GDPR and LGPD
GDPR (General Data Protection Regulation, European Union), LGPD (Lei Geral de Proteção de Dados, Brazil), and LFPDPPP (Mexico’s Federal Law for the Protection of Personal Data Held by Private Parties) are personal data protection frameworks with convergent principles. Ministrium operates under all three simultaneously because it serves churches in the USA, Latin America, and Europe.
Who is responsible for what
In GDPR / LGPD language:
- The church is the controller (controlador) of its congregation’s personal data. It decides what is collected, why, and for how long.
- Ministrium is the processor (operador). It processes personal data on behalf of the church, following its documented instructions in the DPA.
This distinction matters for legal responsibilities, communication with data protection authorities, and data subject request handling.
Lawful bases for processing
The church processes its congregation’s personal data under the following lawful bases (whichever it chooses based on its jurisdiction and case):
- Consent of the data subject when registering as a member or a visitor.
- Compliance with legal obligation for tax data associated with receipts.
- Legitimate interest for operational communications (service reminder, etc.).
- Performance of a contract for services contracted directly with the church.
Ministrium does not process personal data for its own purposes other than operating the service (we don’t train AI on your data, we don’t sell it, we don’t share it with third parties without instructions from the church).
Data subject rights
Ministrium operationally supports all rights recognized by GDPR, LGPD, and LFPDPPP:
| Right | How it’s exercised |
|---|---|
| Access | The member can view and download their full record from the member portal. |
| Rectification | The member can edit basic data directly; sensitive changes require church validation. |
| Erasure (“right to be forgotten”) | At the member’s request, the church executes deletion from CRM → Members → Delete data. |
| Portability | Export in CSV or JSON format from CRM → Members → Export my data. |
| Objection | The member can unsubscribe from communications from any email or from the portal. |
| Restriction of processing | The member can request flagging their record as “do not process for X purpose”; the church configures the restrictions. |
How Ministrium processes a deletion request
When the church executes a member’s deletion:
- Personal data is removed from the operational database.
- An aggregated anonymized record is kept for historical reports (for example, “March 15 attendance: 320 people”).
- Donations remain associated with an anonymous identifier, kept for 7 years per tax obligation.
- The action is logged in the audit trail without containing the deleted personal data.
The deletion is completed within 30 days in compliance with GDPR timelines.
International transfers
Ministrium operates infrastructure in the USA (Replit, Neon, SendGrid). When a European or Brazilian church uses the platform, there is international data transfer. Safeguards are:
- Standard Contractual Clauses (SCCs) of the European Commission attached to the DPA.
- Transfer impact assessment documented for churches in jurisdictions that require it.
- Encryption in transit (TLS 1.2+) and at rest (AES-256) at every hop.
For LGPD, equivalent mechanisms apply, documented in the contract.
Breach notification
If Ministrium detects a breach that could potentially affect personal data:
- Immediate containment and investigation.
- Notification to the controller church within 72 hours of confirmation, in compliance with GDPR’s deadline.
- Support to the church in its notification to the supervisory authority and, if applicable, to the affected data subjects.
Designated officers
- Ministrium’s Data Protection Officer (DPO): contact dpo@ministrium.com.
- European Union representative: designated under Art. 27 of GDPR; details included in the DPA upon signing.
- Brazil representative for LGPD: designated for churches with a Brazilian member base; likewise included in the DPA.
The church must designate its own DPO or data protection officer based on size and jurisdiction. This is the church’s obligation, not Ministrium’s.
Next steps
- DPA — the contract that documents the processing.
- HIPAA — for health data (USA).
- COPPA — for minors’ data (USA).
- Audit and logs — the immutable log that supports data subject rights.