May 23, 2018

Data Privacy Notice

DATA PRIVACY NOTICE

The Parochial Church Council of St Luke with St Augustine New Catton (The PCC)

1. Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).

2. Who are we?

The PCC is the data controller (contact details below).  This means it decides how your personal data is processed and for what purposes.

3. How do we process your personal data?

The PCC complies with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We use your personal data for the following purposes: –

  • To enable us to provide a voluntary service for the benefit of the public in a particular geographical area as specified in our charitable objects;
  • To administer membership, church directory and Electoral Roll records;
  • To fundraise and promote the interests of the charity;
  • To manage our employees, volunteers, contractors and suppliers;
  • To maintain our own accounts and records (e.g. processing of Gift Aid declarations);
  • To inform you of news, events, activities and services running at or associated with The PCC and Norwich Christian Meditation Centre and other expressions;
  1. What is the legal basis for processing your personal data?
  • Legitimate interest is the basis for sending information about news, events and activities to people who have previously participated in events (including those run by the Norwich Christian Meditation Centre, C3, The PCC etc) to those who have given us their email address. In every communication there will be the option to “unsubscribe” from future communications.
  • Consent is the basis for people who sign up to receive information from us by email or through our websites, or in writing. At the point of giving their email address people will be told how their data will be used, how to opt-out and access the privacy policy.
  • Legitimate interest also is the basis for acknowledging donations, contacting PCC members, office holders, church members or others who play a role at religious services or other activities in relation to our charitable objects including keyholders. However, we will only put your contact details on our website or other social media with your consent.
  • Legal obligation: where processing is necessary for carrying out obligations under employment, contract, tax (including Gift Aid claims) or other law;
  • Contract: for organisations and individuals with whom we have a contractual relationship including self-employed contractors and building hirers.
  • Processing is carried out by a not-for-profit body with a religious aim provided: –
    • the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes); and
    • there is no disclosure to a third party without consent.
  1. Sharing your personal data
    Your personal data will be treated as strictly confidential and will only be shared with other members of the church in order to carry out a service to other church members or for purposes connected with the church. We will only share your data with third parties outside of the parish with your consent or if prescribed to do so by law, or to undertake legal processes. This would include personal data being sent to the Diocese as part of evidence for calculating Statutory Fees for funerals, banns, weddings etc, or sharing Gift Aid data with HMRC and those involved in accounts preparation and examination. 
  1. How long do we keep your personal data[1]?
    We keep data in accordance with the guidance set out in the guide “Keep or Bin: Care of Your Parish Records” which is available from the Church of England website [see footnote for link].  Specifically, we retain electoral roll data while it is still current; gift aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate; and parish registers (baptisms, marriages, funerals) permanently.
  1. Internet and digital services

The PCC runs websites and visits to those websites captures certain information such as the type of  browser used to access the site, IP address of the device used, pages viewed.  We will not use this information to identify individuals and will only use the data to identify trends and patterns of usage to improve our services.

The PCC also uses various electronic services, such as Facebook and Mailchimp accounts, to communicate images, audio, video and information relating to events, activities and the service provided.  These are used to promote upcoming activities or to provide memories of historical events. These services will only be used to make direct contact with you about services, activities, events, etc. that you have agreed to receive information about.

[Please note, the majority of these accounts are publicly available and our posting/publishing of information to those public accounts is not tailored to specific personal preferences; signing up/subscribing to those accounts will deliver information non-specifically.]

Personal information provided by yourself on those services, and by your use of them, is subject to the Privacy Notice of the respective service provider (e.g. Facebook etc.).

The PCC uses the data you provide relating to those services (e.g. likes, follows, comments) made upon those accounts in order to improve our service.  This will be performed in an anonymised or pseudonymised fashion so that only trends of usage and uptake of the services are monitored. It will not be used to identify or track individual’s behaviour.

All images, videos, audio files and information used on the internet and digital services published by The PCC are used with the subject’s permission and the permission of the owner of the material.

Please note that the audio of sermons and some events are recorded and made available publicly to listen to later; background noise may be picked up during recording which can include your voice.

  1. Your rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: –

  • The right to request a copy of your personal data which the PCC holds about you;
  • The right to request that the PCC corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for the PCC to retain such data;
  • The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability) (where applicable to consent-based processing)
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data (where applicable to legitimate interests)
  • The right to opt-out of processing of personal data (where applicable to consent)
  • The right to lodge a complaint with the Information Commissioners Office.
  1. Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

  1. Contact Details

To exercise all relevant rights, queries of complaints please in the first instance contact the Data Protection Officer, Howard Green at howard_green@btinternet.com.

You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

[1] Details about retention periods can currently be found in the Record Management Guides located on the Church of England website at: – https://www.churchofengland.org/more/libraries-and-archives/records-management-guides