Forget me - right to be forgotten

Where consent is used as a legal basis for processing data, the 'right to object to processing' doesn't apply (although an individual always has the right to object to processing for the purposes of direct marketing, whatever lawful basis applies); instead data subjects can invoke their 'right to be forgotten.

US churches

For US accounts only we hide the "Forget me" link from the email 'unsubscribe' form, 'my consent' form and the privacy page within My ChurchSuite. This is to comply with US law which constitutionally (first amendment) prohibits a right to be forgotten.

ChurchSuite includes a "Forget me" (right to be forgotten/right to erasure) option in My ChurchSuite on the Privacy page...

...and on the My Consent form...

...and on the Communication Options page linked through from the Unsubscribe link in the footer of certain emails sent from within ChurchSuite.

When a person selects "Forget me", a confirmation pop-up is displayed explaining what will happen if they proceed.

If the person proceeds and they are logged in to My ChurchSuite, they are immediately logged out and their My ChurchSuite access is disabled...

Additionally, all privacy and communication preferences are opted out, preventing any of their details being visible to others in My ChurchSuite and preventing them from receiving further email or SMS communications sent through ChurchSuite. Change logs are also added...

...a "Right to be Forgotten" key date is added...

...and a notification email is sent to the church's designated Data Protection contact (set in Administrator > Profile), alerting them that a person has invoked the right to be forgotten. 

The church can then follow their preferred pastoral and administrative workflows for removing personal data held on all their systems (not just from ChurchSuite), before confirming back to the data subject that the 'forget me' request has been actioned. 

Note:  The right to be forgotten will never auto-delete a person. Where consent is withdrawn and the right to be forgotten is withdrawn, you may still be able to rely on another lawful basis for processing, such as legitimate interest - for example, this may apply to things like membership lists such as the electoral roll - this will be determined by your privacy notice.

Finally, all Data Protection contact notifications, such as 'forget me' requests, are listed in the Recent Activity > Communication log visible in the Administrator > Profile area.

Note: You must upload a date protection statement in order for the 'Forget me" option to be shown. You'll add your data protection statement (privacy notice) in the Administrator > Profile section of your ChurchSuite account.

Still need help? Contact ChurchSuite Contact ChurchSuite