St Andrew’s knows how important personal data privacy is to our stakeholders as we connect and serve members and non-members in the context of ministry activities and church business operations. In this regard, we are committed to follow best practices for non-profit organisations relevant to the collection, handling, holding, and use of your personal data. This is to ensure compliance with legal, statutory, regulatory or accounting requirements in Hong Kong.
According to the Hong Kong Personal Data (Privacy) Ordinance (the “PDPO”), personal data refers to information which relates to a living individual and can be used to identify that individual. It must also exist in a form which access to or processing of is practicable. We collect your personal data in both digital and paper forms. This statement outlines our practices and your choices concerning the collection and use of your personal data.
Purpose and Manner of Collection of Personal Data
We practice openness and transparency when collecting your personal data, whether via online or paper forms, to notify you the purpose of such collection. By completing the specific forms for our personal data collection process, you are in consent of the purpose and use for which such forms are derived. Whenever practicable, we make clear whether certain data we request from you is voluntary and optional for such purpose, namely to serve in the context of St. Andrew’s ministry activities and church business operations. By providing your personal data to us, you acknowledge that such provision is fair and reasonable.
The types of personal data we collect include (without limitation) the following:
- your personal information (e.g. your name, gender, date of birth);
- your contact information (e.g. telephone numbers, mailing or email addresses);
- your involvement in church and your availability to serve on ministry rotas;
- your professional positions or expertise;
- your credit cards or bank account information;
- your comments and responses to church surveys or feedback forms.
Use of Personal Data
The purposes for which your personal data are collected and used may include (without limitation) one or more of the following purposes:
- to maintain our list of church members;
- to recruit, support and manage volunteers;
- for registration and management of groups, events and courses;
- to communicate church information (e.g. newsletters, invitation to events or conferences, workshops and other activities);
- to maintain our accounts and records;
- to process and administer donations made by you.
We shall only collect data that are necessary for the purposes for which they are collected. We will not knowingly or intentionally use, share, sell, lease, transfer or disclose your personal information to any third parties except as may be required by any legal, statutory, regulatory or accounting requirements.
Subject to any legal, statutory, regulatory or accounting requirements, the personal data you provide to us will be kept by us in the appropriate form only for as long as it is necessary to fulfil the purposes mentioned above after which it will be destroyed.
We take all practicable steps to ensure your personal data is protected against unauthorized or accidental access, processing, erasure, loss or use. Precautionary measures are established to protect your personal data against unauthorised or accidental access. Additional measures are taken for ensuring the integrity, prudence and competence of persons having access to the data, including contractual obligations of our third party payment processors.
When making an online donation or payment on our websites, your credit card information is held by the third-party payment gateway services such as Stripe and Paypal, a secure payment processing facility, solely for the purpose of processing the payment. At no point will your credit card information be stored or held by us. The payment details are securely transmitted over encrypted communication channels to the third-party payment gateway.
In order to anticipate your needs, our websites may contain links to third party sites that are operated under different privacy practices and are independent from us. We have no control over their contents, privacy policies or compliance with the law. You should therefore be fully aware the provision of such links does not constitute an endorsement, approval, or any form of association by or with St Andrew’s.
Your Rights and How to Contact Us
You are entitled to:
- request access to or correction of your personal data;
- request deletion or erasure of your personal data;
- opt out of communications from us.
If you would like to exercise any of the above rights or obtain a copy of your personal data collected and held by St. Andrew’s, if you believe that any of your personal data which we collect and maintain is inaccurate, please email our Executive Director at firstname.lastname@example.org or write to her/him at St Andrew’s Church Office, 138 Nathan Road, Tsim Sha Tsui, Kowloon, Hong Kong.