Your personal data – what is it?
“Personal data” is any information about a living individual which allows them to be identified from that data (for example a name, photographs, videos, address or email address). Identification can be by the information alone or in conjunction with any other information. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (GDPR) and the subsequent legislation incorporating it into UK law due to be in place from mid-May 2018.
This Privacy Notice is provided to you by St Francis Community Church, the Ministry Team, the Trustees and the Assistant Pastoral Leader who is the primary Data Officer.
Data security at St Francis is made up of these data controllers working together, we may need to share personal data between us so that we can carry out our responsibilities to St Francis and our community. We are all responsible to you for how we process your data.
How do we process your personal data?
We comply with our legal obligations by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by keeping personal data secure; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for some of or all of the following purposes:
- To deliver the Church’s mission to our community, and to carry out any other voluntary or charitable activities for the benefit of the public as specified in our constitution;
- To enable us to meet all legal and statutory obligations (which include maintaining our Membership roll in accordance with the Church requirements);
- To comply with safeguarding procedures with the aim of ensuring that all children and adults-at-risk are provided with safe environments;
- To minister to you and provide you with pastoral and spiritual care (such as visiting you when you are gravely ill or bereaved) and to organise and perform Ministerial services for you, such as dedications, weddings and funerals;
- To inform you of news, events, activities and services running at St Francis, and to send you other communications which may be of interest to you.
- These may include information about campaigns, appeals and other fundraising activities; To seek your views or comments;
- To include your details on rotas and generally in connection with any role you may perform within St Francis;
- To publish selected details (with your consent) in the weekly notice sheet or on the St Francis website;
- To maintain our own accounts and to process donations, including Gift Aid applications;
- To administer our records, including storing your information on our database. We may also publish your contact details in our Church Directory, but only ever with your explicit consent;
- To manage our employees and volunteers, and to process applications for such roles;
- To fundraise and promote the interests of St Francis;
What is the legal basis for processing your personal data?
Some of your data is processed because it is necessary for our legitimate interests, or the legitimate interests of a third party [such as the Charity Commission] Our legitimate interests will normally be the administration of the church. We will always consider your interests, rights and freedoms.
Some of our processing is necessary for compliance with a legal obligation. For example, to announce forthcoming weddings publicly.
We may also process data if it is necessary for the performance of a contract with you, or to take steps to enter into a contract. An example of this would be processing your data in connection with the hire of church facilities, or under a contract of employment.
Religious organisations are also permitted to process information about your religious beliefs to administer membership or contact details, provided this information is not passed to a third party without your consent.
In all other cases, the legal basis is your consent, which we will obtain prior to using your personal data.
Sharing your personal data
Your personal data will be treated as strictly confidential. It will only be shared with third parties where it is necessary for the performance of our tasks or where you give us your prior consent. It is likely that we will need to share your data with some or all of the following (but only where necessary):
- Our employees, volunteers and other members of St Francis to carry out a service to other members or for purposes connected with St Francis;
- Companies or individuals who we may ask to provide a service that we cannot, for example IT support. We will only use such third parties who fully comply with data protection legislation, and their use of your personal data will be limited to the specific purpose for which is has been shared;
- Other persons or organisations who are regarded as close colleagues within the Christian Church in the UK.
How long do we keep your personal data?
We keep data in accordance with the guidance provided by the Charity Commission of GB; We will keep some records permanently if we are legally required to do so. We may keep some other records for an extended period of time. For example, we will keep financial records for a minimum period of 7 years to support HMRC audits. In general, we will endeavour to keep data only for as long as we need it. This means that we may delete it when it is no longer needed or if you ask us to remove your information.
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- The right to request a copy of the personal data which we hold about you;
- The right to request that we correct any personal data if it is found to be inaccurate or out of date;
- The right to request that your personal data is erased where it is no longer necessary for us to retain such data (known as “the right to be forgotten”);
- The right to withdraw your consent to processing at any time (where consent was the original basis for processing);
- The right to request that we transfer your personal data to another data controller (known as “the right to data portability”);
- The right to request a restriction is placed on further processing, where there is a dispute in relation to the accuracy or processing of your personal data;
- The right to object to the processing of personal data;
- The right to lodge a complaint with the Information Commissioner’s Office (contact details below).
When exercising any of the rights listed above, to process your request, we may need to verify your identity for your security. In such cases, we will need you to respond with proof of your identity before you can exercise these rights.
Transfer of Data Abroad
Any electronic personal data transferred to IT systems outside the United Kingdom will only be placed on systems which provide the equivalent protection of personal rights as required in the United Kingdom. Our website is also accessible from overseas so on occasion some personal data (for example in a newsletter) may be accessed from abroad.
If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Changes to this notice
We keep this Privacy Notice under regular review and will place any updates on this web page. This notice was last updated on 22nd May 2018.
Tel: 07506 582027
You can contact the Information Commissioners Office on 0303 123 1113 or via email
https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office,
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.