DATA PRIVACY NOTICE

St Leonard’s Parochial Church Council (PCC) 

&

the Priest-in-Charge 

Upton St Leonards  

Who are we? 

The St Leonard’s PCC of Upton St Leonards and the Priest-in-Charge, Revd Clodagh Ingram are the “data controllers”.  This means they decide how your personal data is processed and for what purposes. 

 

Your personal data – what is it?

Personal data relates to a living individual (the “data subject”) who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”) 2018.

 

How do we process your personal data?

The St Leonard’s PCC and Revd Clodagh Ingram (Priest-in-Charge) comply with obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

 

We use your personal data for some or all of the following purposes: -

  • To enable us to meet all legal and statutory obligations (which include maintaining and publishing our electoral roll in accordance with the Church Representation Rules);
  • To carry out comprehensive safeguarding procedures (including due diligence and complaints handling) in accordance with best safeguarding practice from time to time with the aim of ensuring that all children and adults-at-risk are provided with safe environments;
  • To enable us to provide a voluntary service for the benefit of the public within our parish boundaries;
  • To administer membership records;
  • To manage our volunteers and suppliers; 
  • To maintain our own accounts and records (including the processing of gift aid applications);
  • To inform you of news, events, activities and services running at St Leonard’s;
  • To process a donation that you have made (including Gift Aid information);
  • To send you communications which you have requested and that may be of interest to you.  These may include information about campaigns, appeals and other fundraising activities;
  • To inform you of any activity we believe you would share a legitimate interest with the church.

 

We collect personal data in some or all of the following ways;

  • Names, titles, and aliases, photographs;
  • Contact details such as telephone numbers, addresses, and email addresses;
  • Where they are relevant to our mission, or where you provide them to us, we may process demographic information such as gender, age, date of birth, marital status, nationality, education/work histories, academic/professional qualifications, hobbies, family composition, and dependants;
  • Where you make donations or pay for activities such as use of church premises, financial identifiers such as bank account numbers, payment card numbers, payment/transaction identifiers, policy numbers, and claim numbers.

The data we process is likely to constitute sensitive personal data because, as a church, the fact that we process your data at all may be suggestive of your religious beliefs.  Where you provide this information, we may also process other categories of sensitive personal data: racial or ethnic origin.  And, where this is relevant, mental and physical health, details of injuries, medication/treatment received, and criminal records, fines and other similar judicial records.

 

What is the legal basis for processing your personal data?

  • Most of our data is processed because it is necessary for our legitimate interests, or the legitimate interests of a third party (such as another organisation in the Church of England).  An example of this would be our safeguarding work to protect children and adults at risk.  We will always take into account your interests, rights and freedoms.
  • Processing is necessary for compliance with a legal obligation.  For example, we are required by the Church Representation Rules to administer and publish the electoral roll, and under Canon Law to announce forthcoming weddings by means of the publication of banns.
  • We will seek explicit consent to keep you informed about news, events, activities and services and keep you informed about local church and other diocesan events.
  • We may also process data if it is necessary for the performance of a contract with you, or to take steps to enter into a contract. An example of this would be processing your data in connection with the hire of church facilities.
  • Processing is necessary for carrying out legal obligations in relation to Gift Aid or under employment, social security or social protection law, HMRC and other statutory requirements.
  • Religious organisations are also permitted to process information about your religious beliefs to administer membership or contact details.
  • Where your information is used other than in accordance with one of these legal bases, we will first obtain your consent to that use.

 

Sharing your personal data
Your personal data will be treated as strictly confidential. It will only be shared with third parties where it is necessary for the performance of our tasks, where you first give us prior consent, or in respect of a legal/statutory obligation.   It is likely that we will need to share your data with some or all of the following (but only where necessary):

 

  • The appropriate bodies of the Church of England including the other data controllers.
  • Other clergy or lay persons nominated or licensed by the bishops of the diocese to support the mission of the Church in our parish.  For example, our clergy are supported by our area dean and archdeacon, who may provide confidential mentoring and pastoral support.  Assistant or temporary ministers, including curates, deacons, licensed lay ministers, commissioned lay ministers or persons with Bishop’s Permissions may participate in our mission in support of our regular clergy.
  • Other persons or organisations operating within the diocese as appropriate.
  • On occasion, other churches with which we are carrying out joint events or activities.
  • External statutory bodies (police, social care etc) where this is legally required.

 

How long do we keep your personal data?
We keep data in accordance with the Church of England guidance1.  Specifically, we retain:

 

  • electoral roll data while it is still current; (ie. up to 7 years)
  • details of gift aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate; 
  • parish registers (baptisms, banns, marriages, burials) permanently.

 

Your rights and your personal data  

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: 

 

  • The right to request a copy of your personal data which the PCC of St Leonard’s or Revd Clodagh Ingram (Priest-in-Charge), Upton St Leonards holds about you; 
  • The right to request that the PCC of St Leonard’s or Revd Clodagh Ingram (Priest-in-Charge), Upton St Leonards corrects any personal data if it is found to be inaccurate or out of date; 
  • The right to request your personal data is erased where it is no longer necessary for the PCC of St Leonard’s or Revd Clodagh Ingram (Priest-in-Charge), Upton St Leonards to retain such data;
  • The right to withdraw your consent to the processing at any time;
  • The right to request that the PCC of St Leonard’s or Revd Clodagh Ingram (Priest-in-Charge) provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability) (where applicable2)
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data, (where applicable3).
  • The right to lodge a complaint with the Information Commissioners Office.

 

Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

 

Marketing permissions and seeking consent

Whilst there may be an expectation that people involved in the life of the diocese in many ways would expect to receive information from the PCC of St Leonard’s through email, post, social media, etc; the PCC of St Leonard’s is required through data regulations to ensure that it asks for your permission to do so in certain circumstances; and to ensure that it makes you aware of your rights in doing so.

 

Changes to this Privacy Notice

The PCC of St Leonard’s and Revd Clodagh Ingram (Priest-in-Charge) will review this Privacy Notice regularly and may update it at any time – for example in the event of legal changes, to improve how we manage data, where an issue or concern has come to light that needs appropriate response.  

 

Our Contact Details

 

To exercise all relevant rights or if you have any queries or complaints please in the first instance contact the PCC Secretary (pccsecretary@uptonstleonardschurch.co.uk) or any member of the PCC or the Priest in Charge (rev.clodaghingram@gmail.com).

 

You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

 

1                The Church of England Guide “Keep or Bin: Care of Your Parish Records”

https://www.churchofengland.org/more/libraries-and-archives/records-management-guides

 

2                Only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means.

 

3           Only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics.