Privacy Policy and Data Protection for Users of Hillsong.com

INTRODUCTION

Welcome to Hillsong.com. The website on which this Policy is hosted is owned and managed by Hillsong International Ltd as trustee for Hillsong International (“Hillsong”).

This Privacy Notice describes how Hillsong churches globally, including in the European Economic Area which includes the UK, EU and Norway (“EEA”) (altogether “Hillsong Churches”) and the church referred to at the foot of the Policy (“the Local Church”) and Hillsong collect, use, disclose, transfer, store, retain or otherwise process your information, whether provided through the website, or acquired directly by any other means, and will be dealt with in accordance with the Law.

By continuing to browse and use this website you are accepting the terms and conditions of use, which govern the Local Church and Hillsong’s relationship with you.

INTERPRETATION

Whenever “We”, “Our” or “Us” is used in this Policy it is referring to your relationship with and an obligation or right, in both Hillsong and the Local Church.

“Data Controller” is the entity that determines the purpose for which personal data is collected and processed.

“Data Processor” is the entity processing personal data on behalf of the Data Controller

“Personal Data” is any information about a living individual, which allows them to be identified, such as a name, email or photograph and can identify them alone or in conjunction with other information.

DATA PROTECTION LAW

This policy explains how we comply with laws and regulations in our respective countries and the General Data Protection Regulation (GDPR) and the Privacy & Electronic Communications Regulations 2003 (“the PECR”) relating to electronic communications (jointly and severally, ”the Law”).

Hillsong has agreed with the Local Church that:
a. the Local Church will manage content on that part of the website dedicated to the Local Church where the policy is posted, for example, hillsong.com/london, and in particular, registration for events and online giving;

b. all Personal Data relating to persons resident in the EEA acquired from or relating to such persons accessing the website for any purpose including, without limitation:

i. making a donation;
ii. registering for any event;
iii. acquiring goods or services through this website;

will be dealt with in accordance with this Policy and the Law;

c. such information will be kept confidential and only be provided to third parties, who assist us, provide goods or services requested by such persons, or with their prior consent.

We will adhere to the Principles of Data Protection as detailed in GDPR. Your information will be:

a. processed lawfully, fairly and in a transparent manner;

b. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;

c. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

d. accurate and, where necessary, kept up to date;

e. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;

f. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage using appropriate technical or organisational measures.

DATA CONTROLLERS and DATA PROCESSORS

Although Hillsong and the Local Church are separate organisations, they work together and may need to share personal data so that each can carry out their responsibilities as churches, support the church community and provide products and services you request.

Whilst this Privacy Notice is posted on the website by Hillsong as a Data Controller, it is on the section of the website managed by the Local Church where the Local Church is also a Data Controller of personal data you provide.

If you provide personal data directly to the Local Church or through involvement at the Local Church, or to staff or volunteers, the Local Church is Data Controller responsible to comply with its legal obligations under GDPR. Where consented or permitted, this personal data is shared with Hillsong and Hillsong may either process such data on behalf of the Local Church, or as a joint Controller use for its own purposes.

Where Hillsong and the Local Church are joint Controllers, both are responsible for how your data is processed.

EEA REPRESENTATIVE

As Hillsong is a Data Controller based in Australia, each Local Church in the EEA is the country representative for Hillsong in the jurisdiction in which the Local Church is established to assist Hillsong with the collection, storage, use and transfer of information and compliance with all applicable data protection laws.

SCOPE OF THE POLICY

Hillsong and Hillsong Churches take your privacy very seriously and this Policy has been adopted as it recognises the right of people to keep their personal information private.

By providing Personal Data, including by use of this website, you agree to allow us to contact you, including by mail, email, telephone or SMS text message, in connection with our charitable purposes:

a. for our legitimate interests, in accordance with current data protection regulations; or

b. on the basis of the consents you have given.

Modifying Your Preferences

If at any point you would like to change your preferences and:

1. you do not wish to receive further communications from Hillsong and/or the Local Church you attend or previously attended; OR

2. you wish to change the way you receive any communication

follow the procedure under Your Rights below.

If you disagree with any part of this policy, please do not provide Personal Data to us and do not use the website.

