St Chads Church Privacy Notice v1.3 updated 12/6/2018
Protecting your privacy is very important to us. This document is the data privacy notice for St Chads Church Sutton Coldfield. It sets out what you can expect from us as we seek to serve the local community and grow Gods Kingdom in this place.
- Personal data relates to a living individual who can be identified from that data. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
- St Chads Church like all organisations ‘processes’ that data, and to do so we need both your permission and a purpose to do so.
- Once you have given consent to ‘process’ your data you have a number of rights, including: asking for a copy of all the data we have, asking for it to be erased or corrected.
- To exercise all relevant rights, queries or complaints please in the first instance contact the Data Controller St Chads Church, Hollyfield Road, Sutton Coldfield, B75 7SN or e-mail firstname.lastname@example.org You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF
Full details can be found below
- Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
- Who are we?
The PCC of St Chads Sutton Coldfield is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
- How do we process your personal data?
The PCC of St Chads Sutton Coldfield complies with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. We use your personal data for the following purposes: –
For current and future clergy –
- To provide pastoral care to parishioners
For the PCC of St Chads Church-
- To enable us to provide a voluntary service for the benefit of the public in a particular geographical area as specified in our constitution; such as pastoral visiting
- To administer membership records and contact lists
- To comply with our obligations of a Church of England Church
- To fundraise and promote the interests of St Chads Church
- To manage our employees and volunteers (including Safeguarding)
- To maintain our own accounts and records (including the processing of gift aid applications)
- To inform you of news, events, activities & services at St Chads & other activities we deem relevant
- To operate St Chads website and deliver the services that individuals have requested.
- To operate St Chads social media presence & deliver requested services.
- To enable the booking of the church premises in accordance with relevant UK laws and the terms and conditions set out by the PCC
For Birmingham Diocese-
- To share your contact details with the Birmingham Diocesan office so they can keep you informed about news in the diocese and events, activities and services that will be occurring in the diocese and in which you may be interested.
- To share information with the Diocese of Birmingham in order to comply with our obligations as a Church of England Church
To enable and help us process your data in compliance with GDPR we use the following platforms/applications/services
Church Contacts/mailing lists: ChurchSuite
Data storage: Dropbox, KnowHow Cloud Back
E-Mail: Gmail, One and One Webmail, X9 Internet
Pastoral Services (weddings, funerals, baptisms): Pastoral Services Diary https://www.pastoralservicesdiary.org/account/privacy
Website: X9 internet, 123.reg, WordPress
- What is the legal basis for processing your personal data?
- Consent of the data subject; the data subject has given consent to the processing of his or her personal data for one or more specific purposes (see consent forms)
- Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
- Processing is necessary for compliance with a legal obligation; which St Chads Church has a duty to adhere statutory and contractual obligations including, but not limited to: safeguarding of vulnerable Adults and children; records of baptisms, weddings and funerals, booking of church premises. Failure to supply information may mean that an action cannot happen e.g. marriage or booking of church premises, or that it would prevent the data controller being compliant with its legal obligations.
- Explicit consent of the data subject so that we can keep you informed about news, events, activities and services and process your gift aid donations and keep you informed about diocesan events.
- Processing is necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement
- Processing is carried out by a not-for-profit body with a political, philosophical, religious or trade union aim provided: –
o the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes)
o there is no disclosure to a third party without consent.
- Processing relates to personal data manifestly made public by the data subject
- Processing is necessary for archiving purposes in the public interest, or scientific and historical research purposes or statistical purposes.
- Sharing your personal data
Your personal data will be treated as strictly confidential and will only be shared with other members of the church in order to carry out a service to other church members or for purposes connected with the church. We will only share your data with third parties outside of the Anglican Group of Sutton Churches (St Peters Maney, Holy Trinity and St Chads Sutton Coldfield) with your consent.
- How long do we keep your personal data?
We keep data in accordance with the guidance set out in the guide “Keep or Bin: Care of Your Parish Records” which is available from the Church of England website
Specifically, we retain electoral roll data while it is still current; gift aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate; and parish registers (baptisms, marriages, funerals) permanently.
- Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: –
- The right to request a copy of your personal data which the PCC of St Chads Sutton Coldfield holds about you
- The right to request that the PCC of St Chads Sutton Coldfield corrects any personal data if it is found to be inaccurate or out of date
- The right to request your personal data is erased where it is no longer necessary for the PCC of St Chads Sutton Coldfield to retain such data
- The right to withdraw your consent to the processing at any time
- The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability and where applicable)
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data, (where applicable)
- The right to lodge a complaint with the Information Commissioners Office.
- Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
- Contact Details
To exercise all relevant rights, queries of complaints please in the first instance contact the Data Controller St Chads Church, Hollyfield Road, Sutton Coldfield, B75 7SN or e-mail email@example.com You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF
Protecting your privacy is very important to us. To assure you of your privacy, we provide this notice to help you understand our commitment to security, what kinds of information we may gather about you when you visit our websites, how we may use that information, and how you can correct the information.
