Christadelphian Sunday School Union
Data Protection Policy

Personal data held

The CSSU maintains a database which holds personal data relating to people who have registered their details on the site.  The following personal data is held:

• Title, name and postal address.
• One email address, which acts as a unique identifier.
• One telephone number.
• Christadelphian ecclesia.
• Password, in encrypted form.
• Whether the person:
• Is a contact for one or more Sunday Schools or other organisations.
• Is on the mailing list for news relating to the CSSU.
• Has agreed to this CSSU Data Protection Policy.
• Is a member of the CSSU Committee.
• Is an overseas distributor for CSSU publications.

When an order for CSSU publications is placed, the contact details of the person who placed it are also stored in a record relating to that order.

Processing of information

The personal information in the database is used only for the following purposes:

• Assisting individuals in placing orders for Sunday School materials, and enabling historical information to be used for comparison purposes.
• Occasionally, sending to the main contact for each Sunday School information by post or email relating to publications and events.

Access, accuracy and erasure

Anyone whose information is stored in the database may:

• See and update the personal information that is held about them.
• Cause all their personal information to be removed from the database.

Separate processes exist by which individuals may join and leave the CSSU Committee, and become or cease to be an overseas distributor.
Personal information held in the database is never obtained from any other organisation and never shared with any other organisation.

Privacy and Security

• Personal information can be viewed and updated only by someone who has logged in using their email address and password or, excluding password, by a member of the CSSU Committee.
• The web site is accessed only through a protocol which encrypts against eavesdropping and tampering with data transmitted over the internet.
• Passwords are encrypted by the most secure one-way encryption available to us.
• The web site is protected against malicious intrusion access to the database.
• The relevant supervisory authority will be notified of any breach that it is likely to result in a risk to the rights and freedoms of individuals, within 72 hours of the breach coming to light.
• Backup copies of the database are made on a daily, weekly and monthly basis by the Internet Service Provider.
• PayPal transactions are subject to the PayPal Privacy Policy.  We will employ reasonable administrative, technical and physical measures to maintain the security and confidentiality of any and all PayPal data and information, including data and information about PayPal users and PayPal.

Disclosure and Barring Service

As an organisation using the Disclosure and Barring Service (DBS) checking service to help assess the suitability of applicants for positions of trust, the CSSU complies fully with the code of practice regarding the correct handling, use, storage, retention and disposal of certificates and certificate information.