HOW PERSONAL INFORMATION IS COLLECTED

Personal Data is collected each time you are in contact with us, for example, when you:

a. visit the website (see the Cookies Policy);

b. make a donation to the Local Church;

c. register for a Hillsong conference or a Local Church event;

d. apply for a job or volunteer at the Local Church;

e. provide your contact details, in writing or orally, to the Local Church staff or volunteers;

f. purchase goods or services from Hillsong, through the website, or directly from the Local Church and when you provide credit or debit card details;

g. participate in other Local Church activities e.g. Groups;

h. contact us by means such as email, text, letter, telephone;

i. have face to face meetings with staff and volunteers;

j. access social media platforms such as Facebook, YouTube, WhatsApp, Twitter, Instagram;

k. register with MyHillsong.com and grant Hillsong permission to provide the Local Church with access to your personal data and give consent to be contacted by Hillsong and/or the Local Church.

TYPES OF INFORMATION COLLECTED

Personal Information

The types of personal information collected by us include:

• personal details such as your title, name and date of birth;

• contact details such as postal address, post code, email, mobile and telephone numbers;

• when relevant to our mission, demographic information such as marital status, nationality, education, employment/qualifications and family details;

• financial information such as donation history and your bank details;

• whether you are a tax payer in the place where the Local Church is registered;

• spouse and family details when you jointly volunteer, register for events, and/or register your children for any reason at Hillsong or the Local Church;

• non-financial information such as passports, driving licences and financial information such as salary records, tax codes and expenses claims;

• employee and volunteer data such as qualifications, languages and experience;

• records of your contact with us;

• photographs provided by you or taken at Hillsong or Local Church services or events;

• visits to the website to enable Hillsong to improve its effectiveness and better promote church services and events.

Sensitive/Special Category Personal Information

We may collect and store sensitive personal information (Special Category Information under GDPR) such as:

• health information provided during pastoral meetings;

• health information to assist attendance at Hillsong or Local Church services and events;

• religious information (attendance at Local Church and/or Local Church events / activities, personal faith decisions, baptism);

• religious affiliation, permitted when you and/or your family attend, register for Hillsong and/or Local Church events and conferences;

• prayer requests.

HOW WE USE YOUR INFORMATION

We collect information about you for a variety of uses based on different reasons. For example, some of the information is disclosed in order to register for activities or events, sometimes we are required by law and regulations to collect and process information about you, and at other times we consider it is in our legitimate charitable interest to collect and process information.

Your personal information will be dealt with in accordance with the Law. It is never sold, nor given away. It is only shared with others where you have given consent or where it is permitted or required either contractually or legally.

We will not use your personal information for any other purpose without first seeking your consent, unless authorised or required by law.

Generally, uses of your personal information based on our legitimate charitable interests and on your consent may include:

• keeping you informed as to Hillsong and/or Local Church services, activities, events, resources and conferences;

• to promote the interests of Hillsong, its Christian mission and its charitable objects;

• to manage employees and volunteers;

• to fundraise and process donations and related statutory rights and obligations;

• to establish and maintain your involvement with us, events you have attended, what areas and activities of the Local Church you have supported, record and acknowledge any donation, to provide the products or services you have requested;

• to answer an inquiry or request for further information or complaint about us, our services, activities and events;

• to register you for events, conferences and provide the services requested;

• to carry out analysis and market research and improve our website and communications, for example by matching anonymised user’s data with social media sites such as Facebook to better understand people’s interests;

• to assist the Local Church to provide services and products more valuable to those involved in Hillsong and the Local Church community;

• to improve our ability to assist the Local Church attendees and the wider community;

• to assist the Local Church and associated Hillsong Churches with management and administrative purposes such as accounting, credit/debit card payments, anti-fraud measures, maintenance and development.

Legal Basis for Using Your Personal Information

We will only process your personal information where we have a legal basis to do so. The legal basis will depend on the reason or reasons we collected and need to use your information. Under the Law in almost all cases the legal basis will be:

• because it is in our legitimate interest as registered charitable and Christian religious entities to use your personal information to operate and improve our service as churches;

• to fulfil any contractual relationship we have with you in relation to provision of products or services, such as registration at events;

• because you have consented to Hillsong and/or the Local Church using your information for a particular purpose;

• because we need to use your personal information to comply with a legal obligation, such as protection and welfare of individuals;

• to protect the vital interests of you or another person, for example, in pastoral situations;

• to process sensitive / special category personal data that is relevant to us as a not for profit religious organization;

• where you have given consent for us to contact you by email, phone or SMS, to send you information and marketing communications.

DATA STORAGE AND WHO SEES YOUR INFORMATION

Information you provide electronically, including through this website, may be held on computers in Hillsong Churches locations and on servers in Australia, the EEA and the USA.

Information you provide in paper form, such as consents, letters or recorded in meetings with staff or volunteers, may be transferred to secure virtual systems or stored in secure physical filing systems.

Subject to compliance with our data management policies and procedures, and in compliance with the above Data Protection Principles, information may be accessed, used and stored:

a. on computers in Hillsong Churches locations and servers based in the EEA, Australia and the USA; and

b. by a limited number of staff or key volunteers under a duty of confidentiality who are involved in development, maintenance and operation of the website Hillsong.com, and MyHillsong.com, or the services provided through them, or who act for us for the uses set out in this policy, or other purposes approved by you. Those parties may also process information, fulfil and deliver orders, process credit card payments and provide support services to us.

Third party service providers may process information, fulfil and deliver orders, process donations and credit card payments, and provide support services on our behalf. Where such details are shared, agreements in place restrict the use of your information to the purpose for which it is provided and ensure it is stored securely and in accordance with applicable data protection and privacy laws.

One of our main providers is The Rocket Science Group in the USA d/b/a MailChimp, which provides email communication services and is certified under the EU-US Privacy Shield Framework approved by the European Commission.

We do not sell or pass any of your personal information to any other organization and/or individuals without your express consent, unless required by law.

Financial Records and Card Details:

All financial payments and records are held in accordance with The Payment Card Industry Data Security Standard (“PCI DSS”).

All credit/debit card donations made online or by phone, are made securely through third party service providers and payment gateways, which comply with the PCI DSS. Unredacted card details are not recorded and stored on our systems.

We do not store unredacted financial details (credit or debit card numbers) obtained through online transactions nor do we pass any information to third parties, except where we are legally required to do so, to assist fraud reduction, or to provide a service requested and minimise credit risks.

HOW LONG WE RETAIN YOUR INFORMATION

We will only keep your personal information for as long as it is required and in accordance with the Law and other legal requirements.

If you have indicated that you no longer wish to hear from us, we will keep the minimum information necessary to ensure that no future contact is made.

However, even after you modify your communication preferences, we may retain copies of information about you for a period of time that is consistent with applicable law, applicable statute of limitations or as we believe is reasonably necessary to comply with applicable law, regulation, or legal process.

Where we hold Sensitive Category Personal Information, unless we have evidence of your regular contact with us or we are required by law to retain, the sensitive information will be deleted after a period of two (2) years.

COOKIES

We use various technologies to collect information when you access or use Hillsong.com, including placing a piece of data, commonly referred to as a “cookie on your device. Cookies are small data files that are stored on your hard drive or in your device memory when you visit a website or view a message. By using Hillsong.com, you permit us to collect and use your information from activity on devices you use in accordance with this Privacy Notice. For more information and to learn how to block or delete cookies used on Hillsong.com, please see our Cookie Policy.

YOUR RIGHTS

Personal Information

Where you have provided your consent to us processing your personal data, you may withdraw this consent at any time. In addition, the Law gives you the right, under certain circumstances:

• to request in writing and securely obtain copies of the personal information we hold about you;

• to correct or update your personal information held by us;

• to request us to stop using your personal information for marketing purposes or for any other purpose where there is no legal requirement for continued processing;

• to object to profiling activities based on our legitimate interest;

• to request to have all personal data deleted (in the EEA only). To exercise any of these rights please contact privacy@hillsong.com or contact the Data Protection Officer (contact details set out below).

Please tell Hillsong or the Local Church as soon as any of your contact details change so that records can be kept up to date.

We will take reasonable steps to correct any of your information, which is inaccurate, incomplete or out of date.

If you wish to have your personal information deleted, please contact the Data Protection Officer at Hillsong or the Local Church you attend (or previously attended if you no longer attend a Hillsong Church) and wherever practicable that information will be deleted.

A request to access, amend or delete your personal information may be refused in certain circumstances. If refused, you will be provided with a reason for the decision and, in the case of amendment, will note with your personal information that its accuracy is disputed.

Marketing Communications

The Privacy and Electronic Communications Regulations (PECR) gives you the right:

* to choose whether or not to receive marketing communication from us by email, text or telephone;

* to know about the cookies Hillsong uses, so that you can decide whether to give permission to store a cookie on your device. Please see the Cookies Policy on Hillsong.com.

You can change the way you are contacted, or the kind of material sent to you, at any time by contacting us by mail or e-mail using the contact details below.

