The Parochial Church Council (PCC) of St Andrew, Cromhall
DATA PRIVACY NOTICE
1. Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
2. Who are we?
The PCC of St Andrew’s Church, Cromhall is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
3. How do we process your personal data?
The PCC of St Andrew’s, Cromhall complies with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for some or all of the following purposes: -
· To enable us to meet all legal and statutory obligations (which include maintaining and publishing our electoral roll in accordance with the Church Representation Rules);
· To carry out comprehensive safeguarding procedures (including due diligence and complaints handling) in accordance with best safeguarding practice from time to time with the aim of ensuring that all children and adults-at-risk are provided with safe environments;
· To minister to you and provide you with pastoral and spiritual care (such as visiting you when you are gravely ill or bereaved) and to organise and perform ecclesiastical services for you, such as baptisms, confirmations, weddings and funerals.
· To enable us to provide a church body voluntary service for the benefit of the public in a particular geographical area.
· To administer membership records;
· To fundraise and promote the interests of the charity;
· To manage our employees and volunteers;
· To maintain our own accounts and records (including the processing of gift aid applications);
· To inform you of news, events, activities and services running at St Andrew’s;
· To process a donation that you have made (including Gift Aid information);
· To seek your views or comments;
· To notify you of changes to our services, events and role holders;
· To send you communications which you have requested and that may be of interest to you. These may include information about campaigns, appeals and other fundraising activities;
· To process a grant or application for a role;
· Using CCTV systems for the prevention and prosecution of crime.
· We collect personal data in some or all of the following ways;
· Names, titles, and aliases, photographs;
· Contact details such as telephone numbers, addresses, and email addresses;
· Where they are relevant to our mission, or where you provide them to us, we may process demographic information such as gender, age, date of birth, marital status, nationality, education/work histories, academic/professional qualifications, hobbies, family composition, and dependants;
· Where you make donations or pay for activities such as use of a church hall/other premises financial identifiers such as bank account numbers, payment card numbers, payment/transaction identifiers, policy numbers, and claim numbers.
The data we process is likely to constitute sensitive personal data because, as a church, the fact that we process your data at all may be suggestive of your religious beliefs. Where you provide this information, we may also process other categories of sensitive personal data: racial or ethnic origin. And, where this is relevant, mental and physical health, details of injuries, medication/treatment received, and criminal records, fines and other similar judicial records.
4. What is the legal basis for processing your personal data?
· Most of our data is processed because it is necessary for our legitimate interests, or the
legitimate interests of a third party (such as another organisation in the Church of England). An example of this would be our safeguarding work to protect children and adults at risk. We will always take into account your interests, rights and freedoms.
· Some of our processing is necessary for compliance with a legal obligation. For example, we are required by the Church Representation Rules to administer and publish the electoral roll, and under Canon Law to announce forthcoming weddings by means of the publication of banns.
· We will seek explicit consent to keep you informed about news, events, activities and services and keep you informed about local church and other diocesan events.
· We may also process data if it is necessary for the performance of a contract with you, or to take steps to enter into a contract. An example of this would be processing your data in connection with the hire of church facilities.
· Processing is necessary for carrying out legal obligations in relation to Gift Aid or under employment, social security or social protection law, HMRC and other statutory requirements.
· Where we have PCC employees we may process information in line with payroll and pension, HMRC, safer recruitment including DBS checks, and other statutory requirements.
· Religious organisations are also permitted to process information about your religious beliefs to administer membership or contact details.
· Where your information is used other than in accordance with one of these legal bases, we will first obtain your consent to that use.
5. Sharing your personal data
Your personal data will be treated as strictly confidential. It will only be shared with third parties where it is necessary for the performance of our tasks, where you first give me your prior consent, or in respect of a legal/statutory obligation. It is likely that I will need to share your data with some or all of the following (but only where necessary):
· The appropriate bodies of the Church of England including the other data controllers.
· Other clergy or lay persons nominated or licensed by the bishops of the diocese to support the mission of the Church in our parish. For example, our clergy are supported by our area dean and archdeacon, who may provide confidential mentoring and pastoral support. Assistant or temporary ministers, including curates, deacons, licensed lay ministers, commissioned lay ministers or persons with Bishop’s Permissions may participate in our mission in support of our regular clergy;
· Other persons or organisations operating within the diocese as appropriate.
· On occasion, other churches with which we are carrying out joint events or activities.
· External statutory bodies (police, social care etc) where this is legally required.
· In the event of employee related tasks including payroll and pension provisions.
6. How long do we keep your personal data?
We keep data in accordance with the guidance set out in the guide “Keep or Bin: Care of Your Parish Records” which is available from the Church of England website.1
Specifically, we retain electoral roll data; gift aid declarations and associated paperwork for six years after the calendar year to which they relate; and parish registers (baptisms, marriages, funerals) permanently
7. Your rights and your personal data
Unless subject to an exemption, or overruled by other obligations, under the GDPR, you have the following rights with respect to your personal data: -
· The right to request a copy of any personal data which the PCC of St Andrew’s, Cromhall holds about you;
· The right to request that the PCC of St Andrew’s, Cromhall corrects any personal data if it is found to be inaccurate or out of date;
· The right to request your personal data is erased where it is no longer necessary for the PCC of St Andrew’s, Cromhall to retain such data;
· The right to withdraw your consent to the processing at any time
· The right to request that the data controller (the PCC) provides the data subject (you) with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable). [Only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means].
