INTRODUCTION
Last updated:
This Data Processing/Protection Policy is the overarching policy for data security, processing and protection for Jesus Abundant Grace Ministry (hereinafter referred to as “us”, “we”, “our” or “the organization”
PURPOSE AND SCOPE
a. Purpose of the Policy: This policy exists to comply with the requirements of relevant legislation/standards (including but not limited to: the Nigerian Data Protection Regulation 2009 (hereinafter referred to as the NDPR), the Cybercrimes Act (2015), the 10 Data Security Standards, the General Data Protection Regulation (2016)), the common law duty of confidentiality and other relevant guidelines. We recognize data protection as a fundamental right and abide by the principles of data protection.
b. Scope of the Policy: This policy applies to employees, contractors, third party vendors and any other person who in the course of their employment/contract/agreement with us has cause to handle personal/sensitive data collected by us. This policy covers our data protection principles and commitment to common law and legislative compliance as well as procedures for data protection
DATA COLLECTION
a. Data Collected: In the course of interaction with our Products/Services, we collect data to enable us to operate our Services and provide you with the best experience. You provide some of this data to us directly, such as when you register: as a member or for an event, subscribe to a newsletter or contact us for support. We also receive some of your data by means of how you interact with our Services.
b. Means of Data Collection: We collect data in two principal ways: when you provide them to us (E.g. when you register as a member) as well as automatically (E.g Cookies and Usage data).
We require certain data from you upon registering as a member and this data can be grouped into bio-data (personal information about the person including name, email, age, gender, spousal information…), church data (information about the member’s church including district, group, region/old district, state and country. We also collect information like worker status/ leader status) and career data (information about the member’s professional life including the member’s job, employment status, work location and so on).
When you visit and interact with any of our Services, we collect data about your device (such as your operating system, hostname, browser type and referring urls), usage data (interactions with us via email).
Also, to your consent, we automatically collect information from cookies and similar technologies to keep you logged in, to remember your preferences and to identify you and your device.
c. Data we do not Collect: We do not intentionally collect sensitive personal information such as personal data revealing political opinions, philosophical beliefs as well as data identifying a person’s sex life or personal monitoring data. If such information is being requested for by anyone claiming to be an agent of the Church please contact support via email at support@jesusabundantgrace.com.
DATA PROCESSING: HOW WE USE YOUR INFORMATION
a. Provide access to our products and services: Upon receiving your information, we use your information for account creation, as well as granting you access to our other products. Moreover, we use your information to communicate with you via email, identify you on our website as well as invite you to take part in surveys.
b. Serve administrative purposes: We use your information for the following reasons: developing new products and services, authenticating and verifying individual identities, communicating with you about your account and complying with our legal obligations
c. Member management: We use your data for member management, specifically, for effective communication between leader and member, member attendance tracking, statistics purposes as well as to inform members of programs, events and other relevant information.
DATA ACCESS AND STORAGE
a. Secure Storage: The data is stored on secure cloud services (AWS and Microsoft Azure). With regular data sanitation exercises carried out by authorized personnel ONLY.
b. Retention Period: The data shall be retained for the duration of the user’s membership or as necessary to fulfill the purpose for which it was collected, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements and comply with applicable laws.
c. Data Access: To ensure data privacy and security, access is strictly limited to specific roles within the organizational structure. These roles, and the scope of data they can access (limited to individuals under their authority), are: Zonal Pastor, National Overseer, State Overseer, Region or Old District Coordinator, Group Pastor, and District Pastor. The Super Admin is the sole role with unrestricted access. Data protection is maintained through secure authentication and role-based authorization protocols. You are however granted access to your data and can request a copy of your data.
d. Deletion of Data: If you would like to delete your personal information, you may do so in your account settings. Barring legal requirements, we will delete your full profile (within reason). After an account has been deleted, certain non-identifiable data may remain. However we will delete or de-identify your personal information.
DATA PROCESSING PRINCIPLES
a. We will establish and maintain policies for the controlled and appropriate sharing of user information with other agencies (if any), taking into account all relevant legislation and user consent
b. Where consent is required for the processing of personal data we will ensure that informed and explicit consent will be obtained and documented in clear, accessible language and in an appropriate format.
c. We will establish and maintain policies to ensure compliance with the NDPR, GDPR and Cybercrimes Act.
d. We uphold the personal data rights of our users:
The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to object
RESPONSIBILITIES
a. We have appointed a member of staff to be our Data Security Lead (DSL). The DSL would report to the highest management level of the organization
b. We will support the DSL with the necessary resources to carry out their tasks and ensure that they can maintain expertise
c. The duties of the DSL are as follows:
i. To ensure the rights of individuals in terms of their personal data are upheld in all instances and that data collection, sharing and storage is in line with common law principles and appropriate regulations
ii. To define our data protection policy and procedures and all related policies, procedures and processes and to ensure that sufficient resources are provided to support the policy requirements.
iii. To monitor information handling to ensure compliance with law, guidance and the organisation’s procedures and liaising with senior management and DPO to fulfil this work
iv. Overseeing changes to systems and processes.
