The policy sets out the different areas where user privacy is concerned and outlines the obligations & requirements of the users and Concordant Systems. Furthermore, the way ChurchBuilder processes, stores and protects user data and information will also be detailed within this policy.
This web application and its owners take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users. ChurchBuilder complies with all UK national laws and requirements for user privacy.
ChurchBuilder uses session cookies to ensure that the system works consistently as a user navigates around it. This cookie is not left on the visitor’s computer when they leave the site.
Some churches may choose to add Google Analytics or other tracking mechanisms to their site which do leave behind cookies and would therefore require them to include a warning for visiting users for compliance with recent legislation.
Once logged in, a user can choose to save login details on their computer, and some parts of the system store preference information. The church’s terms and conditions for the site that are accepted on first login should draw attention to this.
CONTACT & COMMUNICATION
Users contacting a ChurchBuilder site or its owners submit their information for processing by that Church. Privacy questions regarding church-owned data should be addressed to the church. The data is stored and backed up by Concordant Systems per our Data Protection Policy, but is otherwise processed according the policies of the church that owns the site.
Concordant Systems makes no use of church-owned data except when performing technical support for or on behalf of a church.
DATA ACCURACY AND UPDATES
The personal information stored on ChurchBuilder is under the control of the church that owns the site. All subject access requests should be directed at the church that owns the data. The church should have a policy for how personal data is kept up to date and how old data is deleted.
ChurchBuilder contains many features that restrict who in a church can access the data of an individual. These security features are under the control of the church’s representatives that have been given responsibility for managing their site. These representatives also have measures available to check that the security features that have been set are working as intended. Requests about what personal data church staff or members have access to on a a particular ChurchBuilder site should be directed at that church’s ChurchBuilder representatives or the church’s governing body.
DATA STORAGE AND SAFETY
Concordant processes data per our data protection policy and the UK Data Protection Act. This includes requirements for keeping ChurchBuilder safe from attack and accident, restricting who has access to confidential data, encrypting personal data when it is stored or moved around, and ensuring that the storage hardware is destroyed when it is decommissioned.
Data is stored in the UK on servers that are owned by Ternion Technologies Ltd, but under the control of Concordant Systems Ltd and complying with our data protection policy. Ternion Technologies is 50% owned by the directors of Concordant Systems Ltd. Our primary datacentre is RapidSwitch Maidenhead.
We reserve the right to pass on personal information to any law enforcement agencies properly requesting it in connection with the commission of any offence once we are reasonably satisfied as to the circumstances surrounding the request.