– WHAT DO WE DO WITH YOUR INFORMATION?.
As part of the signup process, we collect information such as church name, location, contacts (phone number and e-mail address) and logo. This allows us to provide a better user experience.
When you browse our web and mobile applications, we receive your computer’s Internet Protocol (IP) address to enable us access any other information when it becomes neccessary. Protect your account from unauthorized IP’s, learn about your browser and operating system to provide better experience.
Email marketing (if applicable); With your permission, we may send you (the creator of the account on DaChurchMan and not your members) emails about our new features and other updates.
How do you get my Consent?.
The DaChurchMan does not provide services for online transactions.
In an event that we may need your personal information (church and or members), for any secondary reason such as marketing and other promotions, we will seek your direct consent and your decision will be fully respected.
The DaChurchMan's Mobile App comes with a default homepage that shares contents on the general feed. This content is not sent directly to members, but instead to the welcome page, where members can easily get access.
– CONSENT – Your Church Member’s Data
WE DO NOT OWN YOUR CHURCH DATA. WE DO NOT SEND MESSAGES DIRECTLY TO YOUR MEMBERS WITHOUT YOUR REQUEST AND ACKNOWLEDGEMENT.
DaChurchMan does not allow members to follow a church. Information shared by the church are sorely received by members of the church who use the mobile app. App users can only access the church's information if the user is a registered member of the church. This enables the church to serve the user with information and updates.
Since we do not own you data, we cannot disclose your church data to anybody. You will however bear responsibility of disclosing your church data if it is requested by law.
– DaChurchMan Hosting
Our software is hosted on Hostinger Services. They provide us with the online infrastructure platform that allows us to store and give you access to your data in real time over the internet.
Your data is stored via DaChurchMan's data storage, databases and the general DaChurchMan application.
We store your data on a secure server behind a firewall.
– THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in different jurisdictions. So if you select to proceed with any transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
For instance, if you are located in Nigeria and your transaction is processed by a payment gateway located in the Ghana, then your personal information used in completing that transaction may be subject to disclosure under Ghana's legislation, including the Patriot Act.
To protect your personal information, we take precautions and follow industry best practices to make sure it is not lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with members data, the information is encrypted using secure socket layer technology (SSL). The connection is encrypted and authenticated using AED_128_GCM and uses ECDHE_RSA as the key exchange mechanism.
– AGE OF CONSENT
By using DaChurchMan, you represent that you are at least the age of maturity in your state or province of residence, you are setting up the account for a church or a ministry in the Christian body or that you are the age of maturity in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
– DEFINITION OF CHRISTIAN BODY
The church or a ministry in the Christian body is a gathering that believe and upholds the entirety of the Bible without adulterating or changing parts of it. DaChurchMan reserves the right not to offer to any organization that claims to be a church or ministry in the body of Christ, if it does not see it as such.
EEffective December 25, 2019, the General Data Protection Regulation (GDPR) expands European Union (EU) residents’ (Data Subjects) rights concerning their personal data. DaChurchMan
Lawful, fair and transparent processing
DaChurchMan is to process the personal data in a lawful, fair and transparent manner. Lawful means all processing should be based on a legitimate purpose. Fair means companies take responsibility and do not process data for any purpose other than the legitimate purposes. Transparent means that companies must inform data subjects about the processing activities on their personal data.
Limitation of purpose, data and storage
DaChurchMan is expected to limit the processing and collect only that data which is necessary, and not keep personal data once the processing purpose is completed. This would effectively bring the following requirements:-forbid processing of personal data outside the legitimate purpose for which the personal data was collected -mandate that no personal data, other than what is necessary, be requested -ask that personal data should be deleted once the legitimate purpose for which it was collected is fulfilled.
The data subjects have been assigned the right to ask the company what information it has about them, and what the company does with this information. In addition, a data subject has the right to ask for correction, object to processing, lodge a complaint, or even ask for the deletion or transfer of his or her personal data.
As and when the company has the intent to process personal data beyond the legitimate purpose for which that data was collected, a clear and explicit consent must be asked from the data subject. Once collected, this consent must be documented, and the data subject is allowed to withdraw his consent at any moment. Also, for the processing of children’s data, GDPR requires explicit consent of the parents (or guardian) if the child’s age is under 16.
DaChurchMan must maintain a Personal Data Breach Register and, based on severity, the regulator and data subject should be informed within 72 hours of identifying the breach. Steps to properly handle a breach according to the GDPR.
DaChurchMan should incorporate organizational and technical mechanisms to protect personal data in the design of new systems and processes; that is, privacy and protection aspects should be ensured by default.
Data Protection Impact Assessment
To estimate the impact of changes or new actions, a Data Protection Impact Assessment should be conducted when initiating a new project, change, or product. The Data Protection Impact Assessment is a procedure that needs to be carried out when a significant change is introduced in the processing of personal data. This change could be a new process, or a change to an existing process that alters the way personal data is being processed.
The controller of personal data has the accountability to ensure that personal data is protected and GDPR requirements respected, even if processing is being done by a third party. This means controllers have the obligation to ensure the protection and privacy of personal data when that data is being transferred outside the company, to a third party and / or other entity within the same company.
When there is significant processing of personal data in an organization, (like what happens in DaChurchMan,) the organization should assign a Data Protection Officer. When assigned, the Data Protection Officer would have the responsibility of advising the company about compliance with EU GDPR requirements. The role of a Data Protection Officer in light of GDPR.
We must create awareness among employees about key GDPR requirements, and conduct regular training to ensure that employees remain aware of their responsibilities with regard to the protection of personal data and identification of personal data breaches as soon as possible.