DATA PROTECTION POLICY
Voyageurs Lutheran Ministry
Voyageurs Lutheran Ministry (VLM) is committed to processing data in accordance with its responsibilities under the GDPR. (read more)
When collecting personal data related to donations, program registration, conference bookings, and payment for services, VLM will only use platforms that provide protections for users.
The VLM Office Manager shall take responsibility for VLM’s ongoing compliance with this policy. These protections apply to all data processed on these platforms and will include:
a. Annual review
b. Individuals have the right to access their personal data and any such requests made to the respective platforms (Vanco, CampWise, GiveMN, GiveSmart).
c. All data processed must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests.
d. Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.
e. Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in the systems.
f. Ensure that personal data are adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
g. Take reasonable steps to ensure personal data is accurate.
h. Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.
i. Ensure that personal data is kept for no longer than necessary, and have in place an archiving policy for each area in which personal data is processed and review this process annually.
j. The archiving policy shall consider what data should/must be retained, for how long, and why.
k. Ensure that personal data is stored securely using modern software that is kept up to date.
l. Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorized sharing of information.
m. When personal data is deleted this should be done safely such that the data is irrecoverable.
n. Appropriate back-up and disaster recovery solutions shall be in place.
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data, VLM and its platforms shall promptly assess the risk to people’s rights and freedoms.
END OF POLICY