GENERAL GDPR PRIVACY NOTICE
The Church collects and processes personal information, or personal data, relating to its Data Subjects (any living identified or identifiable individual about whom the Church holds personal data) and Members of Staff (any employee, worker, volunteer, contractor and consultant employed or engaged by the Church). This personal information may be held by the Church on paper or in electronic format.
The Church is committed to being transparent about how it handles your personal information, to protecting the privacy and security of your personal information and to meeting its data protection obligations under the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018. The purpose of this privacy notice is to make you aware of how and why we will collect and use your personal information. We are required under the GDPR to notify you of the information contained in this privacy notice.
What types of personal information do we collect about you?
Personal information is any information about an individual from which that person can be directly or indirectly identified. The Church collects, uses and processes a range of personal information about its members and members of its organisations. Personal information may be stored in different places, including in the Church’s office and IT systems.
We will only use your personal information when the law allows us to.
We will only use personal information for the purposes for which we collected it.
Your personal information will only be shared internally within the Church if necessary.
The Church has put in place measures to protect the security of your personal information. It has internal policies, procedures and controls in place to try and prevent your personal information from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. In addition, we limit access to your personal information to those within the church who need to know.
The Church will only retain your personal information for as long as is necessary to fulfil the purposes for which it was collected and processed.
Personal information which is no longer to be retained will be securely and effectively destroyed or permanently erased from our IT systems and we will also require third parties to destroy or erase such personal information where applicable.
It is important that the personal information we hold about you is accurate and up to date. Please keep us informed if your personal information changes, e.g. you change your home address, during your working relationship with the Church so that our records can be updated. The Church cannot be held responsible for any errors in your personal information in this regard unless you have notified the Church of the relevant change.
As a data subject, you have a number of statutory rights. Subject to certain conditions, and in certain circumstances, you have the right to:
- request access to your personal information – this is usually known as making a data subject access request and it enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
- request rectification of your personal information – this enables you to have any inaccurate or incomplete personal information we hold about you corrected
- request the erasure of your personal information – this enables you to ask us to delete or remove your personal information where there’s no compelling reason for its continued processing, e.g. it’s no longer necessary in relation to the purpose for which it was originally collected
- restrict the processing of your personal information – this enables you to ask us to suspend the processing of your personal information, e.g. if you contest its accuracy and so want us to verify its accuracy
- object to the processing of your personal information – this enables you to ask us to stop processing your personal information where we are relying on the legitimate interests of the business as our legal basis for processing and there is something relating to your particular situation which makes you decide to object to processing on this ground
- data portability – this gives you the right to request the transfer of your personal information to another party so that you can reuse it across different services for your own purposes.
If you wish to exercise any of these rights, please contact the Oversight. We may need to request specific information from you in order to verify your identity and check your right to access the personal information or to exercise any of your other rights. This is a security measure to ensure that your personal information is not disclosed to any person who has no right to receive it.
If you believe that the Church has not complied with your data protection rights, you have the right to make a complaint to the Information Commissioner’s Office (ICO) at any time. The ICO is the UK supervisory authority for data protection issues.
The Church will not transfer your personal information to countries outside the European Economic Area.
The Church reserves the right to update or amend this privacy notice at any time, including where the Church intends to further process your personal information for a purpose other than that for which the personal information was collected or where we intend to process new types of personal information. We will issue you with a new privacy notice when we make significant updates or amendments. We may also notify you about the processing of your personal information in other ways.
If you wish to see a copy of the full GDPR Data Protection Policy please request this from the Pastor.