GDPR Compliance for Church Service Hub

Last Updated: August 13, 2024

Overview

At Church Service Hub, the privacy and security of your data are our top priorities. We fully recognize the importance of data protection regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). These laws provide us with the opportunity to demonstrate our unwavering commitment to safeguarding the privacy of both you and your church.

Although only a portion of our customer base is located within the European Union (EU), we hold all the data we process to the stringent standards established by the GDPR. Our approach ensures that every piece of information stored or processed through Church Service Hub is treated with the highest level of care and respect for privacy.

GDPR Commitment

Church Service Hub is fully dedicated to meeting and maintaining the standards required by GDPR. To ensure ongoing compliance, we have partnered with an EU-based data privacy firm that acts as our Data Protection Officer (DPO). This firm provides us with continuous guidance to help us meet our GDPR obligations and to support our customers in doing the same.

Some of the key GDPR compliance measures we have implemented include:

• Data Processing Agreements (DPAs): We offer Data Processing Agreements to all our EU-based customers, outlining the specific responsibilities and obligations related to the processing of personal data. You can request to enter a DPA with us here.
• Data Minimization: We collect only the data necessary to provide our services effectively, ensuring that we adhere to the principle of data minimization.
• Data Access Controls: We have robust access control measures in place to ensure that only authorized personnel can access personal data.
• Data Breach Protocols: We have established protocols to detect, respond to, and report any data breaches in a timely manner, as required by GDPR.
• User Rights Management: We support our customers in facilitating the exercise of data subjects' rights, such as the right to access, correct, delete, and port their data.

Information Security

We are committed to providing a secure environment for all the data we process. Church Service Hub's security practices are in line with industry standards and are continuously reviewed and updated to address emerging threats. Our servers are hosted on Amazon Web Services (AWS), which provides robust physical and virtual security measures to ensure data protection.

For more detailed information about our security measures, you can visit our Security Overview page.

Frequently Asked Questions (FAQs)

1. Does our church always need to collect consent from every individual in our database?

   Not necessarily. Consent is just one of several legal bases for processing data under GDPR. One of the provisions of GDPR allows for "legitimate interest" as a basis for processing personal data, especially in the context of churches and their members. This means that, in some cases, churches may process data without explicit consent, provided they have a legitimate interest that does not override the rights and freedoms of the individuals concerned.

2. Where are your servers located?

   Church Service Hub's servers and infrastructure are based in Amazon's AWS data centers, which are distributed globally. AWS provides a secure and scalable environment, ensuring that your data is protected regardless of where it is stored. This global distribution also ensures high availability and reliability of our services.

3. Who are your subprocessors?

   We work with several subprocessors to deliver the full range of Church Service Hub services. These subprocessors are carefully vetted to ensure they meet the same high standards of data protection that we adhere to. An up-to-date list of all our subprocessors is available here, where you can also subscribe to receive notifications before we engage with new processors.

Data Transfers and International Compliance

As a global service, Church Service Hub processes data across multiple jurisdictions, including transfers outside the European Economic Area (EEA). To ensure that all data transfers are compliant with GDPR, we implement appropriate safeguards, including:

• Standard Contractual Clauses (SCCs): For data transfers from the EEA to countries without an adequacy decision, we utilize SCCs to ensure GDPR compliance.
• Binding Corporate Rules (BCRs): For intra-group transfers within our organization, we may implement BCRs that are approved by data protection authorities.
• Adequacy Decisions: Where applicable, we transfer data only to countries that have been recognized by the European Commission as providing an adequate level of data protection.

Data Subject Rights

Under GDPR, data subjects (individuals whose data is being processed) have several rights regarding their personal data. These rights include:

• Right of Access: The right to request access to the personal data we hold about you.
• Right to Rectification: The right to request corrections to inaccurate or incomplete data.
• Right to Erasure: The right to request the deletion of your personal data under certain circumstances (also known as the "right to be forgotten").
• Right to Restrict Processing: The right to request the restriction of processing activities under specific conditions.
• Right to Data Portability: The right to receive your personal data in a structured, commonly used, and machine-readable format, and to request the transfer of that data to another controller.
• Right to Object: The right to object to the processing of your personal data under certain circumstances.
• Right to Withdraw Consent: Where processing is based on consent, the right to withdraw consent at any time for future processing.

To exercise any of these rights, individuals can contact their church directly, and Church Service Hub will provide all necessary support to facilitate these requests in compliance with GDPR.

Contact and Support

If you have any questions or concerns regarding our GDPR compliance, or if you wish to enter into a Data Processing Agreement, please contact us at:

Email: contact@churchservicehub.com

Mailing Address: