Data Protection

Tyndale Theological Seminary Data Protection Overview

This page provides an overview of data protection. Your privacy is important to us.

European Union Law Regarding Data Protection (General Data Protection Regulation - GDPR)

Effective May 2018, the EU has a new law which increases regulations for Personal Data. The law sets standards for the use and handling (“processing”) of information (“Personal Data”). The law applies to organizations (“data controllers”), both public and private. It applies to paper records as well as electronic records. It is not applicable to anonymous information or to information about someone who is deceased. Under the law, Tyndale would be considered a Data Controller, and in some instances, a Data Processor.

Principles of the EU Date Protection Law
As a Data Controller, Tyndale processes Personal Data. The law establishes six main data protection principles to protect Personal Data. Personal Data must be:
1. Processed fairly, lawfully and transparently
2. Processed only for specified, explicit and legitimate purposes
3. Adequate, relevant and limited
4. Accurate (and rectified if inaccurate)
5. Not kept for longer than necessary
6. Processed securely – to preserve confidentiality, integrity and availability of the Personal Data

Depending on the context, there are full or partial exemptions from these principles when processing Personal Data for specific purposes, including academic research.

Tyndale Theological Seminary Privacy Notices
An important area of compliance with the EU Data Protection Law is the principle of “transparency.” Tyndale seeks to be transparent with individuals about how their Personal Data will be used. Consistent with the Law, the Seminary has created basic “Privacy Notices” which allow each individual to know the types of data gathered about him/her and how that data will be used. These notices are posted on the website. Our Privacy Notices advise you on the way we maintain your data. For example, Tyndale may maintain a student’s Personal Data in three stages:

Data Protection for Students (Pre-Applicants/Applicants)

Data Protection for Students

Data Protection for Alumni

For staff and volunteers there may be various stages including:

Data Protection for Prospective Employees / Volunteers

Data Protection for Current Employees / Volunteers / Board Members

Data Protection for Former Employees / Volunteers / Board Members

There is an additional privacy notice which advises our Supporters.

Data Protection for Supporters

Your Rights Under the EU Data Protection Law
Under the law, an individual is considered a Data Subject. Data Subjects are given certain rights:
• The right to be informed of how their Personal Data is being used. This right is usually fulfilled by providing an individual with the relevant “Privacy Notice”
• The right of access to their Personal Data – usually obtained through a “Data Subject Access Request Form”
• The right to have any inaccurate Personal Data corrected
• The right to have their Personal Data erased where appropriate
• The right to restrict the processing of their Personal Data pending its verification or correction
• The right to receive copies of their Personal Data in a commonly used format
• The right to object to the processing of their Personal Data for direct marketing and for research purposes where that research is not in the public interest (Tyndale does not offer its Personal Data for marketing purposes.)
• The right not to be subject to a decision based solely on automated decision-making using their Personal Data. (Tyndale does not make decisions based on an automated decision-making process.)
Within the legislation, nearly all of these rights are limited in various ways and there are numerous specific exemptions (for example, nearly all of the rights do not apply if the Personal Data is being processed solely in an academic or historical research context).

Data Breaches
One important obligation under the Law concerns Personal Data breaches – that is a case where Personal Data held by the Seminary is lost, stolen, inadvertently disclosed to an external party or accidentally published. If you believe a Personal Data breach has occurred, this should be reported immediately to the Management Team. Immediate efforts will be made to assess whether a breach has occurred, the impact of the breach if it has occurred and steps to contain it. On occasion, we may need to report breaches to relevant external authorities.

Data Protection Policy
Tyndale Theological Seminary’s Data Protection Policy can be found on the website.

Data Protection Awareness and the Tyndale Community
More detailed guidance for Seminary students and staff on Data Protection is available:
• In a summary format as Data Protection: a Quick Guide for Seminary Staff
• In the Student Community Life Handbook
• In the Faculty Handbook