Controller of Personal Data
Church of God attaches utmost importance to the respect of your right to privacy and the protection of your personal data. Any personal data processed by the Church of God in connection with this Privacy Notice is controlled by the local and/or national Church of God, which is considered the “data controller” of your personal information under European Union General Data Protection Regulation (‘GDPR’).
Our address is Church of God Luxembourg, 67 rue Dominique Lang, L-3505 Dudelange, Luxembourg
What do we mean by personal data?
Personal data means any information that identifies you or could be used to identify you, such as your name and contact details.
When does this policy apply?
This Privacy Notice applies to personal data about you that we collect, use and otherwise process regarding your relationship with us as a church member or potential member, including when you use any of our services, websites or mobile applications.
When do we collect personal information about you?
We collect personal information about you whenever you use our website, or interact with us via email or otherwise contact us.
For additional details see ’What types of personal information do we collect and retain?’ below.
What types of personal information do we collect and retain?
We can collect the following categories of personal information:
- Your name, email address, mobile number, home address.
- For those becoming members we ask you to supply your nationality, marital status and number of children.
- Regarding our websites, we do not use cookies.
When and why do we collect ‘sensitive personal data’?
Certain categories of personal data, such as that about race, ethnicity, religion, health, sexuality or biometric information are special categories of data requiring additional protection under the GDPR and is referred to here as “sensitive personal data”. Generally, we try to limit the circumstances where we collect and process sensitive personal data. Examples of where we may collect and process ’sensitive personal data’ includes the following:
- You have provided specific medical information to us, including that of your children.
What do we use your personal information for?
The main purposes for which we use your personal information are:
- To provide you with up to date information on all church activities.
- To ensure members are enabled to participate in the business meetings of their church.
- To ensure children in our Sunday Schools are fully protected in case of medical emergencies and given back only into the care of their parents/guardians.
- To carry out statistical analysis of church attendees.
- To improve our websites and services.
- For registration to Sunday services re Covid regulations
- For management and administrative purposes.
When will we send you communications?
We will send you communications from churches in fellowship with the Church of God and our international body only when we have your permission.
We will respect your choice as to what communications you wish to receive and how these are sent.
How can you change what communications you receive, how you receive them and unsubscribe?
If you decide you would no longer like to be sent communications, you can change your mind at any time, by sending an email to the appropriate church pastor as follows:
- Oasis Church of God Luxembourg – https://www.oasis.lu/welcome/about-us/contact-us/
- El Shaddai Church of God Luxembourg – https://www.elshaddai.lu/ (then ‘contacts’ to fill in the contact form or email to info@elshaddai.lu)
- El Faro Church of God Luxembourg – email: faro.luxembourg@gmail.com
We aim to stop sending communications within 10 working days of receiving those requests, but you may receive some in the period before that change being made.
If you wish to change how we use your personal information, including exercising your right to be forgotten, please see the section “What are your legal rights in relation to the personal information we hold about you?“ and “How can you exercise your legal rights and change how we use your data?“
What is our legal basis for using your personal information?
The Church of God will only process your personal information where we have a legal basis to do so. The legal basis will depend on the reason or reasons we collect and need to use your information. Under EU data protection laws in almost all cases the legal basis will be:
- The protection of your vital interests or those of another person.
- The consent you provided to us using your information for a particular purpose.
More information on each legal basis is provided below.
If the processing of your data is subject to any other laws, then the basis of processing your data may be different to that set out above (e.g. compliance with legal obligation).
How long do we keep personal information?
We will keep your information only for as long as we need it for the purpose it is being processed for.
We will actively review the information we hold and delete it securely, or in some cases anonymise it when there is no longer a legal or member need for it to be retained. If you stop interacting with us as a member or visitor, we will remove or anonymise your information.
Performance of a contract with you
Legal contracts will only be made in the case of employment with the Church of God Luxembourg A.S.B.L.
- Legitimate Interests
As a church registered with the Church of God, Cleveland, TN, USA we have a legitimate interest to use the personal information we collect to provide Christian ministry through our normal services and ministries.