· The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
· The right to object to the processing of personal data, (where applicable)
o This right only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics).
· The right to lodge a complaint with the Information Commissioners Office.
8. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
9. Marketing permissions and seeking consent
Whilst there may be an expectation that people involved in the life of the diocese in many ways would expect to receive information from the PCC through email, post, social media etc; the PCC is required through data regulations to ensure that it asks for your permission to do so in certain circumstances; and to ensure that it makes you aware of your rights in doing so.
Email and text
Ø We will ask for your permission to contact you in this way.
Ø From time to time we may send you information about the diocese and its work unless you have told us you would prefer not to receive this information by post.
Bulletins and newsletters
Ø The PCC will, in the main, require individuals to personally opt in and out of electronically sent information such as church newsletters. This ensures that individuals are able to manage the information they wish to receive.
10. Changes to this Privacy Notice
The PCC will review this Privacy Notice regularly and may update it at any time - for example in the event of legal changes, to improve how we manage data, where an issue or concern has come to light that needs appropriate response. If there are any significant changes in the way the PCC processes your personal information we will provide a prominent notice on our website or send you a notification.
11. Transfer of Data Abroad
Any electronic personal data transferred to countries or territories outside the EU will only be placed on systems complying with measures giving equivalent protection of personal rights either through international agreements or contracts approved by the European Union. Our website is also accessible from overseas so on occasion some personal data (for example in a newsletter) may be accessed from overseas.
12. Contact Details
To exercise all relevant rights, queries of complaints please in the first instance contact
the PCC Secretary Sue Wray at firstname.lastname@example.org
the Benefice Administrator at email@example.com or tel: 01454 260096
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
Those with whom the PCC is in regular contact:
Data Controllers: The Bishop’s Office, The Diocesan Board of Finance offices, The Board of Education, the Parish Giving Scheme (where appropriate), other PCCs, incumbents and clergy.
Clergy; stipendiary clergy, non-stipendiary clergy, retired clergy with the Bishop’s Permission to Officiate; chaplains.
Other ministers; Pioneers and other ministers, locally licensed lay people.
Church Officers; churchwardens, PCC secretaries, treasurers, safeguarding parish representatives/nominated people; benefice administrator, electoral roll officers.
Other church people; Members of PCC; School Foundation Governors
Synodical arrangements; Deanery officers and representatives, Bishop’s Council, Diocesan Synod; General Synod representatives.
Electoral Roll officer/members
Individuals and families involved in the life of the church through baptisms, funerals, weddings, house groups; and through other activities and pastoral needs.
Committees/Groups/Boards: PCC and other parish working groups and committees including: eg fabric, stewardship, social committee etc
Professionals, professional bodies/organisations and contractors – relating to those who supply the church through contracts for goods and services; individuals in their professional capacity.
LIFE vision priority interest groups; those who have consented to be part of a range of working or interest groups.
Fund applicants – information of individuals/groups applying for funding for various diocesan projects and initiatives.
Third parties with whom the PCC will share data:
· Clergy information – with the Bishop’s Office, Archdeacons and other diocesan central officers as appropriate (eg Human Resources, Safeguarding).
· Diocesan / Church Directory, published with consents where appropriate, available to purchase within the diocese / church.
· Specifically named individuals, clergy/readers/others details where these related to those undertaking specific church roles.
· Legal and statutory guidance and others; In compliance with the range of our legal responsibilities; including
o those involving land/glebe
o Property purchases and sales
o Tenancy arrangements
o The Charity Commission
o Insurers and legal advisers as appropriate.
o Relating to safeguarding issues, the Police, Probation, Social Care and Children’s Services.
· CCPAS – with regard to DBS checking processes through the central diocesan arrangements.
· Online Faculty System (OFS) – petitioners/objectors as it is developed within the diocese will be shared as appropriate with the offices of the Diocesan Registrar, the offices of the Chancellor of the Diocese, Statutory Consultees eg Historic England, CBC; others where this facilitates the consideration of applications for either a Faculty, or a matter not requiring a faculty, under the Faculty Jurisdiction Rules.
· Employee information – PCCs will only need this section where the PCC pays staff under contract and will depend if you use the diocesan payroll service or another payroll provider so it is clear what information you are sharing with them to ensure your employee is paid appropriately. Equally you might need to include a Pension Provider for your employee here if you pay directly into a pension for your employee(s).
 Details about retention periods can currently be found in the Record Management Guides located on the Church of England website at: www.churchofengland.org/more/libraries-and-archives/records-management-guides