Oxygen Life Church: Privacy Policy, Personal Information, Access to and Use of Information

1. 1.1 Purpose

This Privacy Policy outlines how Oxygen Life Church (“OLC”, “we”, “us” or “the Church”) collects, uses, stores, discloses, and protects personal information in accordance with the Promotion of Access to Information Act 2 of 2000 (“PAIA”) and the Protection of Personal Information Act, 4 of 2013 (“POPIA”) and the Electronic Communications and Transactions Act 25 of 2002 (“ECTA”). This Policy further explains the rights of data subjects and the responsibilities of the Church when processing personal information.

 

1.2 Scope of Application

This Policy applies to all personal information processed by OLC in the course of its religious, ministry, administrative, and community activities, including but not limited to information relating to:

• Church members, attendees, and visitors;
• Parents or legal guardians and children participating in youth and children’s ministries;
• Users of the Church’s websites, digital platforms, and applications;
• Service providers, volunteers, and associated ministries (e.g. Four12, Altitude, Ready Aim Fire, SEED, Isithembiso Babies Home, and others)

 

1.3 Lawful Basis for Processing Personal Information & Legal Compliance

OLC processes personal information lawfully and in a reasonable manner in terms of Section 11 of POPIA. Processing is based on one or more of the following lawful grounds:

• The data subject has given voluntary, specific, and informed consent;
• Processing is necessary to carry out the legitimate interests, religious mission, and lawful activities of the Church;
• Processing is required to comply with a legal obligation;
• Processing is necessary for the performance of ministry-related, pastoral, or administrative functions.

In processing personal information, the Church endeavours to collect only information that is adequate, relevant, and not excessive for the stated purposes.

 

1.4 Information We Collect

OLC may collect and process the following categories of personal information, where relevant and necessary:

• Name and surname (including those of children or dependants);
• Contact details such as telephone numbers and email addresses;
• Identity number and date of birth (where required);
• Physical and postal addresses;
• Congregation, ministry, or community group affiliation;
• Dates such as birthdays, weddings, and anniversaries;
• Technical data including IP addresses and browser information;
• Photographic, video, and audio recordings;
• Information submitted via email, registration forms, visitor cards, feedback forms, youth ministry forms, or event registrations. 

 

1.5 Use of Personal Information

Personal information is processed for purposes that include, but are not limited to:

• Communication regarding Church services, events, ministries, and announcements;
• Internal Church administration and operational management;
• Pastoral care, safety, and safeguarding of congregants and children;
• Event planning, registrations, accommodation, and logistical arrangements;
• Compliance with legal, regulatory, and governance requirements.

1.6 Disclosure of Personal Information

Personal information may be shared with:

• Internal Church leadership, staff, volunteers, and ministry teams on a need-to-know basis;
• Associated ministries and partner organisations (e.g. Four12, Altitude, Ready Aim Fire, SEED, Isithembiso Babies Home, and others)
• Third-party service providers (including IT service providers, payment processors, event service providers, and accommodation hosts);
• Digital and communication platforms used by the Church (including WhatsApp, Planning Center, email, the Four12 App)

All third-party disclosures are governed by POPIA-compliant agreements or safeguards.

1.7 Children’s Personal Information

The Church recognises that the personal information of children is afforded special protection under POPIA.

• Personal information relating to minors is processed only with the consent of a parent or legal guardian, except where permitted by law;
• Such information is limited to what is strictly necessary for ministry, safety, and pastoral purposes;
• Appropriate technical and organisational safeguards are applied to protect children’s personal information from unauthorised access, loss, or misuse.

1.8 Consent and Withdrawal of Consent

By providing personal information to OLC, including information relating to dependants or children, the data subject consents to:

• The lawful collection, storage, and processing of such information by the Church;
• Receiving communications via SMS, WhatsApp, email, and other communication platforms;
• Internal administrative use and limited external sharing where necessary for Church operations;
• The publication of birthdays and anniversaries (day and month only) in Church announcements.

Consent may be withdrawn at any time by written notice. Withdrawal of consent will apply prospectively and will not affect processing already lawfully undertaken.

1.9 Data Retention

Personal information is retained only for as long as reasonably necessary to fulfil the purposes for which it was collected, unless a longer retention period is required or permitted by law. Once no longer required, information is securely deleted or anonymised.

1.10 Security Safeguards

OLC has implemented appropriate technical and organisational measures to safeguard personal information, including measures to:

• Prevent unauthorised access, loss, damage, or misuse of information;
• Identify and mitigate risks related to data breaches;
• Notify affected data subjects and the Information Regulator in the event of a data breach where required by law.

1.11 Cross-Border Transfers

Where personal information is transferred outside the Republic of South Africa (for example, for cloud-based email, database hosting, or digital services), such transfers occur only where:

• The recipient is subject to laws or agreements that provide an adequate level of protection; or
• Appropriate contractual safeguards are in place; or
• The data subject has provided explicit consent for the transfer, in accordance with Section 72 of POPIA.

1.12 Data Subject Rights

In accordance with POPIA, data subjects have the right to:

• Request access to their personal information held by the Church;
• Request correction, updating, or deletion of personal information;
• Object to the processing of personal information on reasonable grounds;
• Withdraw consent to processing, subject to legal limitations;
• Lodge a complaint with the Information Regulator.

The Church may require reasonable proof of identity before processing any access, correction, or deletion request. All requests must be submitted in writing.

1.13 Information Officer

Oxygen Life Church has appointed an Information Officer in accordance with POPIA. All privacy-related requests, objections, or enquiries should be directed to:

Email: privacy@oxygenlife.co.za

This Policy should be read together with the Church’s Promotion of Access to Information Act (PAIA) Manual, which is available upon request.

1.14 Media Consent

By attending Church services or events, data subjects (and parents or guardians of minors) acknowledge and consent to the capturing of photographs, audio recordings, and video recordings (“Media Content”) by the Church or its associated ministries for ministry, communication, and promotional purposes.

• Media Content may be edited or distributed across Church communication platforms;
• Consent for media use may be withdrawn in writing, subject to the limitation that previously published material may continue to be used where removal is not reasonably practicable;
• Parents or guardians may object to the use of media involving minors by written notice.

1.15 Cookies and Website Use

The Church’s website uses cookies necessary for functionality and analytics. Non-essential analytics cookies may be disabled via browser settings. IP addresses and browser information may be collected for security, statistical, and performance monitoring purposes.

1.16 Legal Disclosure

Personal information may be disclosed where required by law, court order, or where necessary to protect the rights, safety, or legitimate interests of the Church or others.

1.17 Automated Decision-Making

The Church does not use automated decision-making processes that produce legal or significant effects on data subjects.

1.18 Complaints and Information Regulator

Data subjects who believe their personal information has been processed unlawfully may lodge a complaint with the Information Regulator:

Information Regulator (South Africa)
PO Box 31533, Braamfontein, Johannesburg, 2017
Email: inforeg@justice.gov.za
Telephone: 010 023 5200 

1.19 Choice of Law

This Policy is governed by the laws of the Republic of South Africa. Any disputes arising from this Policy are subject to the jurisdiction of the High Court of South Africa.

1.20 Review of This Policy

This Privacy Policy is reviewed annually and updated as required to ensure ongoing compliance with applicable laws and best practice.