Data Protection Policy

3.1 Identity & Contact Information

• Full name (first, middle, last name), title, and date of birth
• Gender, marital status, and nationality
• Residential and postal address
• Phone numbers, email addresses
• Photographs for membership identification

3.2 Membership & Ecclesiastical Data

• Membership number and status (e.g., active, inactive)
• Date of baptism, confirmation, and transfer details
• Church group and subgroup affiliations
• Skills, interests, and ministry involvement
• Leadership roles and positions held

3.3 Family & Household Information

• Household grouping for pastoral care purposes
• Emergency contact details and next of kin
• Family relationships within the congregation

3.4 Health Information (Sensitive Data)

• Blood group (for emergency situations only)
• Health-related prayer requests (voluntarily shared)
• This data is processed with your explicit consent and handled with the highest level of confidentiality.

3.5 Financial Data

• Donation and tithe records
• Pledge commitments and payment history
• Mobile money or bank details used for giving (processed through secure payment providers)

3.6 Attendance & Participation

• Worship service attendance records
• Event participation and registration details
• Small group and Bible study attendance

3.7 Digital Data

• Website usage data (cookies, access logs)
• Contact form submissions
• Email communication preferences

• Consent: Where you have given clear, informed consent for us to process your data for specific purposes (e.g., membership registration, photo publication).
• Legitimate Interest: For the operation, administration, and pastoral care of the church, including membership management, event coordination, and spiritual oversight.
• Legal Obligation: Where processing is necessary to comply with legal requirements, such as financial reporting or statutory filings.
• Vital Interest: In emergency situations where processing health or contact data is necessary to protect the life of an individual.
• Public Interest: For religious activity and community welfare initiatives that serve the public good.

5.1 Church Administration

• Managing membership records and registers
• Assigning members to groups, households, and subgroups
• Maintaining leadership and role directories
• Processing and tracking contributions and donations

5.2 Pastoral Care & Communication

• Providing spiritual guidance and pastoral support
• Sending announcements, newsletters, and event invitations
• Coordinating visitation programs and welfare activities
• Facilitating prayer support and fellowship

5.3 Financial Stewardship

• Recording tithes, offerings, and donations
• Issuing donation receipts and financial statements
• Managing pledges and pledge payment tracking
• Preparing financial reports for church governance

5.4 Website & Digital Services

• Providing sermon archives and online resources
• Processing contact form inquiries
• Displaying church events and announcements
• Enabling online member registration

6.1 Technical Security Measures

• All data is stored in encrypted databases with industry-standard encryption (AES-256)
• Our website uses SSL/TLS encryption to protect data in transit
• Row-Level Security (RLS) policies ensure data access is restricted based on user roles
• Regular security audits and system monitoring are conducted
• Multi-factor authentication for administrative access

6.2 Organizational Measures

• Access to personal data is restricted to authorized church administrators only
• All personnel with data access are trained on data protection responsibilities
• We maintain an audit trail of data access and modifications
• Data protection responsibilities are clearly assigned within the church leadership

6.3 Third-Party Processors

• We use trusted third-party services to host and process data. These include cloud infrastructure providers and payment processors, all of which maintain high security standards and comply with applicable data protection laws.
• We do not sell, rent, or trade your personal data to any third party for marketing purposes.

• Active member data: Retained for the duration of membership and a reasonable period after transfer or withdrawal.
• Financial records: Retained for a minimum of 7 years as required by financial governance standards.
• Attendance records: Retained for up to 5 years for historical and statistical purposes.
• Contact inquiries: Retained for 2 years after the inquiry is resolved.
• Website analytics data: Retained for up to 2 years.
• Inactive member data: After a period of inactivity, data may be archived or anonymized.

• Right of Access: You can request a copy of the personal data we hold about you.
• Right to Rectification: You can request correction of any inaccurate or incomplete data.
• Right to Erasure: You can request deletion of your data where there is no compelling reason for its continued processing.
• Right to Object: You can object to the processing of your data where it is based on legitimate interest.
• Right to Restrict Processing: You can request that we limit how we use your data while concerns are being investigated.
• Right to Data Portability: You can request your data in a structured, commonly used format.
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw consent at any time without affecting the lawfulness of prior processing.

• Notify the Data Protection Commission of Ghana within 72 hours of becoming aware of the breach.
• Notify affected individuals promptly if the breach is likely to result in a high risk to their rights and freedoms.
• Document the breach, its effects, and the remedial actions taken.
• Take immediate steps to contain and mitigate the impact of the breach.