The EU General Data Protection Regulation ("GDPR") was enacted in the European Union on May 25, 2018, and contained many significant changes to the data protection laws. Based on protecting privacy and taking a risk-based approach, the GDPR has been designed to meet the requirements of the digital age.
Thank you for choosing to be part of Gateway Church ("company", "Church", "we", "us", or "our"). We are committed to protecting your personal information and your right to privacy, and to providing a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, because of the international reach of our church and its associated ministries we are updating and expanding our program to meet the demands of the GDPR.
We are dedicated to safeguarding the personal information under our control and in developing a data protection program that is effective and demonstrates an understanding of, and appreciation for the GDPR. Our preparation and objectives for GDPR compliance have been summarized in this statement and include the development and implementation of new data protection roles, policies, procedures, controls and measures to ensure maximum and ongoing compliance.
If you have any questions or concerns about our Policy or our practice, please contact us at email@example.com.
1. What Information is Collected?
A. Personal information you disclose.
We collect personal information that you voluntarily provide to us when registering at the Sites or Apps, expressing an interest in obtaining information about us or our products and services, when participating in activities on the Sites or Apps (such as posting messages in our online forums, etc.) or otherwise contacting us.
The personal information that we collect depends on the context of your interactions with us and the Sites or Apps, the choices you make and the products and features you use. All personal information that you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal information.
B. Information automatically collected.
We automatically collect certain information when you visit, use or navigate the Sites or Apps. This information does not reveal your specific identity (like your name or contact information) but may include generic device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Sites or Apps and other technical information. This information is primarily needed to maintain the security and operation of our Sites or Apps, and for our internal analytics and reporting purposes.
C. Information collected through our Apps.
If you use our Apps, we may also collect the following information:
- Geolocation Information. We may request access or permission to and track location-based information from your mobile device, either continuously or while you are using our mobile application, to provide location-based services. If you wish to change our access or permissions, you may do so in your device’s settings.
- Mobile Device Access. We may request access or permission to certain features from your mobile device, including your mobile device’s Bluetooth, calendar, camera, reminders, SMS messages, social media accounts, and other features. If you wish to change our access or permissions, you may do so in your device’s settings.
- Mobile Device Data. We may automatically collect device information (such as your mobile device ID, model and manufacturer), operating system, version information and IP address.
- Push Notifications. We may request to send you push notifications regarding your account or the mobile application. If you wish to optout from receiving these types of communications, you may turn them off in your device’s settings.
D. Information collected from other sources.
We may obtain information about you from other sources, such as public databases, joint marketing partners, social media platforms (such as Facebook), as well as from other third parties. Examples of the information we receive from other sources include: social media profile information (your name, gender, birthday, email, current city, state and country, user identification numbers for your contacts, profile picture URL and any other information that you choose to make public); marketing leads and search results and links, including paid listings (such as sponsored links).
2. How is Your Information Used?
We use personal information collected via our Sites or Apps for a variety of business purposes described below. We process your personal information for these purposes in reliance on our legitimate religious purposes and business interests ("Religious Purposes"), in order to enter into or perform a contract with you ("Contractual"), with your consent ("Consent"), and/or for compliance with our legal obligations ("Legal Reasons"). These are the specific processing grounds we rely on:
We use the information we collect or receive:
- To send administrative information to you for Religious Purposes and/or Legal Reasons. We may use your personal information to send you announcements and new feature information and/or information about changes to our terms, conditions, and policies.
- Fulfill and manage your orders for Contractual reasons. We may use your information to fulfill and manage your orders, payments, returns, and exchanges made through the Sites or Apps, if any.
- Deliver targeted advertising to you for our Religious Purposes. We may use your information to develop and display content and advertising (and work with third parties who do so) tailored to your interests and/or location and to measure its effectiveness.
- Request feedback for our Religious Purposes. We may use your information to request feedback and to contact you about your use of our Sites or Apps.
- To protect our Sites for Legal Reasons. We may use your information as part of our efforts to keep our Sites or Apps safe and secure (for example, for fraud monitoring and prevention).
- To enable user-to-user communications with your Consent. We may use your information in order to enable user-to-user communications with each user’s consent.
- To enforce our terms, conditions and policies for Religious Purposes and/or for Legal Reasons.
- For other Religious Purposes: We may use your information for other Religious Purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Sites or Apps, products, services, marketing and your experience.
3. Will We Share Your Information?
We only share and disclose your information in the following situations:
- Compliance with Laws.We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process.
- Vital Interests and Legal Rights. We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
- With your Consent. We may disclose your personal information for any other purpose with your consent.
