TCNLekki Logo

Data Privacy and Protection Policy

Last updated: 03 July 2025

1. Introduction

The Covenant Nation (TCN) Lekki Temple ("we", "our", "us", "TCN Lekki" or the "Church") is committed to protecting your personal information and your privacy. To that extent, this Data Privacy and Protection Policy (the "Policy") outlines our commitment to safeguarding personal data and explains how we collect, use, process, store, and protect personal data in compliance with the Nigerian Data Protection Act (NDPA) 2023 and the General Application and Implementation Directive (GAID) 2025, and other Nigerian laws and regulations which may from time to time become applicable in Nigeria.

Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access our website or use any of our services.

2. Scope

This Policy applies to:

2.1. All personal data collected, processed, and stored by TCN Lekki, regardless of the format (digital or physical) or the method of collection.

2.2. All TCN Lekki staff, volunteers, contractors, and any third parties who process personal data on behalf of the Church.

2.3. All activities of TCN Lekki, including but not limited to worship services, ministries, events, administrative functions, and outreach programs.

3. Data Protection Principles

TCN Lekki adheres to the following fundamental data protection principles as enshrined in the NDPA:

3.1. Lawfulness, Fairness, and Transparency: Personal data shall be processed lawfully, fairly, and in a transparent manner in relation to the data subject.

3.2. Purpose Limitation: Personal data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

3.3. Data Minimisation: Personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

3.4. Accuracy: Personal data shall be accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.

3.5. Storage Limitation: Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

3.6. Integrity and Confidentiality (Security): Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.

3.7. Accountability: The Church shall be responsible for, and be able to demonstrate compliance with, the data protection principles.

4. Information We Collect

We may hold data about you if you are a present or a former member, a visitor or subscriber to any of our newsletters or other information platforms.

We may collect information about you in a variety of ways, including:

4.1. Personal Data

Your personal data is any information which identifies you, or which can be identified as relating to you personally. When you register for membership, volunteer, donate, or otherwise interact with our website or any other application or platform of the Church, we may collect personal information depending on the nature of your interaction with Us. This may include:

  • Identity Data: Name, date of birth, gender, marital status.
  • Contact Data: Address, email address, phone numbers.
  • Demographic Data: Occupation, educational background (for specific ministry purposes).
  • Financial Data: Bank details for donations (where provided directly for recurring giving), payment history for events, or other payment information (processed securely through third-party payment processors).
  • Religious Data (Sensitive Personal Data): Membership status, baptism records, spiritual journey details, prayer requests.
  • Health Data (Sensitive Personal Data): Medical conditions (e.g., for children's ministry, special needs support, mission trips, or vital interest situations).
  • Children's Data: Name, age, parental contact details (for Sunday School, youth activities, with explicit parental/guardian consent).
  • Visual Data: Photographs and videos taken at Church events (with notice and opt-out options).
  • Technical Data: IP address, browser type (for website usage analytics).
  • Volunteer Data: Skills, availability, background checks (where legally required and with consent).

4.2. Automatically Collected Information

When you access our website, we may automatically collect certain information about your device, including:

  • IP address
  • Browser type and version
  • Pages you visit
  • Time and date of your visit
  • Time spent on pages
  • Other diagnostic data

4.3. Cookies and Other Technical Information

Generally, websites are designed to collect certain information from a visitor. Our website is also designed to collect your IP address and other information that your web browser typically shares with the websites that you visit. The purpose of this is to know you better and to automatically and dynamically engage with you through your actions on our website. We have taken measures to ensure that all methods adopted by us to engage automatically with you do not violate your privacy rights under the NDP Act. In the case of cookies, we ensure that they have security protocols and are not vulnerable to abuses by anyone.

You may choose to browse on our platform without cookies, but without these, you will not be able to take advantage of certain unique features of our Platform.

5. Basis for Collection and Processing Data

TCN Lekki processes personal data in accordance with the principles and provisions of the NDPA 2023 and the GAID 2025. Our lawful bases for processing personal data include:

5.1. Consent: where members or individuals have given clear consent for us to process their personal data for a specific purpose (e.g., for membership directories, event registration, etc.).

5.2. Legitimate Interests: where processing is necessary for our legitimate interests as a religious organization, PROVIDED THAT these interests do not override your fundamental rights and freedoms as the data subject (e.g., maintaining membership records, communicating about Church activities, pastoral care).

5.3. Legal Obligation: where processing is necessary for compliance with a legal obligation to which the Church is subject (e.g., tax reporting for donations, safeguarding requirements).

5.4. Vital Interests: where processing is necessary to protect the vital interests of the data subject or another natural person (e.g., in medical emergencies).

5.5. Public Interest: where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Church.

We will only collect the personal data that we need. We will only process your personal information when we believe it is necessary to do so, and we have a valid legal reason as set out above. We will not process your personal information unlawfully.

6. How We Use Your Information

We may use the information we collect for various purposes, including to:

  • Create and manage your account
  • Process membership registrations
  • Collect and process donations
  • Provide and maintain our services
  • Notify you about changes to our services
  • Allow you to participate in interactive features of our website
  • Provide customer support including responding to enquiry by post, telephone, email, mobile phone or any other means made available by the organisation.
  • Gather analysis or valuable information to improve our services
  • Monitor the usage of our services
  • Detect, prevent, and address technical issues
  • Send you emails, newsletters, and other communications about church events and activities.

7. Disclosure of Your Information

We may share your information in the following situations:

  • With service providers who perform services for us
  • With our affiliates in furtherance of the activities described in this policy, in which case we will require such affiliates to honor this policy.
  • To comply with legal obligations
  • To protect and defend our rights or property
  • To prevent or investigate possible wrongdoing in connection with our services
  • To protect the personal safety of users of our services or the public
  • With your consent or at your direction

We do not sell, rent, or trade your personal information with third parties for their commercial purposes.

8. Third-Party Data Sharing

TCN Lekki may engage third-party service providers (e.g., software providers for membership management, payment processors, event management platforms) who process personal data on our behalf. When sharing data with third parties:

  • We will ensure that such third parties are reputable and capable of providing adequate data protection.
  • We will enter into written contracts that include the obligation to process personal data only according to our instructions and in compliance with NDPA.
  • We will only share the minimum necessary data required for the specific service.

9. International Data Transfers

TCN Lekki aims to process personal data within Nigeria. However, should it become necessary to transfer personal data outside Nigeria such as within the TCN Global network of churches, we will ensure that such transfers comply with the NDPA, which requires us to check the following:

  • That the recipient country has an adequate level of data protection as determined by the Nigerian Data Protection Commission (NDPC).
  • That appropriate safeguards are in place, such as standard contractual clauses approved by NDPC, or explicit consent from the data subject after being informed of the risks.
  • The transfer is necessary for a specific legal reason or in the vital interest of the data subject.

10. Data Security

10.1. We use administrative, technical, and physical security measures to protect your personal information against unauthorized or unlawful processing and against accidental loss, destruction, or damage. These measures include:

  • Access Controls: Restricting access to personal data only to authorized personnel who have a legitimate need to access it.
  • Physical Security: Securing physical records and devices that store personal data.
  • Technical Safeguards: Implementing firewalls, antivirus software, encryption (for sensitive data in transit and at rest), and secure network configurations.
  • Regular Backups: Performing regular backups of digital data to prevent loss.
  • Incident Response Plan: Having a clear plan for detecting, responding to, and recovering from data breaches.

10.2. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are 100% perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse.

11. Your Data Protection Rights

You have the following data protection rights:

  • The right to access, update, or delete the information we have on you.
  • The right of rectification - the right to have your information corrected if it is inaccurate or incomplete.
  • The right to object to our processing of your personal data.
  • The right of restriction - the right to request that we restrict the processing of your personal information.
  • The right to data portability - the right to receive a copy of your personal data in a structured, machine-readable format.
  • The right to withdraw consent at any time where we relied on your consent to process your personal information.

