Privacy Policy Celebration Church Johannesburg (CCJ)

CCJ uses peoples’ personal data for the purpose of general church communication & administration.

CCJ recognises the importance of the proper and lawful handling of personal data. All personal data, whether it is kept on paper, computer, or other media, will be subject to the appropriate legal safeguards as specified in the Protection of Personal Information Act, 2013 (the POPI Act).

CCJ endorses and complies with the 8 principles in the POPI Act. These principles relate to how personal data can be obtained, handled, processed, transported, and stored. Employees and any others who obtain, handle, process, transport, and store personal data for CCJ will adhere to these principles.

THE 8 INFORMATION PROTECTION PRINCIPLES

By law CCJ is required to manage personal data as follows:-

1. Accountability – CCJ’s senior pastors have delegated authority to and have nominated two Responsible Persons (Responsible Person) to give effect to the 8 POPI principles below and to ensure that the principles set out and all the measures that give effect to the principles are complied with.

2. Process limitation – Personal Information must be processed lawfully and in a reasonable manner that does not infringe the privacy of any person. Personal information may only be processed for the purpose it was intended for, provided that the information is relevant and not excessive. Personal information may only be processed if the person consents to its processing. People may object, at any time, on reasonable grounds and in the prescribed manner like when a member chooses to stop being a member. Where the person has objected, the church will no longer process the personal information. Personal information must be collected directly from the person(s) concerned like when the person comes to church, allows their child to attend CCJ Kids, Youth, fills in or gives information arising out of or in relation to: membership, baby dedication, baptism, wedding, funeral, fund raising campaign contribution card, prayer form, emails,registers for any of the church’s courses, WhatsApp Community Groups, classes, programs, trainings, volunteer forms, missions, Cell Group membership, gives or receives counselling, requests relief aid or assistance, joins or connects through any of CCJ’s online or social media platforms and WhatsApp groups, or any transaction, etc (for brevity that non-exhaustive list shall be referred to here, as “connecting with the life of the church” and that phrase should not be seen as derogating from the generality of the non-exhaustive list.)

3. Purpose specifications – Personal information must be collected for a specific, explicitly defined, and lawful purpose related to a function or activity arising out of or in connection with the church. Personal information must not be retained any longer than is necessary for achieving the purpose for which the information was collected or subsequently used. In terms of membership or where minors need to be signed in for security reasons, people need to consent to the retention of the record. Where retention may be required or prescribed by law or a code of conduct such as when the church stores banking details (like credit card details) it will safeguard such information.

4. Further processing limitations – CCJ’s Responsible Person will consider: (a) the person’s consent to process their information, (b) whether the member/attendee has not requested deletion and (c) whether the information is compatible with the purpose of collection, or available in a public record.

5. Information Quality – CCJ’s Responsible Person will take reasonable and practical steps to ensure that the personal information is complete, accurate, not misleading and updated where necessary for the purpose it is intended.

6. Openness – Personal information collected as the person connects with the life of the church will usually include: name, address, email address and cell phone contact details and sometimes age. This is collected in a fair and transparent manner. To ensure that the processing of information is fair, individuals will be aware of what specific personal information is being held by the church.

7. Security safeguards – The Responsible Person will secure the integrity and confidentiality of personal information in its possession or under its control by taking appropriate, reasonable technical and organisational measures. Appropriate internal control measures are in place and regularly verified i.e., ensuring that security practices and procedures are effective and in place. All employees and volunteers processing personal information on behalf of the church will, (a) process this information with the knowledge or authorization of the church; and (b) treat personal information which comes to their knowledge as confidential and will not disclose it. Should there be a breach the church will notify the Information Regulator and the data subject as soon as practically possible. The church will consider the legitimate needs of law enforcement or any other reasonable measures to determine the scope of the breach to the data subject and to restore the integrity of the church’s information system. Such notification should provide sufficient information to allow the affected person(s) take protective measures against the potential consequences of the compromise, including, if known to the church, the identity of the unauthorised person who may have accessed or acquired the personal information.

8. Personal information on record and third-party disclosures. CCJ must make provision for the attendees/members, who have provided adequate proof of identity, to request what personal information the church holds about them, including third parties the church may have shared the attendee’s/member’s personal information with.

HOW WE COLLECT DATA & INFORMATION ABOUT YOU

CCJ collects personal information each time you are in contact with us. For example, when you connect with the life of the church, including but not limited to: Visit, access and or interact with our website or social media including but not limited to Facebook, YouTube, WhatsApp, Instagram, Register for an event, course, conference, Cell Group, as a volunteer, give or receive counselling, training, complete any of our online or paper forms or submit email enquiries.

