Ambassador International Church Privacy Notice
1. INTRODUCTION
This Data Protection Notice sets out how Ambassador International Church (”we”, “our”, “us”) processes the personal data of members, visitors and anyone else whose data we collect and use.
Ambassador International Church is a Data User and is located in Wan Chai, Hong Kong. You can find our church contact details at our website, www.ambassador.org.hk
We are committed to maintaining your trust by protecting your personal data. This Privacy Notice explains how we collect, use, share and protect personal data. Any queries relating to this notice can be directed to the Data Protection Officer (DPO) admin@ambassador.org.hk
As a church located in Hong Kong, we are subject to the Personal Data (Privacy) Ordinance or PDPO.
2. WHAT DATA DO WE COLLECT ABOUT YOU, FOR WHAT PURPOSE AND ON WHAT GROUND WE PROCESS IT
We may process the following categories of personal data about you. In all cases, the collection of this data is required in order to communicate with you, to provision church ministry or to protect you and others. Wherever possible, on request by you we will provide access, correction and deletion rights as appropriate under Hong Kong law unless we are required to keep it for legal reasons e.g. tax records, mandatory disclosures to Authorities, HR provision.
Communication Data and Church Records includes any communication received or sent by us whether via our website, newsletters, telephone messages, emails, messaging apps, social media channels or any other means. It also historical archival data and may include photos and videos. We process this data for the purposes of communicating with people, for internal record keeping and for the operational management and administration of the church. We maintain communication records where necessary to enable us to serve staff, members, and visitors and to enable church operations. We may also keep records to enable legally required disclosures or to establish, pursue or defend legal claims where appropriate. This collection of this data is required in order to communicate or provide ministry to you. However, we will delete all such data that we hold unless we are required to keep it for legal reasons.
Church Ministry Data includes information relating to members, visitors, staff who attend, join or minister at our various church services, small groups and events. This includes a directory of personal information containing contact details, family relations, and contact information such as telephone number, email addresses or messaging app IDs. We may occasionally take photos and videos at our events. Additional information include sign-up data to events, service rotas, and membership information. It can also include financial information relating to payments and donations. We process this data for church administrative and ministry needs, to enable the church family to be supported, and for the maintenance of member/visitor records. We may also maintain a record of donations and payments for goods and services purchased and to keep records of such transactions for financial or taxation records. It may include identification records where we have a need to ensure the correct ID of individuals with whom we may need to disclose data. Church ministry data also includes information on people’s religious or philosophical beliefs.
Pastoral and Counselling information includes the body of information relating to pastoral provision and ministry. This may include sensitive or confidential data such as counselling, safeguarding, religious, or health/medical information. It may also include complaints and issues raised of a private nature. We process this data with consent or where legal requirements require us to do so for the protection of people. We ensure strict security and access rights to authorised individuals only. It may also include Information relating to safeguarding and child protection.
Fundraising and Communications Data includes data about people’s past donations and their preferences in receiving information from us about church events and ministry activities. This normally means name and email addresses but may include social media IDs and telephone numbers. The database for communications is based on an opt-in consent model and people can opt-out of communications at all times. We process this data to raise money and to help advance our commitment to our aims and principles.
Employee Data is contained in a separate privacy notice available to staff and job applicants.
Cookies and Technical Website Data includes our use of cookies and related technologies as well as information about people’s use of our website. We process this data to maintain and analyse the use of our website and to help ensure we are delivering useful information.
3. DISCLOSURES OF YOUR PERSONAL DATA
We may share your personal data with the parties set out below:
- Other churches within our network or with whom we share a close relationship, where we participate together in joint or associated activities.
- Healthcare, welfare, and safeguarding professional as appropriate (e.g. to social services, healthcare professionals)
- Service providers who provide cloud-based IT and system administration services.
- Professional advisers including counsellors, lawyers, bankers, auditors and insurers.
- Public authorities that require data e.g. for taxation, safeguarding or HR reporting to Government education departments.
- Third parties such as organisations providing hospitality, catering, facilities or event organisation with whom we partner to provide church events, activities and other services.
We will conduct due diligence checks on third parties to whom we make transfers to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
4. DATA SECURITY
We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. This includes encryption, the use of physical facility security and the implementation of security policies and procedures. We only allow access to your personal data by church staff, members or volunteer with a genuine need to know such data.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.
6. DATA RETENTION
We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When deciding a suitable retention period for keeping data we look at its nature, volume, sensitivity, the potential risk of harm from unauthorised use or disclosure, the processing purposes, as well as our ongoing and expected practices to understand a reasonable time limit. We also consider if the purpose of the retention can be achieved by other means.
7. YOUR ACCESS AND CORRECTION RIGHTS
Under Hong Kong data protection law, you have rights to access or correct your data. In Hong Kong, this is called a Data Access Request. You may need to pay a reasonable fee to access or delete your personal data if it is a considerable in size. You can read more about these rights at the website of the Office of the Privacy Commissioner for Personal Data (PCPD): https://www.pcpd.org.hk
Last updated: September 2024.