As a responsible and respected global organisation, the Redeemed Christian Church of God (RCCG) 2530 is committed to protecting the privacy and security of personal data in accordance with applicable data protection laws and regulations. This Data Protection Policy (DPP) outlines the RCCG Mission as a commitment and dedication to safeguarding personal data and the processing of same (that is, the collection, processing, storage and management).
This policy applies to all employees, contractors, members and third parties who handle personal data on behalf of the RCCG Mission. It covers all personal data collected, processed and stored in any manner/form, electronic, paper or verbal forms in the provision of the RCCG Mission's services and conferment of privileges.
The RCCG Mission has appointed a Data Protection Officer (DPO), who is responsible for overseeing data protection matters, ensuring compliance with applicable laws and acting as a point of contact (P.O.C) for data subjects and regulatory authorities.
Data subjects hereby consent to the RCCG Mission's processing of their personal data when voluntarily provided on our various platforms and or meetings, whether physical gathering or online programmes. Your participation in any of our meetings on any of our various platforms is consent to process your personal information so gathered for our ecclesiastical purposes. In this case, many of our meetings are live-streamed and recorded for later online posts and images captured via our media outlets and adopted for wider global reach in furtherance of the Mission's ecclesiastical purposes. Most of our physical gatherings are CCTV monitored for security reasons, and images captured may be processed for lawful purposes and under lawful obligations.
Where applicable, RCCG Mission will require the explicit consent of members, visitors, and other relevant stakeholders to process collected personal data. Visitors to RCCG Mission's website are expected to read and understand the website privacy notice and then agree to the website's terms of use. By consenting to the privacy policy, data subjects are giving RCCG Mission permission to use/process their personal data specifically for the purpose identified before collection. On this ground, if any data subject (member, visitor, staff, or general third-party) does not agree to RCCG Mission collecting and processing their personal data, such individual shall not enjoy RCCG Mission's privileges and service(s) where applicable. If, for any reason, RCCG Mission is requesting sensitive personal data from its stakeholders (external and internal), the individuals will be rightly notified why and how the information will be used. Where processing relates to a child under 18 years old, as in the case of NDPA or 16 years in the case of General Data Protection Regulation (GDPR), RCCG Mission shall demonstrate that consent has been provided by the person who holds parental responsibility over the child. RCCG Mission shall demonstrate that reasonable efforts have been made to verify the child's age and establish the authenticity of the parental responsibility with due consideration for available technology.
RCCG Mission identifies and documents the specific purpose of processing and the legal basis for processing personal data (including any special categories of personal data processed) before any processing operation takes place under:
In addition, every processing purpose has at least one lawful basis for processing to safeguard the rights of the data subjects, as listed below:
Irrespective of the initial consent given, an individual can withdraw their consent at any time by making a withdrawal of consent request. RCCG Mission admits the data subject (member, visitor, vendor, staff, or third party) has withdrawn consent to the processing of his or her personal data with written instruction from the data subject. For child consent, RCCG Mission shall admit that the holder of parental responsibility over the specified child has withdrawn consent via written instruction from the parent. RCCG Mission will also demonstrate that reasonable efforts have been made to establish the authenticity of the parental responsibility when withdrawing consent for the specified child, considering available technology. Where applicable, the Data Protection Officer will inform the relevant process owner of this change and the processing activities that relied upon the consent will be stopped and withdrawn immediately in accordance with the relevant process.
All employees of the RCCG Mission, whether full-time or part-time, are responsible for the proper handling of personal data in their daily activities and work routines. They must adhere strictly to this policy and report any data breach to the DPO immediately.
The RCCG Mission will not collect personal data more than is necessary for the purpose for which they are needed.
The RCCG Mission will only collect data when it has a lawful basis for collecting same, including the data subject's consent, contractual necessity, legal obligation, legitimate interest or the protection of vital interests.
Data subjects will be informed of the purposes for which their data is collected and processed and the consequential rights in relation to their data.
Aside from situations where RCCG Mission may be required to disclose the personal data of individuals in accordance with a legal obligation in response to requests by government authorities or law courts on matters involving national security or law enforcement requirements, RCCG Mission will not pass on its data subjects' personal data to third parties without first obtaining consent. In situations where the processing of personal data will involve investigation of potential violations of RCCG Mission's Terms of Service, fraud prevention/mitigation, security issues management, and the preservation of the rights and freedom of staff and members, RCCG Mission shall establish an appropriate legal ground for such data transfers. RCCG Mission has put in place, to the best of its ability and in line with standard global practices, physical, technical, and organisational measures (including secure encryption and anonymisation) to ensure the optimum protection of personal data collected.
RCCG Mission may also engage third parties abroad (such as other banks, contractors, government-authorised agencies, etc.) that will receive personal data for a certain purpose(s) as part of RCCG Mission's ecclesiastical activities and process them on RCCG Mission's behalf. Where this is the case, RCCG Mission will enter into a Data Processing Agreement with the third party and also ask for consent if the purpose of
processing was not initially stated on the inception and be satisfied that the third party has adequate measures in place to protect the data against accidental or unauthorised access, use, disclosure, loss, or destruction. In such a case where the disclosure is to third parties outside the jurisdiction of the NDPA, RCCG Mission will ensure that the third party meets the core global regulatory standards prior to the transfer. This may include transferring the personal data to a third party where RCCG Mission is satisfied that:
RCCG Mission stores a broad spectrum of personal information. All information RCCG Mission holds is stored and retained, stored and destroyed in compliance with NDPA's guidelines on the retention of records and personal data. RCCG Mission will retain your personal data as long as the information is active on RCCG Mission's systems and necessary for RCCG Mission's operations and service delivery purposes. This retention period is verified and established with special considerations to the following areas:
When the personal data is no longer needed or beyond the stipulated retention period, RCCG Mission will delete or destroy it from its systems and records or take steps to securely archive it while protecting your identity and privacy rights, as the case may be.
At any point while RCCG Mission is in possession of or processing personal data, the data subject has the right to:
If, for any reason, a vendor/contractor, customer, or staff wishes to make a complaint about how RCCG Mission (or any of RCCG Mission's third parties) handles or have handled their personal data or how their complaint has been handled, they have the right to lodge a complaint directly with the supervisory authority and RCCG Mission Data Protection Officer. Below are the details for each of these contacts:
Supervisory Authority
Data Protection Officer (DPO)
In the event of an infringement of data protection rights, we will ensure any damage is remedied within the shortest possible time. As an ecclesiastical body, the RCCG Mission also encourages negotiation and mediation as best means of resolving any privacy protection related issues. However, you are at liberty to report to the Nigeria Data Protection Commission (NDPC) or seek other legal remedies.