- Compliance with legal obligations
There may be situations where the Church of God is subject to a legal obligation and needs to use your personal information to comply with those obligations.
- To protect the vital interest of you or another person
There are situations where we may need to use your personal information to protect the vital interests of you or another person.
- Consent
Alternatively, we may collect and use your personal information where you have given your specific consent to us doing so.
If the basis of our processing your data is by consent, you can withdraw your consent to such processing at any time, including by contacting us by mail or email as described below:
Email: gdpr@coglux.com
Mail: 67 rue Dominique Lang, L-3505 Dudelange, Luxembourg
Who do we share your personal information with?
Your personal information may be shared with the Superintendent Western European Region of the Church of God, who is based within the European Union and additionally with the Church of God Cleveland, TN, USA for ministerial applications.
Your personal information will not be disclosed to other parties.
- What countries will your personal information be sent to?
On only certain occasions, your personal information may be sent to and stored by us and third parties in a country outside the country in which you are located and outside the European Economic Area. This is limited to communications to our International Church Headquarters in Cleveland, TN, USA.
This is due to the fact that certain appointments, training and ministerial credentials can only be handled by and through the International Church Headquarters in the USA.
Transfers of your personal data to the International Church Headquarters in the USA. are subject to an agreement between the Church of God and International Church Headquarters in the USA.
In addition, we may transfer your data to parties in other countries within the European Union as part of our church ministries.
What are your legal rights in relation to the personal information we hold about you?
Under the GDPR, you have certain rights about your personal information. Responses to exercise your rights will be provided within one month and generally, there is no fee for making these requests. If your request is particularly complicated we may extend the deadline for responding to three months, but we will let you know if this is the case.
We will handle all requests under applicable law. However, depending on the right you wish to exercise, and the nature of the personal information involved, there may be legal reasons why we cannot grant your request. Further explanations of those rights and the exceptions to them are set out below.
Details of how to exercise your rights are set out in the section below “How can you exercise your legal rights and change how we use your data?”
Your rights include the following:
- You may request us to stop sending you communications. Contact the Data Protection Officer (DPO) (see below for details).
- You may object to the use of your personal information where we are doing so under legitimate interests (see the section “What is our legal basis for using your personal information” for examples of when that applies).
- You may access the personal information we hold on you.
- You may ask us to correct the personal information that you have shared with us (the ‘right of rectification’) if that information is incomplete or incorrect. If you spot any inaccuracies contact the DPO.
- You may ask for personal information we hold about you to be deleted.
- You may ask to receive the personal information you shared with us in a structured format and to transmit this data to another data controller, unless this right negatively affects the rights and freedoms of third parties; considerations for deleting your personal data:
In some circumstances, we may not be able to provide all or parts of your information immediately as all records have defined retention periods that must be followed. Once the retention time has passed, if applicable, your data will be removed.
How can you exercise your legal rights and change how we use your data?
If you wish to change how we use your personal information, please contact our DPO at gdpr@coglux.com
We will ask for some information to identify you, which will only be used to process your request. We will verify your identity via email before continuing with your request. Email: gdpr@coglux.com
Alternatively, you can send a request by writing to us at the following address:
Data Protection Officer
67 rue Dominique Lang, L-3505 Dudelange, Luxembourg
- Accessing your personal information
If you wish to review the personally identifiable information recommend that you make a request in writing (by email or mail) and include the following information with your request:
- Your name and postal address
- Details of your request
- We need corroborating information to establish your identity this could be a photocopy of your passport or national identity card
- Your signature and the date of the request
- If you are applying on behalf of another person then signed authority from the individual is required
- Any details which may help us locate the information which is the subject of your request.
How to get in touch with us and your right to complain to our supervisory authority?
If you have any questions about this notice, please contact the Data Protection Officer at: gdpr@coglux.com.
You may also contact our national supervisory authority if you wish to lodge a complaint:
National Commission for Data Protection
15, Boulevard du Jazz, L-4370 Belvaux, Luxembourg
Tél. : (+352) 26 10 60 -1