Modifying Your Preferences

You will have the opportunity to decline to accept communications at any time and discontinue receiving such communication by:

a. following the instructions to “unsubscribe” on any email or text communication received from Hillsong and/or the Local Church;

b. emailing privacy@hillsong.com;

c. emailing the Local Church which you attend or previously attended, or which contacted you.

SECURITY

Reasonable steps will be taken to keep secure any personal information, which is held.

Personal information, held electronically, is stored in a secure server or secure files.

The Internet is not a secure method of transmitting information. Accordingly, no responsibility is accepted for the security of information you send to or receive from us over the Internet or for any unauthorised access or use of that information.

Security measures are taken to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage.

Where we have given you, or where you have chosen security codes (username, password, memorable word or PIN), which enable you to use any online service, you are responsible for keeping these security details confidential.

LINKS AND SOCIAL MEDIA

This website may also include links to other websites or may provide social media buttons, permitting sharing web content directly to a social media platform, such as Facebook, Twitter, WhatsApp and YouTube.

We do not endorse social media website(s) and have no responsibility for the content unless posted by or approved by us nor are we responsible for the cookies such websites may contain.

Use of such buttons or links is at your own risk and you must verify authenticity of sites before posting or providing personal information on such sites.

We do not ask for passwords or personal details on social media.

Websites such as Vimeo and YouTube are used to embed videos on the website and service providers such as Brushfire, MailChimp and Google Analytics may send their own cookies via this site. Please look at the cookie and privacy policies on these third-party sites if you want more information about this.

This website may also contain sponsored links and adverts. These may typically be through related Hillsong Churches, partner ministries or service providers, who may have their own detailed privacy policies.

DOWNLOADS

Any documents or files made available to download from our website are provided at users’ own risk.

REPORTING CONCERNS

Please contact either Hillsong or the Local Church if you wish to raise a concern about handling of your personal information through this website or directly to the Local Church if it involves information provided by other means.

You also have the right to lodge a complaint with the Data Protection Authority Office (see contact details below) about how your data is managed.

CHANGES TO THIS PRIVACY NOTICE

Hillsong may amend this Policy from time to time to reflect changes in best practice, security and control and to ensure compliance with any changes or amendments to the Law or other applicable legislation in the EEA. Any amended version will be available on the website. We suggest you visit regularly to keep up to date with any changes.

CONTACT

Contacting Hillsong and/or Your Local Hillsong:

If you would like any further information, or have any queries, problems or complaints relating to the Privacy Policy or our information handling practices in general, please contact the appropriate person/s below:

Hillsong International Ltd as trustee for Hillsong International
Att: Privacy Officer
1-5 Solent Circuit, Baulkham Hills NSW 2153,
Australia
Ph.: +61 2 8853 5353
Email: privacy@hillsong.com

Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
enquiries@oaic.gov.au
Enquiries Line:  1300 363 992.

The following are the nomintated representatives of Hillsong International in each EEA country

Hillsong Church UK
Att: Data Protection Office
425 New Kings Road, Fulham, London SW6 4RN.
PO Box 29971, London, SW6 2WX.
Ph.: +44 (0) 20 7384 9200,
Email: dataprotection@hillsong.co.uk

Information Commissioners Office (UK)
https://ico.org.uk/concerns/
Helpline: 0303 123 1113

Hillsong Church France
Attn: Délégué à la protection des données
108, Avenue du Maine
75014 PARIS
Tél : +33 (0) 9 74 77 75 75
E-mail: dpd@hillsong.fr

Commission nationale de l’informatique et des libertés 
3 Place de Fontenoy, TSA 80715
75334 PARIS CEDEX 07, France
Fax: +33 (0)1.53.73.22.00
Tel: +33 (0)1.53.73.22.22
https://www.cnil.fr/en/contact-cnil

Hillsong Church Germany & Zurich
Att: Datenschuzbeauftragter: Christoph Kutschbach
Schneckenburgstraße 11
778467 Konstanz
Deutschland
Ph.: +49 7531 3 61 61 77
Email: datenschutz@hillsong.de

Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Husarenstr. 30 – 53117 Bonn
Phone: +49 (0)228-997799-0
Fax: +49 (0)228-997799-5550
Email: poststelle@bfdi.bund.de

Hillsong Church Sweden
Att: Data Protection Officer: Abraham Asaph
Box 41
101 20 Stockholm
Ph.:  +4672 004 47 48
Email: abraham.asaph@hillsong.se

The Swedish Data Protection Authority; Datainspektionen
Datainspektionen, 104 20 Stockholm
Box 8114
+46 08-657 61 00
Fax: 08-652 86 52
datainspektionen@datainspektionen.se

