PARISH OF KIRDFORD WITH PLAISTOW
Your personal data – what is it?
“Personal data” is any information about a living individual which allows them to be identified from that data (for example a name, photographs, videos, address or email address). Identification can be by the information alone or in conjunction with any other information. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (GDPR) and the subsequent legislation incorporating it into UK law.
Who are we?
This Privacy Notice is provided to you by the PCC of Kirdford with Plaistow Parish.
The PCC is made up of the following data controllers:
- the incumbent of the Parish
- the Parochial Church Council (PCC) of Kirdford
These data controllers decide how your personal data is processed and for what purpose, as set out in this Privacy Notice. In the rest of this Privacy Notice, the word “we” is used to refer to each data controller as appropriate.
As the PCC is made up of these data controllers working together, we may need to share personal data between us so that we can carry out our responsibilities to the PCC and our community. We are all responsible to you for how we process your data.
How do we process your personal data?
We comply with our legal obligations by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by keeping personal data secure; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for some or all of the following purposes:
- To deliver the Church's mission to our community, and to carry out any other voluntary or charitable activities for the benefit of the public as specified in our constitution;
- To enable us to meet all legal and statutory obligations (which include maintaining and publishing our electoral roll in accordance with the Church Representation Rules);
- To comply with safeguarding procedures with the aim of ensuring that all children and adults-at-risk are provided with safe environments;
- To minister to you and provide you with pastoral and spiritual care (such as visiting you when you are gravely ill or bereaved) and to organise and perform ecclesiastical services for you, such as baptisms, confirmations, weddings and funerals;
- To inform you of news, events, activities and services running in the Parish, and to send you other communications which may be of interest to you. These may include information about campaigns, appeals and other fundraising activities;
- To seek your views or comments;
- To include your details on rotas and generally in connection with any role you may perform within the Parish;
- To publish selected details (with your consent) in the notice sheet, the magazine or the website;
- To maintain our own accounts and to process donations, including Gift Aid applications;
- To administer our records, including storing your information on our database. We may also publish your contact details in our Church Directory, but only ever with your explicit consent;
- To manage our employees and volunteers, and to process applications for such roles;
- To fundraise and promote the interests of the Parish.
What is the legal basis for processing your personal data?
Some of your data is processed because it is necessary for our legitimate interests, or the legitimate interests of a third party (such as another organisation in the Church of England). Our legitimate interests will normally be the administration of the church. We will always take into account your interests, rights and freedoms.
Some of our processing is necessary for compliance with a legal obligation. For example, we are required by the Church Representation Rules to administer and publish the electoral roll, and under Canon Law to announce forthcoming weddings by means of the publication of banns.
We may also process data if it is necessary for the performance of a contract with you, or to take steps to enter into a contract. An example of this would be processing your data in connection with the hire of church facilities, or under a contract of employment.
Religious organisations are also permitted to process information about your religious beliefs to administer membership or contact details, provided this information is not passed to a third party without your consent.
In all other cases, the legal basis is your consent, which we will obtain prior to using your personal data.
Sharing your personal data
Your personal data will be treated as strictly confidential. It will only be shared with third parties where it is necessary for the performance of our tasks or where you give us your prior consent. It is likely that we will need to share your data with some or all of the following (but only where necessary):
- Our employees, volunteers and other members of PCC in order to carry out a service to other members or for purposes connected with PCC;
- Companies or individuals who we may ask to provide a service that we cannot, for example IT, support. We will only use such third parties who fully comply with data protection legislation, and their use of your personal data will be limited to the specific purpose for which is has been shared;
- Other persons or organisations who are part of the Church of England.
How long do we keep your personal data?
We keep data in accordance with the guidance provided by the Church of England.
We will keep some records permanently if we are legally required to do so. We may keep some other records for an extended period of time. For example, we will keep financial records for a minimum period of 7 years to support HMRC audits. In general, we will endeavour to keep data only for as long as we need it. This means that we may delete it when it is no longer needed or if you ask us to remove your information.
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- The right to request a copy of the personal data which we hold about you;
- The right to request that we correct any personal data if it is found to be inaccurate or out of date;
- The right to request that your personal data is erased where it is no longer necessary for us to retain such data (known as “the right to be forgotten”);
- The right to withdraw your consent to processing at any time (where consent was the original basis for processing);
- The right to request that we transfer your personal data to another data controller (known as “the right to data portability”);
- The right to request a restriction is placed on further processing, where there is a dispute in relation to the accuracy or processing of your personal data;
- The right to object to the processing of personal data;
- The right to lodge a complaint with the Information Commissioner's Office (contact details below).
When exercising any of the rights listed above, in order to process your request we may need to verify your identity for your security. In such cases, we will need you to respond with proof of your identity before you can exercise these rights.
Transfer of Data Abroad
Any electronic personal data transferred to IT systems outside the United Kingdom will only be placed on systems which provide the equivalent protection of personal rights as required in the United Kingdom. Our website is also accessible from overseas so on occasion some personal data (for example in a newsletter) may be accessed from abroad.
If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Changes to this notice
We keep this Privacy Notice under regular review and will place any updates on this web page. This notice was last updated on 24th May 2018.
Please contact us if you have any questions about this Privacy Notice or the information we hold about you or to exercise all relevant rights, queries or complaints:
The Vicar: phone: 01403 820605, email firstname.lastname@example.org.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.