GDPR Privacy Notice

 

 

 

BENEFICE OF STOW, CONDICOTE AND THE SWELLS

DATA PRIVACY NOTICE

 

 

From the Rector, The Revd Martin Short

 

The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”). As the incumbent STOW, CONDICOTE AND THE SWELLS the PCC’s of those parishes have delegated to me their powers and functions as data controllers. This means I have responsibility for how your personal data is processed and for what purposes. I comply with the obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

 

 

I may use your personal data for some or all of the following purposes: -

 

  • To enable the PCCs to meet all legal and statutory obligations (which include maintaining and publishing their electoral rolls in accordance with the Church Representation Rules);
  • To carry out comprehensive safeguarding procedures (including due diligence and complaints handling) in accordance with best safeguarding practice from time to time with the aim of ensuring that all children and adults-at-risk are provided with safe environments;
  • To minister to you and provide you with pastoral and spiritual care (such as visiting you when you are gravely ill or bereaved) and to organise and perform ecclesiastical services for you, such as baptisms, confirmations, weddings and funerals.
  • To provide a church body voluntary service for the benefit of the public in a particular geographical area.
  • To administer membership records;
  • To fundraise and promote the interests of the charity;
  • To manage employees and volunteers;
  • To maintain accounts and records (including the processing of gift aid applications);
  • To inform you of news, events, activities and services happening in the Benefice
  • To process any donation that you have made (including Gift Aid information);
  • To seek your views or comments;
  • To notify you of changes to our services, events and role holders;
  • To send you communications which you have requested and that may be of interest to you.These may include information about campaigns, appeals and other fundraising activities;

 

  • To process a grant or application for a role;
  • Using CCTV systems for the prevention and prosecution of crime.

 

 

I may collect personal data in some or all of the following ways:-

 

  • Names, titles, and aliases, photographs;
  • Contact details such as telephone numbers, addresses, and email addresses;
  • Where you make donations or pay for activities such as use of a church hall/other premises financial identifiers such as bank account numbers, payment card numbers, payment/transaction identifiers, policy numbers, and claim numbers.

 

The data we process is likely to constitute sensitive personal data because, as a church, the fact that we process your data at all may be suggestive of your religious beliefs. 

 

 

The legal basis on which I act

 

  • Most of the data for which I am controller is processed because it is necessary for the legitimate interests of the church or the legitimate interests of a third party (such as another organisation in the Church of England). An example of this would be safeguarding work in order to protect children and adults at risk. I will always take into account your interests, rights and freedoms.
  • Some processing is necessary for compliance with a legal obligation.For example, I am required by the Church Representation Rules to administer and publish the electoral roll, and under Canon Law to announce forthcoming weddings by means of the publication of banns.
  • I will seek explicit consent to keep you informed about news, events, activities and services and keep you informed about local church and other diocesan events.
  • I may also process data if it is necessary for the performance of a contract with you, or to take steps to enter into a contract.An example of this would be processing your data in connection with the hire of church facilities.
  • Processing is necessary for carrying out legal obligations in relation to Gift Aid or under employment, social security or social protection law, HMRC and other statutory requirements.
  • Religious organisations are also permitted to process information about your religious beliefs to administer membership or contact details.
  • Where your information is used other than in accordance with one of these legal bases, I will first obtain your consent to that use.
  • If I wish to use your personal data for a new purpose, not covered by this Data Protection Privacy Notice, then I will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, I will seek your prior consent to the new processing.

 

 

Sharing your personal data


Your personal data will be treated as strictly confidential.  It will not be shared with third parties except where it is necessary for the performance of our tasks and only where you first give me your prior consent.

It will only be shared otherwise in respect of a legal/statutory obligation.  It is possible that I will seek permission to share your data, but only where necessary, with some or all of the following:

 

  • The appropriate bodies of the Church of England including the other data controllers.
  • Other clergy or lay persons nominated or licensed by the bishops of the diocese to support the mission of the Church in our parish.For example, clergy are supported by our area dean and archdeacon, who may provide confidential mentoring and pastoral support.Assistant or temporary ministers, including curates, deacons, licensed lay ministers, commissioned lay ministers or persons with Bishop’s Permissions may participate in the church’s mission in support of our regular clergy;
  • Other persons or organisations operating within the diocese as appropriate.
  • On occasion, with other diocesan clergy where we are carrying out joint events or activities
  • External statutory bodies (police, social care etc) where this is legally required.

 

 

Keeping your personal data

 

I keep data in accordance with the guidance set out in the guide “Keep or Bin: Care of Your Parish Records” which is available from the Church of England website.1

 

Specifically, we retain electoral roll data; gift aid declarations and associated paperwork for six years after the calendar year to which they relate; and parish registers (baptisms, marriages, funerals) permanently.

 

Your rights and your personal data 

 

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: -

  • The right to request a copy of your personal data which I hold about you;
  • The right to request that I correct any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for me to retain such data;
  • The right to withdraw your consent to the processing at any time
  • The right to request that I (the data controller) provide you, (the data subject) with your personal data and where possible, transmit that data directly to another data controller, (known as the right to data portability), (where applicable). [Only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means].
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;

 

 

 

 

  • The right to object to the processing of personal data, (where applicable)
    • This right only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics).
  • The right to lodge a complaint with the Information Commissioners Office.

 

 

Permissions and seeking consent

 

While there may be an expectation that people involved in the life of the diocese would expect to receive information from the PCC through email, post, etc; I am required through data regulations to ensure that I ask for your permission to do so in certain circumstances; and to ensure that it makes you aware of your rights in doing so.

 

Email and text

  • I will ask for your permission to contact you in this way.

 

Postal marketing;

  • From time to time I may send you information about the diocese and its work unless you have told us you would prefer not to receive this information by post.

 

Bulletins and newsletters

  • In the main I will require individuals to personally opt in and out of electronically sent information such as church newsletters.This ensures that individuals are able to manage the information they wish to receive.

 

 

Changes to this Privacy Notice

I will review this Privacy Notice regularly and may update it from time to time  - for example in the event of legal changes, to improve how I manage data, where an issue or concern has come to light that needs appropriate response.  If there are any significant changes in the way I process your personal information we will provide a prominent notice on our website or send you a notification.

 

 

Contact Details

To exercise all relevant rights, queries of complaints please in the first instance contact me at:

The Rectory

Sheep Street

Stow on the Wold

GL54 1 AA

 

01451 830607

martin@stowrectory.org.uk

 

 

You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.