Privacy Notice (Updated 2018-09-01)
In this Notice, we, The Church of Jesus Christ of Latter-day Saints and its entities, provide you with information about how we process your personal data. When referring to "us" or "we" or "our" we mean the Church and Church entities.
1. Who controls your personal data?
The Church of Jesus Christ of Latter-day Saints acts through its representatives and Church entities when we process your personal data. When you share personal data with us, you are sharing it with the Church through Church entities.
a. The Church: The Church of Jesus Christ of Latter-day Saints (the "Church") is a community of people who believe the same religious doctrine, practice the same religious rites and ordinances, and are governed by ecclesiastical principles. Local units of the Church, such as wards, branches, stakes, districts, missions, and areas, are merely subdivisions of this community of believers and are not separate legal entities; limited exceptions apply.
b. Church entities: To satisfy temporal affairs needs and fulfill other purposes of the Church, a legal structure composed of various distinct legal entities assists the Church throughout the world. These distinct legal entities (herein "Church entities") are legally separate from the Church. The Corporation of the Presiding Bishop of The Church of Jesus Christ of Latter-day Saints ("CPB"), together with one or more other Church entities, processes your personal data as responsible joint data controllers. Some Church entities may receive personal data as data processors to provide services to those Church entities that act as data controllers. At your request, we will provide you with information as to which Church entities that process your personal data.
2. What personal data do we collect?
We collect personal data that (a) you actively submit to us, (b) we record, and (c) we obtain from third parties. We may process your personal data with or without automatic means, including collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of your personal data.
a. Actively submitted data. You submit personal data to us when you join the Church, seek Church ordinances, request Church materials, request access to Church tools or services, or engage in other interactions or communications with the Church. When you interact with the Church, we generally process name, birth date, birthplace, telephone number, email address, physical address, photo, gender, donation/payment information, and so on. You may provide us with additional information to participate at your own initiative in surveys, contests, or other activities or events. Participation in surveys, contests, and similar activities is optional. If you do not wish to participate in, or provide personal data in connection with, such activities, this will not affect your membership status or ability to use available Church tools or services. In each such case you will know what personal data you provide to us because you actively and voluntarily submit the data.
b. Data we obtain from third parties and passively submitted data. When local law permits, you may submit personal data, including contact information about someone other than yourself (in other words, a third party) to allow us to make contact with that person, make a delivery, or otherwise meet your request. When providing personal data about anyone other than yourself, you must first obtain the other person’s informed consent if his or her consent is legally required.
If you or someone else has provided us with your personal contact information and you would like to request that we do not contact you further, please follow the unsubscribe or opt-out procedures provided on the specific site, newsletter, email notification, or please contact us at DataPrivacyOfficer@ChurchofJesusChrist.org.
We may process and make publicly available personal data obtained from published sources. We may process and publish living information in compliance with applicable local laws.
Your location-based information may be collected by some mobile applications for the purpose of helping you find the nearest temple or meetinghouse location or for a similar reason. You can edit the settings on your device to opt out of location-based services.
3. For what purposes do we process personal data?
We process personal data for ecclesiastical, genealogy, humanitarian, social welfare, missionary, teaching, and other operational and administrative purposes.
We use personal data to provide ecclesiastical and other related services to fulfill the mission of the Church. We may use personal data to (a) contact you or others, (b) create and maintain membership records, (c) fulfill requests you make, (d) seek your voluntary feedback, (e) customize features or content on our tools or services, (f) evaluate eligibility to participate in temple and other ordinances, missionary service, volunteer or leadership positions, or (g) administer Church religious education, welfare, or other Church programs. In this context, the legal basis for our processing of your personal data is either the necessity to perform contractual and other obligations that we have towards you or carrying out of our legitimate activities as a church.
We may also use your data to comply with applicable laws and exercise legal rights as the basis for our data processing.
