DATA PRIVACY NOTICE
The Parochial Church Councils of St George’s, Upper Cam and St Cyr’s Stinchcombe and the Vicar of Cam with Stinchcombe.
1. Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information that is in the data controller’s possession, or is likely to come into their possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
2. Who are we?
The Parochial Church Council (PCC) of St George’s, Upper Cam; the PCC of St Cyr’s, Stinchcombe and the Vicar of Cam with Stinchcombe are the “data controllers” (contact details below). This means they decide how your personal data is processed and for what purposes. They are separate entities and data controllers, but work together and share systems and policies. Your data may be shared between the 3 data controllers for the purposes listed below.
3. How do we process your personal data?
The data controllers comply with their obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
You are, under the GDPR, the “data subject”, and we use your personal data for the following purposes: -
• To enable us to provide a voluntary service for the benefit of the public in our parishes and surrounding areas;
• To provide pastoral care to our parishioners;
• To administer membership records;
• To fundraise and promote the interests of the churches;
• To manage our employees and volunteers;
• To maintain our own accounts and records (including the processing of gift aid applications);
• To inform you of news, events, activities, initiatives and services running in the parishes, surrounding area and diocese;
4. What is the legal basis for processing your personal data?
• Your explicit consent so that we can keep you informed about news, events, activities, initiatives and services around the parishes including churches together and diocesan events.
• Your explicit consent so that we can publish your information where you are a church officer, organise groups / events or write magazine articles.
• Your explicit consent so that we can publish your information in a Church Directory.
• Processing is necessary for the performance of a contract with you where we arrange occasional services with you or deliver you a parish magazine.
• Processing is necessary for carrying out legal obligations in relation to Gift Aid, Safeguarding, or under employment, social security or social protection law.
• Processing is carried out by a not-for-profit body with a religious aim provided: -
- the processing relates only to members or former members of the body (or those who have regular contact with it in connection with those purposes); and
- there is no disclosure to a third party without consent.
5. Sharing your personal data
Your personal data will be treated as strictly confidential and will only be shared with other members of the church in order to carry out a service to other church members, or for purposes connected with the church. We will only share your data with third parties outside the parishes with your consent.
6. How long do we keep your personal data?
We keep data in accordance with the guidance set out in the guide “Keep or Bin: Care of Your Parish Records”, which is available from the Church of England website1 [see footnote for link].
Specifically, we retain electoral roll data while it is still current; gift aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate; and parish registers (baptisms, marriages, funerals) permanently.
7. Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: -
• The right to request a copy of the personal data which we hold about you;
• The right to request that we correct any personal data if it is found to be inaccurate or out of date;
• The right to request your personal data is erased where it is no longer necessary for us to retain such data;
• The right to withdraw your consent to the processing at any time
• The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
• The right to lodge a complaint with the Information Commissioners Office.
8. Further processing & Changes to this Privacy Notice
If we wish to use your personal data for a new purpose not covered by this Data Protection Notice we will, prior to commencing the processing, provide you with a new notice explaining this new use and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
9. Data Processors
We use a third party (currently Mailchimp) to deliver electronic newsletters and messages, and to manage records of your consent and details of the information you wish to receive from us. They may transmit and store your data outside the EU, however they comply with all GDPR technical / security requirements and best practice.
10. Contact Details
To exercise all relevant rights, queries or complaints please, in the first instance, contact the Vicar at The Vicarage, St George’s Church, Church Road, Upper Cam GL11 5PQ. 01453 548343. firstname.lastname@example.org.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
1 Details about retention periods can currently be found in the Record Management Guides located on the Church of England website at: - https://www.churchofengland.org/more/libraries-and-archives/records-management-guides
Data Privacy Notice – May 2018