GDPR Policy of Novio Church Nijmegen

1. Introduction

Novio Church Nijmegen places great importance on the privacy and protection of the personal data of our members, visitors, and other stakeholders. This document outlines how we handle personal data and photographs in compliance with the General Data Protection Regulation (GDPR). This policy serves as a general framework and can be adjusted based on specific needs and circumstances.  

2. Purposes of Data Processing

Novio Church collects and processes personal data for various purposes, including:  

  • Maintaining contact with members, visitors, and volunteers.  

  • Facilitating activities and events (such as services, gatherings, and small group meetings).  

  • Sending newsletters, invitations, and other communications.  

  • Taking photos and videos during events, services, and other activities.  

  • Performing administrative and organizational tasks related to church activities.  

3. Types of Personal Data We Process

The personal data we collect may include the following:  

  • Name, address, phone number, email address, date of birth, gender, and family details.  

  • Information about participation in church activities or services.  

  • Health information such as allergens or other relevant details.

  • Financial information, such as donations or contributions to the church.  

  • Photos and videos taken during church events or activities.  

4. Photos and Videos

Novio Church regularly takes photos and videos during events, services, and other church activities. These are used for the following purposes:  

  • Documenting activities for internal purposes.  

  • Promoting church activities through social media, newsletters, and the website.  

  • Reporting on community activities and events.  

Consent for capturing and publishing photos:

  • Explicit consent may be requested during registration for an event or activity regarding the use of photos or videos.  

  • A digital consent form will be part of the registration in Church Suite for the use of visual materials.

  • Individuals who object to being photographed can notify us in advance so that we can accommodate their request.

  • During public events and gatherings where photos are taken for official publicity purposes, a designated photo-free zone will be available where individuals will not be recognizably in the images.

5. Legal Grounds for Data Processing

Novio Church processes personal data based on the following legal grounds:  

  • Consent: Consent is often required for the use of photos and certain personal data. 

  • Performance of a Contract: Data processing is necessary for the provision of our services and activities.  

  • Legal Obligation: In some cases, we are legally required to process personal data (e.g., for obtaining Certificates of Good Conduct for volunteers and staff).  

  • Legitimate Interest: For communication and promotion of our church activities, we may have a legitimate interest in processing personal data.  

6. Retention of Data

We do not retain personal data longer than necessary for the purposes for which it was collected. Photos and videos used for promotional purposes may be retained for a longer period unless an individual objects to their use.  

Personal data is stored in the following applications:

General applications:

  • ChurchSuite:
    A platform specifically developed for churches and religious organizations to manage processes. ChurchSuite ensures compliance with GDPR in all its operations. For more information, visit: https://churchsuite.com/gdpr](https://churchsuite.com/gdpr/

  • Google Drive:
    Official procedures and documents may include personal data when stored in Google Drive. For more information on Google Drive’s GDPR compliance, visit: https://cloud.google.com/privacy/gdpr/.

  • Mailchimp:
    Novio Church uses Mailchimp, a reliable email service, to send newsletters. When signing up, we explicitly ask for your consent to use your email address. This consent is recorded and can be withdrawn at any time.

    • Mailchimp complies with GDPR and ensures that personal data, such as your name and email address, is stored and processed securely. We do not share your data with third parties and use it solely to send newsletters with information about our activities, events, and services.

    • Each newsletter includes a clear option to unsubscribe. After unsubscribing, your data will no longer be used for this purpose and will be removed from our mailing list. For more information about Mailchimp’s privacy measures, please refer to their privacy policy: https://mailchimp.com/gdpr/

  • Instagram
    Novio Church uses Instagram to share photos, news, and announcements about our services and events. Personal data, such as your profile name and the messages you share, are processed within the Instagram platform. Photos of individuals are only shared if explicit consent has been given via ChurchSuite or verbally at the time the photo is taken. For more information on how Instagram handles personal data and GDPR compliance, please refer to: https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect/.

  • Facebook
    Novio Church uses Facebook to communicate with members and visitors via our official page and events. Personal data, such as your name and comments on posts, are processed by Facebook in accordance with their privacy policy. Photos of individuals are only shared when explicit consent has been given via ChurchSuite or verbally at the time the photo is taken. For more information on Facebook and GDPR compliance, you can consult their privacy policy: https://www.facebook.com/about/privacy.

  • WhatsApp Communities
    Novio Church maintains communication with specific groups via WhatsApp communities. Your phone number and messages are processed to facilitate participation in groups and the sharing of information. We ask that you participate mindfully and only share personal data if you feel comfortable doing so. For more information on how WhatsApp handles personal data and GDPR compliance, please refer to: https://www.whatsapp.com/legal/privacy-policy.