- Select Ministry Partners. We sometimes share your information with select ministry partners to deliver content tailored to your interests and/or location.
5. How Long Do We Store Your Information?
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
6. How Do We Keep Your Information Safe?
We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. The following policies and procedures meet the standards and requirements of the GDPR and any relevant data protection laws, including:
- Data Protection — accountability and governance measures are in place to ensure that we understand and adequately communicate and document our obligations and responsibilities; with a dedicated focus on privacy by design and the rights of individuals.
- Data Retention & Erasure — our document retention policies and procedures are designed to meet the "data minimization" and "storage limitation" principles and that personal information is stored, archived and destroyed compliantly and ethically. We have dedicated erasure procedures in place to meet the new "Right to Erasure" obligation and are aware of when this and other data subject’s rights apply; along with any exemptions, response timeframes and notification responsibilities.
- Data Breaches — our breach procedures ensure that we have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time. Our procedures are robust and have been disseminated to all employees, making them aware of the reporting lines and steps to follow.
- International Data Transfers & Third-Party Disclosures — where the Church stores or transfers personal information outside the EU, we have robust procedures and safeguarding measures in place to secure, encrypt and maintain the integrity of the data.
- Subject Access Request (SAR) — we have revised our SAR procedures to accommodate the revised 30-day timeframe for providing the requested information and for making this provision free of charge. Our new procedures detail how to verify the data subject, what steps to take for processing an access request, what exemptions apply and a suite of response templates to ensure that communications with data subjects are compliant, consistent and adequate.
- Legal Basis for Processing — we are reviewing all processing activities to identify the legal basis for processing and ensuring that each basis is appropriate for the activity it relates to.
- Obtaining Consent — we are revising our consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing their information.
- Direct Marketing — we are ensuring clear opt-in mechanisms for marketing subscriptions; a clear notice and method for opting out and providing unsubscribe features on marketing materials.
7. Do We Collect Information From Minors?
We do not knowingly solicit data from or market to children under eighteen (18) years of age. By using the Sites or Apps, you represent that you are at least eighteen (18) or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Sites or Apps. If we learn that personal information from users less than eighteen (18) years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we have collected from children under age eighteen (18), please contact us at firstname.lastname@example.org.
8. What Are Your Privacy Rights?
If you are a resident in the European Economic Area and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here: https://ec.europa.eu/info/law/law-topic/data-protection_en.
9. Disclaimer of Damages.
By using a Church website, you assume all risks associated with the use of the site, including any risk to your computer, software or data being damaged by any virus, software, or any other file that might be transmitted or activated via a Church website or your access to it. The Church shall not be liable for any damages of any kind (general, special, incidental or consequential damages, including, without limitation, lost revenues or lost profits) resulting from the use or misuse of the information contained in a Church website.
10. Copyrights and Trademarks
Copyright (c) 2019 Gateway Church. All Rights Reserved.
All material on this website is copyrighted by Church, except for some material that is copyrighted by others and used here by permission. Copyrighted material may not be copied, reproduced or otherwise used for commercial purposes without the written permission of the copyright holder. This site also contains some trademarks, which may not be appropriated by persons other than the trademark owner and may not be used contrary to trademark law. If you wish to request permission to use materials in a manner otherwise prohibited herein, please send an email to: email@example.com or contact us via telephone at 817.328.1000.
11. Account Information.
If you would at any time like to review or change the information in your account or terminate your account, if any, you can: Contact us using the contact information provided.
Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, some information may be retained in our files to prevent fraud, troubleshoot problems, assist with any investigations, and/or comply with legal requirements.
12. Data Subject Rights.
In addition to the policies and procedures mentioned above that ensure individuals can enforce their data protection rights, we provide easy-to-access information via our website and our Vancouver campus office, of an individual’s right to access any personal information that Church processes about them and to request information about:
- What personal data we hold about them
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your personal data for
- If we did not collect the data directly from them, information about the source
- The right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this
- The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
- The right to lodge a complaint or seek judicial remedy and who to contact in such instances
13. Do California Residents Have Specific Privacy Rights?
California Civil Code Section 1798.83, also known as the "Shine The Light" law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.
If you are under eighteen (18) years of age, reside in California, and have a registered account with the Sites or Apps, you have the right to request removal of unwanted data that you publicly post on the Sites or Apps. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Sites or Apps, but please be aware that the data may not be completely or comprehensively removed from our systems.
14. Questions and Contact Information?
If you have questions or comments about this Policy, you may email us at firstname.lastname@example.org or by mail at: 500 S Nolen Dr, Suite 300, Southlake, TX 76092.