12. Data Retention

12.1. TCN Lekki will only retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law or regulatory obligations. Our data retention principles are as follows:

  • Purpose-Driven: Data is retained only for the duration required to achieve the specific purpose for which it was collected (e.g., membership management, event participation, financial records).
  • Legal Compliance: We adhere to statutory retention periods mandated by Nigerian law (e.g., tax records, safeguarding documentation). For instance, financial transaction records, including donor details, will be retained for a minimum of 6 years in line with Nigerian tax laws and any other period as may be determined by law from time to time.
  • Regular Review: Retention schedules are reviewed periodically to ensure they remain appropriate and compliant.

12.2. We will keep the personal data for a period which enables us to handle or respond to any complaints, queries or concerns relating to our relationship with you.

12.3. Your data may also be retained so that we can continue to improve your experience with us. We retain the identifiable data we collect directly for targeting purposes for as little time as possible, after which we employ measures to permanently delete it.

12.4. We will actively review the personal data we hold and delete it securely, or in some cases anonymise it, when there is no longer a legal, business or user need for it to be retained. Upon expiry of the retention period, personal data will be securely disposed of or anonymized to prevent identification.

12.5. You may also notify us whenever you no longer wish to hear from us and will keep minimum information upon receipt of such notice to ensure that no future contact is made by us.

12.6. TCN Lekki will maintain internal guidelines and general retention periods for various types of data including membership records, donation records or financial data, event registration data, volunteer records, website or technical logs, or safeguarding records.

13. Keeping your Personal Data Updated and Correct

Where required by law, we will take reasonable steps to ensure that your personal data held in our records is accurate, complete, not misleading, and up to date. You must let us know if any information we have about you is incorrect, incomplete, misleading or out of date, by notifying us at the contact details set out below.

14. Privacy for Minors

14.1. Our services are not intended for use by minors or children under the age of 18 years. We do not intentionally collect personal information about minors or other persons without full civil or contractual capacity and we will not process your personal data of a minor unless we have a lawful basis to so do.

14.2. By using or accessing any of our platforms, you certify that you have the involvement of a parent or guardian or otherwise, that you are a person over 18 years old with full capacity and ability to form a legally binding contract in the jurisdiction in which you are resident or in which you are using or accessing our platform.

14.3. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we can take necessary action.

15. Privacy by Design and Default

TCN Lekki will endeavour to embed privacy considerations into all aspects of its operations, systems, and processes from the outset.

15.1. Our preference is to promote Privacy by Design in the following manner:

  • Implement proactive privacy measures: We will implement privacy measures before data processing activities begin, rather than as an afterthought.
  • Implement privacy by default: The strictest privacy settings are the default for all new systems and services, ensuring that personal data is protected automatically.
  • Embedded privacy: Privacy is an integral component of our systems and practices, not an add-on.
  • Full functionality: We will ensure that privacy measures do not compromise the functionality of our services.
  • End-to-End security: We will apply robust security measures throughout the entire data lifecycle.
  • Visibility and transparency: Our data practices are transparent to data subjects and oversight bodies.
  • Respect for user privacy: we prioritize the interests of our users and will empower them with control over their data.

15.2. Privacy by Default

In the event that a new service or system is introduced by TCN Lekki, the default settings will be those that offer the highest level of privacy protection for you, our data subjects without requiring any action from you.

Only necessary personal data will be collected, processed, and retained by default for the specific purpose.

16. Changes to this Privacy Policy

16.1. This Policy will be reviewed annually, or more frequently if there are significant changes in data protection laws, Church operations, or technological advancements. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top of this Privacy Policy.

16.2. By continuing to access and use any of TCN's website, applications or other platforms, you acknowledge and agree to the changes to this privacy policy.

16.3. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on TCN Lekki's website or other public platform or application.

17. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Email: lekkichapeltcn@gmail.com

Phone: +234 706 124 4346

Address: The Covenant Temple, Aare Bashir Fakorede Rd, behind Enyo Filling station Chisco Busstop, Lekki Penninsula II, Lekki 106104, Lagos

Return to Registration