Data Protection and Privacy Policy
1. Privacy Statement
The PCC is committed to respecting the privacy of all those for whom we hold personal information/data at any time. If you have any queries please do get in touch. You will find our contact details at the end of this document.
This document sets out the data protection and data privacy policies that fall within the oversight of the PCC as a `Data Controller’ and it explains how your personal data, as data subjects, is processed by the PCC and for what purposes.
The PCC, as data controllers of personal data, are under an obligation of transparency concerning the processing of such data, under data protection legislation. Such transparency concerns specifically, the provision of information to data subjects about how their data is being processed, and facilitating individuals to access and understand this information. The PCC are committed to establishing trust in the processes we undertake with regard to personal data, by enabling data subjects to understand, and if necessary, to challenge these processes, and to empower data subjects to hold us to account and to exercise their control over their personal data.
Adherence to this policy is mandatory for all PCC members, employees, and volunteers who use personal data held by the PCC.
2. Introduction
The PCC is committed to processing personal information we hold in accordance with current and developing national data legislation. This includes the General Data Protection Regulation (the “GDPR”) which governs the processing of personal data; the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003.
The PCC will comply with its obligations under the “GDPR” by processing information in line with the legal bases set out in law (see section 4 below).
The PCC will keep personal information up to date; store and destroy information securely; not collect or retain excessive amounts of data; protect personal data from loss, misuse, unauthorised access and disclosure; and ensure that appropriate technical measures are in place to protect personal data.
3. Data Control
The PCC along with the Incumbent, employees and named volunteers are the main Data Controllers.
4. The legal basis for processing your personal data
The specific legal bases against which the PCC will process information are:
➢ Legitimate Interest
➢ Compliance with a legal obligation
➢ To fulfil contractual obligations
➢ Consent
➢ Vital interest
➢ Public task
Most of our data is processed because it is necessary for the PCC’s legitimate interests, or the legitimate interests of a third party (such as the Church of England).
Some of the data processing is necessary for compliance with a legal obligation. For example, the work of the PCC will fall within the legal and synodical processes of the Church of England, Canon Law; and within the secular legal structures.
The PCC will process data if it is necessary for the performance of a contract with an employee or a sub-contractor.
The PCC will process your data in order to respond to requests from you to receive particular information.
The PCC will process your data to assist you in fulfilling your role in the church, including pastoral and administrative support, or if processing is necessary for compliance with a legal obligation. Religious organisations are also permitted to process information about your religious beliefs to administer membership or contact details.
5. Personal Information - what it is, and why the PCC collects it
Personal information relates to an individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the PCC’s possession or likely to come into such possession.
Personal information is collected where the PCC believes it has lawful reason to do so.
The PCC will use your personal data for the following purposes: To administer meetings, elections and other such arrangements as fall within the Synodical governance framework of the Church of England and which ensures the PCC’s ability to meet all legal and statutory obligations, including the Church Representation Rules;
➢ To keep you informed of the Parish news/information which you have requested and that may be of interest to you
➢ To seek your views and comments
➢ To manage PCC employees and volunteers (including HR records, payroll and pension requirements and records)
➢ To maintain PCC accounts and records
➢ To process a grant or an application for a role or other fundraising projects
➢ To maintain records of clergy, lay ministers and parish officers and Deanery Synod members
➢ To maintain PCC records of mandatory training with regard to safeguarding and other safeguarding records as set out in law and the Church of England’s national requirements
➢ To manage safeguarding including DBS and safer recruitment, working with individuals within a safeguarding context within the church and within statutory and legislative requirements
➢ To carry out comprehensive safeguarding procedures (including due diligence and complaints handling) in accordance with best safeguarding practice from time to time with the aim of ensuring that all children and vulnerable adults are provided with safe environments;
➢ To notify you of changes to our services and offices
➢ To enable us to provide a church body voluntary service for the benefit of the public within the Parish
➢ To enable us to collect mission statistics and finance returns
6. What personal data is collected by the PCC?
Some or all of the following information:
➢ Names, titles, and aliases, photographs
➢ Contact details such as telephone numbers, postal and email addresses
➢ Where they are relevant, or where you provide them to us, we may process demographic information such as gender, age, date of birth, marital status, nationality, ethnicity, education/work histories, academic/professional qualifications
The data we process is likely to constitute sensitive personal data. Where you provide this information, we may also process other categories of sensitive personal data, racial or ethnic origin, and, where this is relevant, mental and physical health, details of injuries, medication/treatment received, criminal records, fines and other similar judicial records.
7. Sharing personal data
Personal data will be treated as strictly confidential and will only be shared for lawful purposes and (see Section 16 below) connected to:
➢ PCC business - we will only share your data with your consent
➢ The Bishop of St Albans
➢ A national process or network– e.g. where individuals are part of exploring ordination, or those whose role is part of a national network of others in a similar role
➢ Employment, social security, social protection, or other statutory reasons
8. Keeping personal data [1]
The PCC keeps data in accordance with the guidance and requirements set out in law and statutory guidance, and by the national church e.g. concerning safeguarding. Specifically, we retain personnel information as appropriate to staff and volunteers; safeguarding data; financially required data e.g. by HMRC and the Charity Commission (including records required to be retained for 6 years after the calendar year to which they relate); current parish officer information; Deanery, Diocesan and General Synod membership; Boards and Councils. Unless required for record keeping, personal data is deleted when a data subject no longer holds a role/position within a parish, deanery or Diocese.
9. Individual rights and personal data
Unless subject to an exemption under Data Protection law, you have the following rights with respect to your personal data:
➢ The right to request a copy of your personal data which the PCC holds about you
➢ The right to request correction of any personal data if it is found to be inaccurate or out of date
➢ The right to request your personal data is erased where it is no longer necessary for the PCC to retain such data
➢ The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing
➢ The right at any time to withdraw your consent to processing of your personal data by the PCC
➢ The right to lodge a complaint with the Information Commissioner’s Office
10. Further processing
If the PCC wishes to use your personal data for a new purpose, not covered by this Data Protection Policy, then you will be provided with a new notice, explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Wherever and whenever necessary, your prior consent to the new processing will be sought.
11. Marketing permissions and seeking consent
Whilst there may be an expectation that people involved in the life of the Parish would expect to receive information from the PCC through email, post, social media etc., the PCC is required through data regulations to ensure that it asks for your permission to do so in certain circumstances and to ensure that it makes you aware of your rights in doing so.
Email and text - We will ask for your permission to contact you in this way.
Postal marketing - From time to time we may send you information about the Parish and its work, unless you have told us you would prefer not to receive this information by post.
Bulletins and newsletters - The PCC will, in the main, require individuals to personally opt in and out of electronically sent information. This ensures that individuals are able to manage the information they wish to receive.
12. Gathering information from external sources
The PCC from time to time may undertake research to enable it to develop its work. Any information will be processed by publicly available sources, such as SurveyMonkey.
13. Changes to this Privacy Notice
The PCC will review this privacy policy regularly and may update it at any time - for example in the event of legal changes, to improve how we manage data, or where an issue or concern has come to light that needs an appropriate response. If there are any significant changes in the way the PCC processes your personal information we will provide a prominent notice on our website or send you a notification.
14. Contact details and reporting concerns
To exercise all relevant rights, queries or complaints, please in the first instance contact the PCC Secretary stpeterspccsec@hotmail.com
You can also contact the Information Commissioner’s Office on 0303 123 1113 or at https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
[1] Details about retention periods can currently be found in the Record Management Guides located on the Church of
England website at: - https://www.churchofengland.org/more/libraries-and-archives/records-management-guides