guardian’s permission before providing us with personal information.
LINKS TO OTHER WEBSITES
HOW TO CONTACT US
Data Protection Officer
Acts 29 Central (UK)
Sharrow Vale Road