Hillsong Church Norway
Att: Data Protection Officer
Pb 32, 4001 Stavanger
Ph.: + 47 977 67 456
Email: rune.sorbo@hillsong.no

The Norwegian Data Protection Authority (DPA); Datatilsynet
Tollbugata 3, 0152 Oslo
P.O. Box 8177 Dep., 0152 Oslo
+ 47 22 39 69 00
postkasse@datatilsynet.no

Hillsong Church Portugal
Att: Data Protection Officer: Priscila Costa
Ph.: ‭+351 936 887 812
Email: priscila.costa@hillsong.pt

Comissäo Nacional de Protecçäo de Dados
R. de São Bento 148, 1200-031 Lisboa, Portugal
T +351 21 392 84 00
F +351 21 397 68 32
geral@cnpd.pt

Hillsong Church Spain
Att: Data Protection Office
425 New Kings Road, Fulham, London SW6 4RN.
PO Box 29971, London, SW6 2WX.
Ph.: +44 (0) 20 7384 9200,
Email: dataprotection@hillsong.co.uk

Hillsong Church Spain
Att: Data Protection Office
425 New Kings Road, Fulham, London SW6 4RN.
PO Box 29971, London, SW6 2WX.
Ph.: +44 (0) 20 7384 9200,
Email: dataprotection@hillsong.co.uk

Agencia Española de Protección de Datos
The Spanish Data Protection Authority
C/ Jorge Juan, 6. 28001 – Madrid

+34 901 100 099 & +31 912 663 517
http://www.agpd.es/portalwebAGPD/index-ides-idphp.php

Federal Data Protection and Information Commissioner
Office of the Federal Data Protection and Information Commissioner FDPIC
Feldeggweg 1, CH – 3003 Berne
Telefon: +41 (0)58 462 43 95 (mon.-fri., 10-12 am)
Telefax: +41 (0)58 465 99 96
https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html

Hillsong Church Genève
Attn: Délégué à la protection des données
Case Postale 212
CH – 1226 Thônex
Tél : +41 (0) 78 732 67 57
E-mail : dpd@hillsong.ch

Federal Data Protection and Information Commissioner
Office of the Federal Data Protection and Information Commissioner FDPIC, Feldeggweg 1, CH – 3003 Berne
Telefon: +41 (0)58 462 43 95 (mon.-fri., 10-12 am)
Telefax: +41 (0)58 465 99 96
https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html

Hillsong Church Denmark
Att: Data Protection Officer
Vermlandsgade 51, 1st Floor,
2300 Copenhagen S
Ph.: +45 28 76 40 00
Email: legal@hillsong.dk

Local Information Commissioner Office
Datatilsynes / Data protection agency
+45 33 19 32 00
dt@datatilsynet.dk
https://www.datatilsynet.dk/english/the-danish-data-protection-agency/introduction-to-the-danish-data-protection-agency/

Hillsong Church Netherlands
Att: Data Protection Officer: Harm Jan Niemeijer
Bezuidenhoutseweg (alleen volgens afspraak) 30, 2594 AV Den Haag
Postbus 93374, 2509 AJ Den Haag
Ph.: +31(0)625035181
Email: arjan.niemeijer@hillsong.nl

Local Information Commissioner office
Autoriteit Persoonsgegevens
T: 0900 200 12 01
W: https://autoriteitpersoonsgegevens.nl/nl

Hillsong Church Italy 
Att: Data Protection Office
425 New Kings Road, Fulham, London SW6 4RN.
PO Box 29971, London, SW6 2WX.
Ph.: +44 (0) 20 7384 9200,
Email: dataprotection@hillsong.co.uk

Garante per la protezione dei dati personali
Piazza di Monte Citorio, 121 – 00186 Roma
Phone: +39-06-6967 71
Fax: +39-06-6967 73785
E-mail: garante@gpdp.it
http://www.garanteprivacy.it/web/guest/home_en

Hillsong Church Hungary 
Att: Data Protection Office
425 New Kings Road, Fulham, London SW6 4RN.
PO Box 29971, London, SW6 2WX.
Ph.: +44 (0) 20 7384 9200,
Email: dataprotection@hillsong.co.uk

Hungarian National Authority for Data Protection and Freedom of Information
Address: H-1125 Budapest, Szilágyi Erzsábet fasor 22/c.
T +36 1 391 1400
F +36 1 391 1410
http:\\www.naih.hu
ügyfélszolgálat@naih.hu