DATA PRIVACY NOTICE
The Parochial Church Council (PCC) and Incumbent of St John’s Dukinfield
1. Your personal data – what is it?
The term ‘personal data’ refers to any information relating to a living individual that allows them to be identified from that data (for example a name, photographs, videos, email address or address). Identification can be from the information alone or in conjunction with any other information. From 25 May 2018, the processing of personal data is governed by the General Data Protection Regulation (GDPR).
2. Who are we?
This Privacy Notice is provided to you by the Incumbent and Parochial Church Council (PCC) of St John’s Church, Dukinfield, who are the data controllers for your data. This means they decide how your personal data is used and for what purposes. St John’s Dukinfield PCC is registered with the Charity Commission – our number is 1134598.
3. What data do we process?
The sort of data we may process includes:
-
names, titles, photographs
-
demographic information such as gender, age, date of birth, marital status – where you provide them to us and they are relevant to our mission and responsibilities
-
contact details such as telephone numbers, addresses, and email addresses
-
financial identifiers such as bank account numbers, sort codes or payment card numbers
‘Processing’ your data means anything done to or with your data and includes, for example, collecting, storing, organising, retrieving, sharing or destroying it. Your data may be held in paper or electronic form. The data we process may constitute sensitive personal data (also known as special category data) because, as a church, the fact that we process your data at all may be suggestive of your religious beliefs.
4. Why do we collect and keep your personal data?
We use your personal data for the purposes of general church administration and communication. These purposes include:
-
ministering to you and providing you with pastoral and spiritual care – for example, visiting you when you are ill or bereaved – and conducting services for you, such as baptisms, weddings, confirmations and funerals
-
providing other voluntary services for the benefit of the public
-
maintaining membership records, including groups and service/ministry rotas
-
fundraising and maintaining church accounts and records (for example the processing of gift aid applications)
-
management of employees and volunteers
-
meeting Church of England and/or Charity Commission governance rules (eg Church Representation Rules); other legal obligations/responsibilities eg protection of children and vulnerable adults, Health & Safety requirements
-
keeping you informed about news, events, activities and services at St John’s.
5. How do we process your personal data?
The PCC of St John’s Dukinfield will comply with its legal obligations under the GDPR by:
-
being clear about how and why we process your personal data
-
not collecting or retaining more data than we need
-
keeping personal data up to date
-
putting procedures and technical measures in place to protect data from loss, misuse, unauthorised access and disclosure.
6. What is the legal basis for processing your personal data?
Much of our data is processed because it is necessary for our legitimate interests, or the legitimate interests of a third party (such as another organisation in the Church of England). This would include, for example, the provision of pastoral care, maintaining our electoral roll, submitting Gift Aid claims.
Some of our processing is necessary to enable us to meet a legal obligation. For example we have to publish banns of marriage under Canon Law, and we need to comply with various aspects of Health & Safety law.
We may also process data if it is necessary for the performance of a contract with you. An example of this would be processing your data if you wanted to hire church facilities.
Where we intend to use your data other than in accordance with one of these three principles, we will first obtain your consent.
7. Sharing your personal data
Your personal data will be treated as strictly confidential and will only be shared with third parties where it is necessary for the performance of the PCC’s or Incumbent’s responsibilities, or where you first give us your consent. We may need to share your data with:
-
the appropriate bodies of the Church of England
-
our agents, suppliers and contractors – for example, we may ask a commercial provider to administer our payroll, maintain our database software or carry out an independent examination of our accounts
-
ministry leaders nominated to support the mission of the Church in our parish
-
other church members, for example if you are part of a ministry rota.
8. How long do we keep your personal data?
We keep some records permanently where we are legally required to do so. We may keep some other records for an extended period of time. Specifically, we retain electoral roll data while it is still current; financial records for up to 6 years after the calendar year to which they relate; and parish registers (baptisms, marriages, funerals, banns, confirmations) permanently. In general, we will try to keep data only for as long as we need it. This means that we may delete it when it is no longer needed.
9. Your rights and your personal data
You have the following rights with respect to your personal data:
-
the right to request a copy of any personal data which the PCC of St John’s Dukinfield holds about you – once we have received your request, we will respond within one calendar month
-
the right to request that the PCC of St John’s Dukinfield corrects any personal data if it is found to be inaccurate or out of date – corrections will be carried out within one week of notification
-
the right to request that your personal data is erased where it is no longer necessary for the PCC of St John’s Dukinfield to retain the data – we will either confirm that the data has been deleted or explain why it cannot be deleted – for example, because we need it for our legitimate interests or regulatory purposes
-
the right to withdraw your consent to the processing of any data to which you previously consented
-
the right to data portability – this means that you can request us to transfer some of your data to another controller. We will comply with your request, where it is feasible to do so, within one calendar month
-
the right, where there is a dispute in relation to the accuracy or processing of your personal data, to request that a restriction is placed on further processing
-
the right to object to the use of personal data where we are processing it on the grounds of legitimate interests
-
the right not to be subject to automated decision-making.
10. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will first provide you with a new notice setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
11. Contact Details
Please contact us if you have any further questions about this Privacy Notice, or the information we hold, by
-
calling the church office on 0161 883 2561
-
emailing office@stjohnsdukinfield.com
-
writing to St John’s Church Centre, Vicarage Drive, Dukinfield, SK16 5HZ.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.