DATA PRIVACY NOTICE
The Parochial Church Council (PCC) of Christ Church Bridlington
1. Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
2. Who are we?
The PCC of Christ Church Bridlington are the data controller (contact details below). This means it decides how your personal data is processed and for what purposes. The Operations Team Leader manages this on behalf of the PCC
3. What data does the PCC process now or in the future?
Some or all of the following will be processed where necessary to perform our tasks:
Names, titles, (and aliases if applicable) as provided by you
Photographs - We occasionally take photos and videos during Church run activities for use in Church, printed materials (including church publicity), on our website and Church Network Facebook page. If you object to your image being used in these ways please let the Church Office know by phone or email so that we know not to use your image.
Contact details such as telephone numbers, addresses, and email addresses;
Where they are relevant to our mission now or in the future, or where you provide them to us, we may process demographic information such as gender, age, date of birth, marital status, nationality,
Where you make donations or pay for activities, financial identifiers such as bank account numbers sort codes and amounts donated,
Some of the data we process is likely to constitute sensitive personal data because, as a church, it may reveal your religious beliefs (Baptisms, confirmations, Church Electoral roll).
4. How and why do we process your personal data?
The PCC of Christ Church Bridlington complies with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for the following purposes: –
To enable us to provide a voluntary service for the benefit of the public in a particular geographical area as specified in our constitution;
To minister to you and provide you with pastoral and spiritual care (such as visiting you when you are seriously ill or bereaved) and to organise and perform ecclesiastical services for you, such as home communion, thanksgivings, baptisms, confirmations, weddings and funerals;
To enable us to meet all legal and statutory obligations (which include maintaining and publishing our church electoral roll in accordance with the Church Representation Rules, keeping financial records for gift aid and/or HMRC purposes,
To administer membership records – electoral roll members, other regular members, PCC officers, Deanery Synod reps ;
To maintain our own accounts and records (including the processing of gift aid applications and the retention of consent forms);
To fundraise and promote the interests of the charity
To manage our employees and volunteers;
To inform you of news, events, activities and services running at Christ Church;
To share your contact details with the Diocesan office so they can keep you informed about news in the diocese and events, activities and services that will be occurring in the diocese and in which you may be interested.
5. What is the legal basis for processing your personal data?
a) Some personal data is processed because it is necessary for ourlegitimate interests, or the legitimate interests of a third party (such as another organisation in the Church of England). Legitimate interest is appropriate where we use your data in ways you would reasonably expect and which have a minimal privacy impact, We will always take into account your interests, rights and freedoms and you can let us know at any time if you do not wish us to contact you.
Our legitimate purposes include-
We use personal data to compile lists which ensure that members are kept informed of church meeting dates and times and any other church related issues. The lists also provide contact numbers in the event of an emergency. The administration lists ensure that our church services/activities are managed and supervised appropriately particularly regarding safeguarding issues
Rotas – our various rotas enable us to function as a religious organisation and to provide our services for the benefit of the public and to other church members
Fundraising/giving reviews – the personal data of regular church members, those on the church electoral roll and other regular donors is used to contact them about fundraising initiatives or giving reviews. We will not make contact by electronic means (email and/or text message) unless additional explicit consent has been given to this method
b) Some of our processing is necessary for compliance with a legal obligation. Current examples are:
Church Electoral roll – we are required by the Church Representation Rules to administer and publish the electoral roll,
PCC/churchwarden/deanery synod nominations – we are required by the Charities Act to process the forms to evidence that officers are eligible to serve.
Gift aid records (declarations and envelopes) – we are required by HMRC to process your data to evidence taxpayer status and amounts paid in support of our gift aid claims.
Attendance records for children and youth activities – we are legally required to keep a list of children or youth who attend a church service or activity unaccompanied by an adult
Financial records – purchase invoices, expense receipts, bank statements, non gift aid income receipts are processed in accordance with HMRC and Charity Commission requirements.
Complaints/correspondence relating to Pastoral Care, Safeguarding and Health and Safety – we are required by law to retain correspondence of this nature and to note the action taken
Recruitment of volunteers and/or employees – we are required by law to process personal data to meet our obligations under employment, social security or social protection law. Data is also processed to meet safeguarding requirements.
Publication of banns – we are required under Canon Law to announce forthcoming weddings
Baptism, confirmation, weddings – we are required by law to process data to enable the necessary registers, to be completed and certificates/licences to be issued.
c) Some of our processing requires explicit consent of you (the data subject). Current examples are -
so that we can keep you informed about news, events, activities and services in the parish and keep you informed about diocesan events.
Photographs – close up photos of adults and all photos of children, young people and vulnerable adults will require written consent before they can be used on any Church publication, the Church network Facebook page and the Church website.
d) Special category data – An additional lawful basis is required for processing data carried out by a not-for-profit body with a religious aim.
Applications for baptisms, confirmations and Church Electoral roll enrolment reveal your religious belief. We process the data for the purpose intended and where it is within our legitimate interests and/or we have other legal reasons to do so. The application forms for baptisms, confirmations and church electoral roll enrolment need your consent.
Where your religious beliefs need to be processed but no consent is requested the lawful basis for processing is based on the following-
the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes); and
there is no disclosure to a third party without your consent.
6. Sharing your personal data
Your personal data will be treated as strictly confidential and will only be shared with other members of the church in order to carry out a service to other church members or for purposes connected with the church.
We will only share your data with third parties outside of the parish (such as the York Diocese, other Church of England bodies, HMRC re gift aid, Registrar for weddings, insurance and safeguarding purposes) where there is a legal requirement to do so. We will seek your consent in other instances - Newsletter emails are managed by Mailchimp and that service requires your consent. Mailchimp has it’s own privacy notice.
From time to time we provide links in our website and/or church Facebook pages to other organisations which we are not connected to but may be of interest to you. We do not share your information with them and would advise you to check the privacy notice of the 3rd party website that you choose to visit.
7. How long do we keep your personal data?
We keep data in accordance with the guidance set out in the guide “Keep or Bin: Care of Your Parish Records” which is available from the Church of England website [see footnote for link].
Specifically, we retain electoral roll data while it is still current; gift aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate; records relating to children and young people’s activities are retained for safeguarding purposes for 50 years and parish registers (baptisms, marriages, funerals) permanently.
8. Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: –
The right to request a copy of your personal data which the PCC of Christ Church Bridlington holds about you;
The right to request that the PCC of Christ Church Bridlington corrects any personal data if it is found to be inaccurate or out of date;
The right to request your personal data is erased where it is no longer necessary for the PCC of Christ Church Bridlington to retain such data;
The right to withdraw your consent to the processing at any time
The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable) [Only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means].
The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
The right to object to the processing of personal data, (where applicable) [Only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics]
The right to lodge a complaint with the Information Commissioners Office.
9. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
10. Transfer of Data Abroad
Any electronic personal data transferred to countries or territories outside the EU will only be placed on systems complying with measures giving equivalent protection of personal rights either through international agreements or contracts approved by the European Union.
Some personal data is processed and stored in the cloud using Microsoft Onedrive.
11. Contact Details
To exercise all relevant rights, queries of complaints please in the first instance contact the Operations Team Leader at Christ Church Bridlington, 2 Quay Road, Bridlington, East Riding of Yorkshire YO15 2AP. Tel 01262 404100. You can also contact us via email - firstname.lastname@example.org.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
1Details about retention periods can currently be found in the Record Management Guides located on the Church of England website at: – https://www.churchofengland.org/more/libraries-and-archives/records-management-guides