Data Protection & Privacy Policy - The Keeper's House Chapel International

1. Introduction

The Keeper's House Chapel International ("TKHCI", "we", "us", or "our") is committed to protecting the personal data of our members and visitors in accordance with the Data Protection Act, 2012 (Act 843) of Ghana and other applicable laws. Where members are resident in the European Economic Area ("EEA"), we also process personal data in accordance with the EU General Data Protection Regulation (GDPR) — see Section 14.

This Policy explains what personal data we collect when you register as a member of TKHCI, why we collect it, how we use and protect it, and what rights you have over your data.

By completing the TKHCI membership registration form, you acknowledge that you have read and understood this Policy and consent to the collection and processing of your personal data as described herein.

2. Data Controller

The data controller responsible for your personal data is:

The Keeper's House Chapel International
Headquarters, Accra, Ghana
Email: info@keepershousechapel.com
Website: keepershousechapel.com

For any data protection enquiries, please contact us at the address above and mark your correspondence: "Data Protection — Private & Confidential".

3. Personal Data We Collect

When you register as a member of TKHCI, we collect the following categories of personal data:

Category	Data Collected
Identity	First name(s), last name, gender, date of birth, marital status
Contact	Primary phone number, secondary phone number, email address, residential address
Professional	Occupation
Emergency Contact	Name and phone number of a nominated emergency contact person
Church Participation	Preferred service, join date, branch affiliation, ministry group membership, chapel group assignment
Attendance	Records of attendance at church services and events
Ministry Roles	Worker status, ministry department assignments, clergy role designations (where applicable)

We do NOT collect sensitive data such as national identification numbers, financial account details, or health information through our membership registration process.

4. How We Use Your Personal Data

We process your personal data for the following lawful purposes:

Membership administration — maintaining accurate membership records across our branches
Pastoral care — enabling branch pastors to follow up with members, track attendance, and identify members who may need support
Communication — sending SMS or email notifications related to church activities, birthday greetings, ministry assignments, and important announcements
Ministry coordination — assigning members to ministry departments, chapel groups, and church services
Visitor follow-up — tracking and following up with first-time and returning visitors
Statistical analysis — generating anonymised attendance and growth reports for church leadership
Emergency contact — contacting your nominated emergency contact in the event of an emergency

We will not use your personal data for any purpose other than those listed above without obtaining your prior consent.

5. Legal Basis for Processing

We process your personal data on the following legal bases under the Data Protection Act, 2012 (Act 843):

Consent — you have given explicit consent at the time of registration
Legitimate interests — processing is necessary for the legitimate interests of the church in managing its membership and pastoral activities, provided those interests are not overridden by your rights
Contractual necessity — processing is necessary to fulfil our obligations to you as a member of TKHCI

For members resident in the EEA, the additional GDPR legal bases that apply are:

Article 9(2)(d) GDPR — processing is carried out by a not-for-profit religious body in the course of its legitimate activities, and relates solely to its own members. This is the primary basis for processing church membership data.
Article 6(1)(b) GDPR — processing is necessary for the performance of our membership obligations to you
Article 6(1)(f) GDPR — processing is necessary for the legitimate interests of the church, provided those interests are not overridden by your fundamental rights

6. Who Has Access to Your Data

Access to your personal data within TKHCI is strictly controlled on a need-to-know basis:

Branch Pastors — can view and manage data for members registered at their branch only
Branch Administrators — can view and manage data for members registered at their branch only
Headquarters Administrators — can view data across all branches for oversight and reporting purposes
IT System Administrators — have technical access to the system for maintenance and support purposes, subject to confidentiality obligations

We do not sell, rent, or share your personal data with any third party for commercial purposes.

We may disclose your data to third parties only where required by law or where you have given explicit consent.

7. Data Retention

We retain your personal data for as long as your membership with TKHCI is active. If your membership lapses or is terminated:

Your membership record is retained for a period of 7 years after the date of last activity, in accordance with standard record-keeping practice
Attendance and participation records are retained for the same period
After the retention period, your personal data will be securely deleted or anonymised

You may request earlier deletion of your data subject to the conditions in Section 8 below.

8. Your Rights

Under the Data Protection Act, 2012 (Act 843), you have the following rights regarding your personal data:

Right of access — you may request a copy of the personal data we hold about you
Right of rectification — you may request correction of inaccurate or incomplete data
Right to object — you may object to the processing of your data for certain purposes
Right to erasure — you may request deletion of your data, subject to our legal retention obligations
Right to withdraw consent — you may withdraw your consent at any time; this will not affect the lawfulness of processing carried out before withdrawal

Members resident in the EEA have the following additional rights under GDPR:

Right to data portability — you may request your personal data in a structured, commonly used, machine-readable format
Right to restriction of processing — you may request that we limit how we use your data in certain circumstances

To exercise any of these rights, please contact us at info@keepershousechapel.com with the subject line "Data Subject Request". We will respond within 7 days of receiving your request (EEA residents: within 30 days as required by GDPR Article 12).

9. Data Security

We have taken appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include:

Role-based access controls — staff can only access data relevant to their role and branch
Encrypted data transmission (HTTPS) for all online interactions
Regular automated database backups stored securely
Audit logging of all data access and modification activities

In the event of a data breach that poses a risk to your rights, we will notify the affected individuals and the Data Protection Commission of Ghana as required by law.

10. Cookies and Online Services

Our online registration form and church website use session cookies strictly necessary for the operation of the form (e.g. preventing duplicate submissions, maintaining form state). We do not use tracking or advertising cookies.

11. Children's Data

Where a member is under the age of 18, we require that the registration form be completed with the knowledge and approval of a parent or legal guardian. By submitting registration data for a minor, the parent or guardian confirms they have authority to consent on the minor's behalf.

12. Changes to This Policy

We may update this Policy from time to time to reflect changes in our data practices or applicable law. The current version will always be available on our website. Where changes are material, we will notify members through our usual communication channels.

13. Complaints

If you believe we have not handled your personal data appropriately, you have the right to lodge a complaint with the Data Protection Commission of Ghana:

Data Protection Commission
P.O. Box CT 4159, Accra, Ghana
Website: www.dataprotection.org.gh

If you are resident in the EEA, you also have the right to lodge a complaint with the supervisory authority in your country of residence. For example, members resident in Finland may contact:

Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto)
Helsinki, Finland
Website: tietosuoja.fi/en

14. Notice for EEA / EU Residents (GDPR)

This section applies specifically to members and visitors who are resident in the European Economic Area (EEA), including Finland.

Although TKHCI is headquartered in Ghana, we process personal data of EEA residents in connection with our church membership services. Under Article 3(2) of the GDPR, this means GDPR applies to our processing of your data.

Primary legal basis: We rely on Article 9(2)(d) GDPR — the religious organisation exemption — as our primary basis for processing church membership data. This provision permits a not-for-profit religious body to process personal data relating solely to its own members in the course of its legitimate activities, without requiring separate explicit consent, provided the data is not disclosed outside the organisation without your consent.

International transfers: Your personal data is stored on servers hosted in the European Union. Data may be accessed by TKHCI headquarters staff in Ghana for oversight and reporting purposes. Such access is governed by this Policy and is restricted to authorised personnel only. Ghana is not currently recognised by the European Commission as providing an adequate level of data protection; however, we implement appropriate safeguards through internal data handling policies and access controls.

Your GDPR rights are set out in Section 8 above. To exercise any right, or to raise a concern, contact us at info@keepershousechapel.com with subject line "GDPR Request". We will respond within 30 days.