Media policy

  1. All Saints’ Church is here to serve the community and show forth the love of God in Jesus Christ. All of the reasons we keep your personal data trace back, in the end, to our efforts to live out this mission day by day. We do our best to handle your data well. 
     
  2. This policy has also been designed to fulfil the legal obligations that we as a church have, particularly in relation to the General Data Protection Regulation (GDPR). The terms below concern photos and videos, but we also have more general Privacy Policy.
     
  3. How we handle photos and videos is also important for Safeguarding and the policy should be read in conjunction with the Guildford Diocese Safeguarding Policy, Procedures and Guidance. Additionally, the Church of England produces a Parish Safeguarding Handbook governing many aspects of good practice for working with children and young people and adults at risk, which covers photography and social media.
     
  4. We store photos and videos for a variety of different reasons. These include: (i) enhancing the activities we do (e.g., by creating video presentations to show in services); (ii) creating a rich historical record of church activities; (iii) reporting back on activities to church members or the local community; (iv) publicising future events; (v) information purposes (e.g., pictures of PCC members displayed in the church lobby); (vi) fundraising; (vii) legal reasons. 
     
  5. Photos and videos might be taken in a number of different locations and contexts. We have different procedures for each of these cases. 
    1. At large events in public places formal consent may not be required. This would include, for example, most services and the fete, as both the church and church field are freely accessible to the public. Nevertheless, where feasible, we still seek consent to hold and use photos, particularly of a single subject rather than a large group. We will display a suitably prominent notice in the church to alert people that photographs may be taken. 
       
    2. At smaller church events, we will display suitably prominent notices if photos are to be taken by the church, and advise people of this verbally at the start of the event, giving them the opportunity to decline on an individual basis. When we transfer data from the camera to our main storage platform, we will review our photo consents and delete any media for which we do not have explicit consent. 
       
    3. At events attended by children, we will take photos and/or videos of a child only with the explicit consent of their parents. 
       
  6. Photos may come into our possession in several different ways: 
    1. A representative of All Saints’ may take the photo. Typically, this might be an activity coordinator (e.g., Sunday Club leader) or designated helper and they will identify themselves at the start of the event. Since the act of taking the photograph constitutes “data storage”, we will obtain consent before taking the pictures (except in case 5(i) and 5(ii) above, where consent might be retrospective).
       
    2. Someone attending the activity may take the photo/video for personal reasons. This is allowed because the GDPR applies to organisations rather than individuals. We may then “adopt” the photo/video into our collection. If this happens by us requesting a copy of the media, then we will gain appropriate consent before we ask. Alternatively, if the photo or video is sent to us unsolicited (e.g., in an email) then we will seek appropriate consent as soon as possible and, if we don’t get the consent we will delete the item from our computers. 
       
    3. In rare cases, we may receive images as part of a historical archive. Where it is not possible to trace individuals to seek consent, we will hold and/or use the data as allowed by the GDPR under its “journalistic and academic exemption”.  
       
  7. We commit ourselves to handling your photo and video data well. This involves both storing them safely and controlling carefully who has access to the data. 
     
  8. We will store data using a cloud storage provider that is fully compliant with GDPR. Our current provider is Microsoft OneDrive for Business. 
     
  9. All photos and videos stored by All Saints’ will be accessible by the Vicar, who will grant access to view and process selected material on an individual basis and following the guiding principle of allowing the only the minimum access consistent with the processing needed in Section 4 above. All users given access in this way will be required to sign a non-disclosure agreement and will be given training in how to handle the data safely. 
     
  10. We will not share your photos or videos with others, publish them, or use them in any other way that would constitute disclosure without your explicit consent.      
     
  11. Photos and videos may be kept for different lengths of time, depending on which of the purposes in Section 4 above are relevant. The Church of England publishes guidance on retention policies.
     
  12. You have the right to withdraw your consent at any time and we will destroy all copies we have of your photos/videos. 
     
  13. We will review this policy from time to time. If we make any changes, we will publicise them widely (e.g., via the church website and/or via email).