Purpose:

Our church is committed to protecting the personal information of everyone connected with our community—visitors, attenders, and members. This policy explains what information we collect, how it is used, how it is protected, and your rights regarding your personal data.

1. Information We Collect

We collect information needed for ministry, care, and church operations. This may include (but is not limited to):

• Visitors: Name, contact information, service attended, and voluntary feedback
• Attenders & Members: Name, home address, email address, phone number, mobile carrier, birthdate, gender, family relationships, giving records, participation in church ministries/events, photo(s)
• Special Categories: Pastoral care needs (kept strictly confidential and shared only with appropriate staff/elders), prayer requests, and spiritual decisions.

2. Personally Identifiable Information (PII)

PII refers to any data that could be used to identify a specific individual. In a church context, PII includes (but is not limited to):

• Full name
• Home address
• Email address
• Phone number
• Date of birth
• Family relationships
• Giving or financial records
• Photos when linked to identity

Our Commitment to Protecting PII:

• PII is collected only for ministry and administrative purposes
• Access to PII is restricted to staff, approved ministry leaders, and members of the church
• PII is never sold, rented, or shared with outside organizations
• Staff and approved ministry leaders handling PII are expected to attend training on confidentiality and proper use

3. How We Use Information

Personal information is used to:

• Communicate about church services, ministries, and events
• Provide pastoral care and discipleship support
• Facilitate ministry coordination and volunteer engagement
• Maintain accurate membership and giving records
• Create directories or contact lists (only with member consent)

We do not sell or rent personal information to third parties.

4. Data Security & Storage

• Personal data is stored securely in the church’s protected database and, when necessary, in locked physical files.
• Digital systems use role-based access, passwords, and encryption where applicable.

5. Sharing of Information

• Information is shared only within the church community for ministry purposes.
• Sensitive information (giving records, counseling notes, prayer requests) is shared only with appropriate leadership on a need-to-know basis.
• We will never publish personal data online.

6. Privacy for Minors

We take extra care to protect the privacy of children and youth under 12 years of age.

• Collection: Information about minors younger than 6th grade/12 years of age is collected from parents/guardians, not directly from the child.
• Use: Data is used only for children’s/youth ministry activities, safety, and communication with parents/guardians.
• Opting Out: Parents/guardians can opt out of having their child’s name, photo, or information in any church directory, publication, or online content by contacting the Church Office.
• Protection: Minor data is never shared outside the church and is not visible to the general congregation in directories unless parents/guardians opt in.

7. Data Retention & Disposal

• Records are retained for ministry and legal purposes.
• Giving and financial records are retained in compliance with legal and tax requirements.
• When records are no longer needed, they will be securely deleted or destroyed (e.g., shredding paper files, wiping digital data).

8. Use of Third-Party Services

• The church may use trusted third-party vendors for services such as online giving, church management software, or communications.
• Only vendors with appropriate data security protections are chosen.
• Data is shared with these vendors only as needed for ministry or administrative purposes.

9. Photography & Media

• Photos and videos may be taken during worship services, events, and ministry activities.
• Adults may request not to have their photo published in church materials by contacting the Church Office.
• For minors under the age of 12 (6th Grade), parent/guardians can opt out of having their child’s name, photo, or information in any church directory, publication, or online content by contacting the Church Office.

10. Emergency or Legal Exceptions

The church may share personal information if required by law or in situations involving:

• Mandatory child protection or safety reporting.
• Legal investigations or subpoenas.
• Immediate concerns for health or safety.

11. Data Breach Response

• In the event of a data breach, affected individuals will be notified promptly.
• Steps will be taken immediately to contain the breach and protect information.
• Corrective measures will be put in place to prevent future occurrences.

12. Responding to Requests for Contact Information or Database Access

To protect the privacy of members and attenders, the church office will not release personal contact information or provide access to the church database when someone other than an Elder, Ministry Leader, or Member calls, emails, or visits the office requesting the data. Instead, staff and volunteers will respond in one of the following ways:

• For personal contact requests: Staff will offer to pass the caller’s/visitor’s message along to the individual they are trying to reach, allowing the individual to decide whether to respond.
• For group or directory requests: Staff will explain that directory access is limited to staff, ministry leaders, and members through secure, approved channels and cannot be distributed outside of those parameters.
• For database access requests: Staff will explain that the church database is a secure system and is not available for public or general access.This ensures that each individual’s privacy is respected and they control how and when they share their own information.

13. Church Attender Rights

You have the right to:

• Request to see what information the church holds about you
• Update or correct your information
• Withdraw consent for inclusion in directories or communications
• Request that your information be visible to church staff only, or as possible, removed (subject to legal and financial record-keeping requirements)

14. Accountability & Updates

• This policy is reviewed annually by church leadership
• Any breaches or misuse of data will be taken seriously and addressed promptly
• Updates to this policy will be communicated to church attenders in a timely manner
• A condensed version of this Data Use & Privacy Policy will be posted on the OCF Website, with reference to the full policy

Last Updated 08/21/25