We may also use your personal data for internal purposes, including auditing, data analysis, system troubleshooting, and research. In these cases, we base our processing on legitimate interests in performing the activities of the Church.
4. With whom do we share personal data?
We share your personal data with other parties in the following circumstances:
a. Third-party providers. We may provide personal data to third parties for their processing in performing functions on our behalf as data processors (for example, payment processing, maintenance, security, data analysis, hosting, measurement services, data-driven social media messaging, surveys, and so on). In such instances, in accordance with this Notice and applicable laws, the providers will be contractually required to protect personal data from additional processing (including for marketing purposes) and from transfer.
b. Church entities. We may transfer personal data to any Church entity to accomplish Church purposes.
If you are a member of the Church, your general membership information and any optional information you may choose to provide (for example, email address and photo) may be shared with Church members in your ward or branch and stake or district as necessary for the Church purposes listed above. Some of your information may also be viewable on a limited and restricted basis on our internet resources, including ChurchofJesusChrist.org. You may opt out of sharing information or limit the optional information you share by modifying your profile preferences on individual resources.
c. Legal requirements. We may access and disclose your personal data, posts, journal entries, online chats, personal notes, content, or other submissions to any resource if we have a good-faith belief that doing so is required by a subpoena, by a judicial or administrative order, or is otherwise required by law. Additionally, we may disclose your personal information and other information: as required by law or to exercise or defend legal rights; to take precautions against liability; to protect the rights, property, or safety of the resource of any individual or of the general public; to maintain and protect the security and integrity of our services or infrastructure; to protect ourselves and our services from fraudulent, abusive, or unlawful uses; to investigate and defend ourselves against third-party claims or allegations; or to assist government law enforcement agencies.
5. Where do we store personal data?
We may store your personal data in data centers in the United States, in cloud storage solutions, or on the premises of Church entities. To ensure the adequacy of protection of data that we transfer to other jurisdictions, we have concluded data transfer and processing agreements between the respective Church entities and their service providers, which agreements include Standard Contractual Clauses approved by the European Commission in compliance with EU law (which you may be entitled to review if you contact us as suggested at the end of this Notice).
6. How do we secure personal data?
We use technical and organizational measures to protect the personal data we receive against loss, misuse, and unauthorized alteration and to protect its confidentiality. We regularly review our security procedures and consider appropriate new security technology and methods. We also use current encryption technology to encrypt the transmission of data on our log-in pages. However, because we cannot guarantee the complete security of these encryption technologies, please use caution when submitting personal data online.
7. How long do we retain personal data?
We retain collected personal data, including information collected via mobile applications and other submissions, for a reasonable period of time to fulfill the processing purposes mentioned above. We then archive it for time periods required or necessitated by law or legal considerations. When archival is no longer required, we delete personal data from our records, with the exception of limited historical profile information, general genealogy records, and personal information retained as part of a permanent genealogical, membership, or Church historical record.
8. How can you access and correct your personal data?
We endeavor to maintain the accuracy of personal data and rely on you to ensure your personal data is complete and accurate. You may request access to your personal data and verify, correct, or rectify (including update) it, and block your personal data through your website-specific registration, through your profile, or through your Church Account, as applicable.
If you are a Church member, some of your personal data may be updated only by making changes to your Church membership record. Such changes must be made by contacting the clerk in your Church unit and requesting the change.
You may contact us to exercise additional statutory rights such as data portability, objection in accordance with applicable laws, restriction of processing, and erasure of your personal data. You also have the right to lodge a complaint with a supervisory authority.
If you experience problems with modifying or updating your personal data, you can contact us as suggested at the end of this Notice.
9. Effective date and amendments.
This Notice is effective September 1, 2018 and may be amended from time to time.
10. Contact us.
We have a global chief data protection officer who can answer questions about data privacy or security issues. Inquiries concerning this Notice or the security of personal data that we process may be sent through email, fax, or mail:
Address: Data Privacy Office
50 E. North Temple Street
Salt Lake City, UT 84150-0005