GDPR

 

THE CHURCH OF THE ANNUNCIATION

GENERAL PRIVACY NOTICE

 

Protecting your personal data is important to us

By now you will have been bombarded with loads of organisations telling you how important your data is to them, no doubt to the point where you have stopped reading or listening.  We like to think it is as important to us as it is to you so we would like to share with you what data we might hold and how we protect it.

Data that identifies you specifically is protected under UK legislation [1]and that legislation has recently been enhanced to provide you with more rights over how the information is held and processed, that information might include your name, your address, your email address and videos and photographs.   

Who are we?

We are the Parochial Church Council (PCC) of The Church of the Annunciation; we are the data controller [2]for your data but we do not work alone. The Church of England is made up of a number of different organisations and office-holders who work together to deliver the Church’s mission in each community. These include our Parish Priest, Fr Anthony, our Bishop and the Diocese of Chichester and we may need to share personal data we hold with them so that they can carry out their responsibilities to the Church and our community. As joint data controllers we are all responsible to you for how we process your data.

Each of the data controllers has their own tasks within the Church; this Privacy Notice gives a description of what data might be processed and for what purpose. It is sent to you by the PCC on our own behalf and on behalf of each of the data controllers. In the rest of this Privacy Notice, we use the word “we” to refer to each data controller, as appropriate.

What data do the data controllers process?

The list of data that is classed as personal data is long so we have included it in an appendix (See Appendix A) in case you want to review it.  For most people we are likely to hold your name address and contact details, we may also hold bank details where you make payments to us or we pay you.

How do we process your personal data and ensure it is protected?

As data controllers we comply with our legal obligations to keep personal data up to date; to store and destroy it securely; not to collect or retain excessive amounts of data; to keep your personal data secure, and to protect it from loss, misuse, unauthorised access and disclosure. This means that we need to ensure that appropriate technical measures are in place to protect your personal data.

What is the legal basis for processing your personal data?

There might be a number of reasons why  we hold and process your data, you may have given us your data so that your name can appear on the Electoral Roll, so that we can publish the banns of your marriage, you can hire space in the church or because you Gift Aid donations to us. This may be to fulfil a legal obligation; allow us to perform the obligations of a contract, or to collect the Gift Aid tax on your donation. We may also need to share and process information for the protection of children and adults at risk. We will always take into account your interests, rights and freedoms and where your information is used other than in accordance with one of these legal bases, we will first obtain your consent to that use.

When we might share your personal data

Your personal data will be treated as strictly confidential. It will only be shared with third parties where it is necessary for the performance of our tasks or where you first give us your prior consent. It is likely that we will need to share your data with the other data controllers; other clergy or lay persons who may participate in our mission in support of our regular clergy; other churches with which we are carrying out joint events and activities. We may also need to share information with commercial organisations such as a company distributing newsletter although for us this is unlikely.

How long do we keep your personal data?

We will keep some records permanently if we are legally required to do so. We may keep some other records for an extended period of time. For example, it is current best practice to keep financial records for a minimum period of 7 years to support HMRC audits. In general, we will endeavour to keep data only for as long as we need it. This means that we may delete it when it is no longer needed.

Your rights and your personal data

You have the following rights with respect to your personal data: When exercising any of the rights listed below, in order to process your request, we may need to verify your identity for your security. In such cases we will need you to respond with proof of your identity before you can exercise these rights.

  1. The right to access information we hold on you
  2. The right to correct and update the information we hold on you
  3. The right to have your information erased
  4. The right to object to processing of your data
  5. The right to data portability
  6. The right to withdraw your consent to the processing at any time for any processing of data to which consent was sought.
  7. The right to object to the processing of personal data where applicable.
  8. The right to lodge a complaint with the Information Commissioner’s Office.

Transfer of Data Abroad

The PCC does not process any data outside of the EEA but the other organisations who are joint data controllers may do so. Any electronic personal data transferred to countries or territories outside the EEA will only be placed on systems complying with measures giving equivalent protection of personal rights either through international agreements or contracts approved by the European Union. Our website is also accessible from overseas so on occasion some personal data (for example photos in the gallery) may be accessed from overseas.

 Further processing

 If we wish to use your personal data for a new purpose we will seek your prior consent to the new processing.

Contact Details

Please contact us if you have any questions about this Privacy Notice or the information we hold about you or to exercise all relevant rights, queries or complaints at:

The Data Controller, The PCC of the Church of the Annunciation -- Email:  cannunciation@gmail.com

You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/  or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

 

[1] The processing of personal data is governed by [the Data Protection Bill/Act 2017 the General Data Protection Regulation 2016/679 (the “GDPR”) and other legislation relating to personal data and rights such as the Human Rights Act 1998].

[2] You may have wondered what a data controller is  - put simply its the organisation that controls how data is processed as opposed to the data processor who processes data under instruction from someone else – that’s a bit of jargon out of the way 


GDPR Appendix A