Acts Christian Church


1. Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).

2. Who are we?

Acts Christian Church is the data controller (contact details below).  This means it decides how your personal data is processed and for what purposes.

3. How do we process your personal data?

Acts Christian Church complies with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We use your personal data for the following purposes: –

4. What is the legal basis for processing your personal data?

5. Sharing your personal data
Your personal data will be treated as strictly confidential and will only be shared with other members of the church in order to carry out a service to other church members or for purposes connected with the church. We will only share your data with third partiesoutside of the ministry for marketing purposes.

6. How long do we keep your personal data?
We keep data in accordance with the guidance set out in the guide…

Specifically, we retain electoral roll data while it is still current; gift aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate.

7. Your rights and your personal data 

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: –

8. Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

9. Contact Details

To exercise all relevant rights, queries or complaints please in the first instance contact the Acts Christian Church General Secretary at Acts Community Centre, 30 Union Road, Croydon CR0 2XU, Tel: 020 8684 5641

You can contact the Information Commissioners Office on 0303 123 1113 or via email or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

Reviewed by: Acts Leadership TeamSigned: General Secretary On behalf of Acts MinistriesDated: September 2019 Review: September 2020

Charity No: 1026935


Act Christian Church (ACC), is a Data Controller for the purposes of the General Data Protection Regulation (GDPR) formerly known as (25.5.2018) the Data Protection Act 2018 (DPA 2018).

ACC is committed to ensuring that it protects personal data it holds about individuals, whetherin personal or family life, or in a business or.

This Policy applies to all who handle information and personal data held by ACC, including personal data of our (business users and) members; and any third party organisation who has legitimate agreed access to personal data held by ACC.

Data Subject – is the identified or identifiable person to whom the personal data relates.

Personal Data – data/information that relates to a living individual (Data Subject) who can be identified from the data or from any other information that is in the possession of, or likely to come into the possession of the data controller:
Name, address, offering envelope details, prayer requests, meetings, courses, visitors, etc.

Data Controller–ACC is the data controller in respect of all personal information that relates to ACC activities and business.

Processing – Any activity involving personal data falls within the scope of the GDPR.

Data Processor – the person or organisation who processes personal data on behalf of a data controller:
Officers of the church, Admin office, Good to Give

Six Data Protection Principles

‘Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is:

  1. used fairly, lawfully and transparently
  2. used for specified, explicit purposes
  3. used in a way that is adequate, relevant and limited to only what is necessary
  4. accurate and, where necessary, kept up to date
  5. kept for no longer than is necessary
  6. handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage’


Please note that under separate cover documents covering our privacy notice are available upon request.

GDPR for churches

Information Commissioner’s Office

Guide to the General Data Protection Regulation