Donation applications:

  • Rabobank
    Novio Church uses Rabobank for processing payments and bank transactions. Personal data, such as your name and bank account number, is processed to correctly handle donations and other payments. Your data is used solely for administrative purposes and is not shared with third parties without your consent, unless legally required. For more information on how Rabobank handles personal data and GDPR compliance, please refer to: Privacy and your personal data - Rabobank.

  • Snelstart
    Novio Church uses Snelstart for financial administration and bookkeeping. Personal data, such as the names and payment details of donors or employees, is processed to accurately record financial transactions and reports. Your data is securely stored and used solely for administrative purposes within the organization. For more information on how Snelstart handles personal data and GDPR compliance, please consult their privacy policy: https://www.snelstart.nl/privacyverklaring-snelstart/.

  • Stripe
    Novio Church uses Stripe to process online payments and donations. Personal data, such as your name, email address, and payment details, is processed by Stripe to correctly handle the payment. Stripe does not share your data with third parties for commercial purposes and complies with GDPR. For more information on Stripe’s privacy practices, please refer to: https://stripe.com/privacy.

  • ChurchSuite
    ChurchSuite is an application specifically developed for churches and church organizations to manage processes such as member administration, communication, and event management. Personal data, such as names, contact details, and membership information, is securely processed and used solely for internal organizational purposes. ChurchSuite aims for full GDPR compliance and protection of personal data. For more information about ChurchSuite and their privacy policy, please refer to: https://churchsuite.com/gdpr/.

Employee applications:

For the management of personnel and internal administration, Novio Church uses internal systems. These are accessible only to authorized staff and are processed confidentially in accordance with internal privacy guidelines.

7. Rights of Data Subjects

As a data subject, you have the following rights regarding your personal data:  

  • Access: You have the right to know which personal data we process about you. In addition, you can request access to this data. Your information can be viewed at any time via My ChurchSuite.

  • Correction: You can request correction of inaccurate data or update it yourself through My ChurchSuite.  

  • Deletion: You can request the deletion of your personal data unless we are legally required to retain it. You may also delete your account via My ChurchSuite.  

  • Restriction: You can request restriction of data processing, for example, if you doubt the accuracy of the data. You can also control the visibility of your data in My ChurchSuite.  

  • Objection: You can object to the processing of your personal data, such as its use for marketing purposes. This can be managed through My ChurchSuite.  

  • Data Portability: You have the right to receive your personal data in a structured PDF format and transfer it to another organization.  

8. Data Security

Novio Church takes appropriate technical and organizational measures to safeguard the security of personal data and prevent unauthorized access, loss, or destruction.  

9. Sharing Personal Data

Personal Data Sharing: Personal data is only shared with third parties when necessary for the execution of our activities, such as with IT integrations mentioned in Chapter X. All third parties we work with are obliged to protect personal data and process it in accordance with GDPR.

To receive information from ChurchSuite or newsletters, you can set your preferences via My ChurchSuite. The GDPR officer ensures that this policy is carefully followed.

Below are some examples of what should and should not be done from a GDPR perspective:

What to do as a user:

  • Ask for consent for email newsletters: Explicitly ask people for permission to use their email addresses for sending newsletters.

  • Collect only what is necessary: When creating a form, request only the data you truly need, such as a name and email address, but not a birth date if it’s not relevant.

  • Secure data properly: Store customer data only in secure systems and always lock your computer when leaving it unattended.

  • Provide clear explanations: If someone asks why their data is needed, explain it clearly and in simple language.

  • Store documents in the right place: Ensure files containing personal data are stored only on secure network drives or approved cloud environments, as mentioned in Chapter 6.

What not to do as a user:

  • Record personal information without reason: Do not note sensitive information, such as phone numbers or addresses, unless absolutely necessary.

  • Send emails to multiple people without BCC: Do not send group emails exposing all recipients’ email addresses.

  • Store data on USB sticks: Avoid storing personal data on USB sticks or external drives; always use the approved cloud environment mentioned in Chapter 6.

  • Grant unauthorized access: Do not allow people without proper rights to access systems or files containing personal data.

  • Share on social media: Never share photos, videos, or other information about visitors, volunteers, or staff without explicit consent.

10. Contact Information

For questions about this policy or to exercise your rights, you can contact the GDPR officer:

Novio Church Nijmegen

J. Bakker 
Chairman of the Board, Novio Church Nijmegen 
Contact via the contact form.  

Click here to go to the contact form

11. Changes to This Policy

Novio Church reserves the right to amend this GDPR policy periodically. Changes will be posted on the church’s website and communicated via email when necessary.  

This policy applies specifically to Novio Church Nijmegen. It is important that all staff, volunteers, and stakeholders are aware of and comply with this policy.  

The latest version of this document will always be publicly available on the website of Novio Church Nijmegen and will be referenced when requesting consent for processing personal data.