MAINTENANCE OF CONFIDENTIALITY

CCJ will treat all your personal information as private and confidential and will not disclose any data about you to anyone other than appropriate staff including pastoral staff and/or approved volunteers to facilitate proper administration and ministry of the church. CCJ staff and volunteers who have access to Personal Information will be required to agree to sign a Data Protection Policy.

There are four exceptional circumstances to the above:-

1) Where we are legally compelled to do so;

2) Where there is a duty to the public to disclose information;

3) Where the disclosure is to protect your interests;

4) Where the disclosure is made at your request or with your consent.

USE OF PERSONAL INFORMATION

Such is used in the day-to-day administration and ministry of the church. For example when you connect to the life of the church e.g. Planning Center rosters, preparation of service run sheets, notification to attendees/volunteers etc.

Contacting you to keep you informed about Cell Group, church events, church news, services, and activities.

Executive reports that require the collation of statistics. For example, church attendance, Cell Group attendance. The Database (Planning Center). This database can only be accessed by staff and volunteers who have been authorized to do so and who have signed the Data Protection Policy.

– Access is controlled using a login username;

– Only Senior Leaders have access to all information on the database. All other authorized staff and volunteers have limited access to specific sections.

– None of your information is passed on to 3rd parties outside the church environment without your consent.

– Sensitive, personal information is kept strictly confidential. It is never sold, given away or otherwise shared with anyone, unless required by law.

RIGHTS TO ACCESS INFORMATION

Employees and people whose data is held by CCJ have the right to access personal information that is being held.

This right is subject to certain exceptions: Personal Information may be withheld if the information relates to the privacy of a third party.

Any person who wishes to exercise this right should make the request in writing addressed to the CCJ POPI Act Responsibly Party at admin.joburg@celebrate.org.

If personal details are inaccurate, they can be amended upon request by email. CCJ will endeavour to deal with requests for access to personal information as quickly as possible but will ensure that it is provided within 30 days of receipt of an email unless there is good reason for delay. In such cases, the reason for delay will be explained in writing to the person making the request.

TYPE OF INFORMATION WE COLLECT

For the day to day running and ministry of the church we often require from attendees, volunteers and staff:-

-Demographic information

-Contact information

-Preferences

-Background information

-Sometimes this includes special personal information and that requires extra care: that being client information obtained during lay and pastoral care and counselling.

YOUR RIGHTS & CHOICES

The Constitution of the Republic provides that everyone has the right to privacy. The right to privacy includes a right to protection against the unlawful collection, retention, dissemination and use of personal information. You have a right to privacy regarding the collection, use and storage of your personal information. This includes the right to de-consent to the collection of your personal information by the church and the right to decline the provision of your personal information. CCJ has consent options regarding the collection of personal information on forms and areas where personal information is required from you and has reference to this, our privacy policy. You have the right to withdraw or decline consent. Your information will be deleted within one week of your request.

CCJ CHILDREN CONSENT FORMS FROM PARENTS/GUARDIANS

Personal information may only be processed if the data subject or a competent person where the data subject is a child, consents to the processing.

DATA RETENTION

CCJ will retain your personal information for only as long as is necessary for the purposes as set out in this policy.

CHANGES TO OUR PRIVACY POLICY

CCJ reserves the right to change our Privacy Policy at any time. When this policy is revised, we will post the updated version on our website and send a notification to all registered data subjects. Your continued use of our website or interaction with us indicates your acceptance of these changes.

SMS/ WHATSAPP PRIVACY POLICY

We respect your privacy and will not distribute your mobile contact details to any third parties. If at any time you wish to discontinue receiving sms text messages, WhatsApp messages or emails or other electronic communication please send an email to admin.joburg@celebrate.org addressed to CCJ Information Officer with the subject line “Discontinue” wherein you describe what sms group, WhatsApp group etc you would like your cell number deleted from. By subscribing to our WhatsApp Community Groups or our App, you have provided us with consent to send you sms, WhatsApp or push messages regarding our church’s events and updates. Message frequency varies by events. In general, the messages we send provide you with information about the life of the church. Some of the messages we might send may include, sound or video recordings or links to websites. To access those sound or video or websites, you will need your own data and internet access.

Should you have any queries or concerns regarding the above, please email send an email addressed to the CCJ POPI Act Responsible Party at admin.joburg@celebrate.org.

107 Scorpion Trail | Mnandi

Johannesburg

011 464 5372

joburg.za@celebrate.org