Information We Collect
Automatically Collected Anonymous Information
When you visit St Chads website, certain anonymous information about your visit is automatically logged as it is at most websites, which may include information about your IP address, domain name, browser type, mobile device type, access time, and referring website address. This information is not personally identifiable and is only used in aggregate (not in any way that personally identifies you).
Personally Identifiable Information
Personally Identifiable Information (PII) is any information about you as an individual that would enable someone to contact you; for example, your name, address, telephone number, or email address. We may ask for such information when you subscribe to hear about events and activities at church, receive the monthly Lodge and Common Magazine or post a comment.
We will not collect any PII about you unless you provide it. Providing any PII to us is voluntary. If you do not want us to obtain any personally identifiable information about you, do not submit it. You can visit and browse our websites without revealing any PII, but you may not be able to access certain content, features or services if you choose not to disclose PII.
How We Use This Information
Aggregated information may be used in many ways. For example, we use it to see what pages people visit most often, and help us to improve content on our website.
If you choose to post comments to a blog or page, any information you submit may become public. It may become accessible through search engines or, having been verified be published on the website. Unless otherwise noted, we do not limit the distribution of information that you share using these features. St Chads Church is not responsible for any personal information you choose to make public in this way, and you agree that such sharing will be deemed to have been permitted by you. If you prefer not to have your information published, do not submit it.
The Data is processed at the Data Controller’s operating offices and in any other places where the parties involved with the processing are located. For further information, please contact the Data Controller firstname.lastname@example.org
Data is kept for the time necessary to provide the action requested by the User, and/or in accordance with the guidance set out in the guide “Keep or Bin: Care of Your Parish Records” which is available from the Church of England website1. The User can always request that the Data Controller suspend or remove the data.
We use the reCAPTCHA service provided by Google Inc. (Google) to protect your submissions via internet submission forms on this site. This plugin checks if you are a person in order to prevent certain website functions from being (ab)used by spam bots (particularly comments). This plugin query includes the sending of the IP address and possibly other data required by Google for the Google reCAPTCHA service. For this purpose your input will be communicated to and used by Google. However, your IP address is previously truncated by Google within member states of the European Union or in other states which are party to the agreement on the European Economic Area and is, as such, anonymized. Only in exceptional cases is a full IP address transmitted to a Google server in the United States and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of this service. The IP address provided by reCaptcha from your browser shall not be merged with any other data from Google.
By using the reCAPTCHA service, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
You have the choice to set your browser to accept all cookies, notify you when a cookie is set, delete cookies periodically, or reject all cookies. You may also opt-out of Google Analytics’ cookies here and Facebook’s cookies here. Please be aware that rejecting all cookies may prevent you from enjoying the full features of St Chads website
Use by Minors
In accordance with our safeguarding policies, St Chads website does not knowingly collect personally identifiable information from children under the age of 18, only Automatically Collected Anonymous Information. Any PII information collected from children under 18 is used only for the purpose of delivering the requested action. We expect those under 18 to ask permission from a parent/guardian for permission to provide PII about themselves to St Chads website.
3rd Party Websites and Social Media
Our website has links to other websites; we cannot be held responsible for the privacy policies of these 3rd party websites. We do not control how your PII is collected, stored or used by such third party sites or to whom it is disclosed. You should review the privacy policies and settings on any social networking site that you subscribe to so that you understand the information they may be sharing. If you do not want your networking sites to share information about you, you must contact that site and determine whether it gives you the opportunity to opt-out of sharing such information. We are not responsible for how these third party sites may use information collected from or about you.
The User’s Personal Data may be used for legal purposes by the Data Controller, in Court or in the stages leading to possible legal action arising from improper use of this Application or the related services. The User is aware of the fact that the Data Controller may be required to reveal personal data upon request of public authorities.
For further information about the use of the website see website terms and conditions
Your privacy is important to us, to be in line with UK law on data protection, we the Parochial Church Council (PCC) of St Chads Sutton Coldfield need consent from the individual
· to publish Personally Identifiable Information (PII) in the magazine
· to hold information in order to deliver the magazine to your door
so that we are compliant with the processing of personal data as governed by the General Data Protection Regulation (the “GDPR”).
For further information about the magazine see Lodge and Common terms and conditions
Personal Data (or Data)
Any information regarding a natural person, a legal person, an institution or an association, which is, or can be, identified, even indirectly, by reference to any other information, including a personal identification number.
The legal or natural person to whom the Personal Data refers to.
The individual using this website, which must coincide with or be authorized by the Data Subject, to whom the Personal Data refer.
The natural person, legal person, public administration or any other body, association or organization with the right, also jointly with another Data Controller, to make decisions regarding the purposes, and the methods of processing of Personal Data and the means used, including the security measures concerning the operation and use of this Application. The Data Controller, unless otherwise specified, is the vicar and PCC of St Chads Church.