DATA PRIVACY NOTICE

(updated 2nd Dec 2018)
The Parochial Church Council (PCC) of St Luke’s, Colchester
1. Your personal data – what is it?
Personal data is information relating to a living individual who could be identified from that data. Identification may be possible from one piece of information alone, or that information read in conjunction with other information held by the same data controller or likely to come into their possession. From 25 May 2018 the collecting, processing and retention of personal data to which this notice relates is governed by the General Data Protection Regulation (the “GDPR”) and the Data Protection Act 2018.
2. Who is the data controller
The Parochial Church Council of St Luke’s Church, Highwoods, Colchester (“the PCC”) is the data controller to which this notice relates. The contact details of the data controller are set out below. Being the data controller means that the PCC decides how your personal data is collected and processed and for what purposes. The PCC also decides how long your personal data should be retained.
3. How does the PCC process your personal data?
The PCC complies with its GDPR obligations by keeping personal data up to date; by storing it securely and destroying it appropriately ; by not collecting or retaining excessive amounts of personal data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data at all times.
The PCC may use your personal data for the following purposes: -
To provide a voluntary service for the benefit of the public in the geographical area specified in our parish constitution;
To administer membership records;
To fundraise and promote the interests of St Luke’s Church as a registered charity;
To manage our employees and volunteers;
To maintain our own accounts and records (including the processing of gift aid applications);
To enable us to organise events activities and services at St Luke’s and to tell you about them.
To tell you about other events, activities or services that may be of interest to you.
To share your contact details with the Chelmsford Diocesan office so you are kept informed about news in the diocese and events, activities and services that will in the diocese which may be of interest to you.

The Annex to this Notice sets out how the ways in which the PCC processes your personal data
4. What is the legal basis for processing your personal data?
The PCC relies on your explicit consent so that we can organise and keep you informed about, news, events, activities and services at St Luke’s Church, and elsewhere.
Processing your personal data is necessary for the PCC to carry out its legal obligations in relation to Gift Aid or under employment, social security or social protection law.
All processing of your personal data is carried out by the PCC as a not-for-profit body (registered Charity) with a religious aim provided: -
- it relates only to members or former members of St Luke’s (or those who have regular contact with the church for its charitable purposes); and
- the PCC will not disclose your personal data to a third party without your explicit consent.
5. Sharing your personal data

Your personal data will be treated as strictly confidential and will only be shared with other members of the church to carry out a service to them or for purposes connected with the church. We will only share your personal data with third parties outside of the parish with your explicit consent.
6. How long do we keep your personal data1?

We keep data as set out in the guidance: “Keep or Bin: Care of Your Parish Records” which is available from the Church of England website [see footnote for link].
We retain electoral roll data while it is still current; gift aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate; and parish registers (baptisms, marriages, funerals) permanently.

7. Your rights and your personal data
Unless any data is subject to an exemption under the GDPR, you have the following rights:: -
The right to request a copy of all your personal data which the PCC holds; The right to ask the PCC to correct any of your personal data if it is inaccurate or out of date;
The right to ask for your personal data to be erased where it is no longer necessary for the PCC to retain it;
The right to withdraw your consent to the PCC processing your personal data at any time
The right to ask the PCC to provide you or another data controller with your personal data and to transfer that data directly to another data controller, (known as the right to data portability);
Where there is a dispute in relation to the accuracy or processing of your personal data, to request that the PCC places a restriction is placed on any further processing;
The right to object to the processing of your personal data;
The right to lodge a complaint about the PCC’s processing of your personal data with the Information Commissioners Office (see contact information below).
8. Further processing
If the PCC wishes to use your personal data for a new purpose, not covered by this Data Privacy Notice, then you will be given a new notice explaining this new use
1 Details about retention periods can currently be found in the Record Management Guides located on the Church of England website at: - https://www.churchofengland.org/more/libraries-and-archives/records-management-guides
before any processing begins. The PCC will always seek your explicit consent to any new processing before it begins.
9. Contact Details
To exercise all relevant rights, raise queries or make complaints please contact the St Luke’s Parish Administrator at admin@stlukescolchester.org.uk or 01206 598234.
You can contact the Information Commissioners Office on 0303 123 1113 or via emailhttps://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
​
Annex
-
Visitors to our ChurchSuite portal
We plan to use a third party service, ChurchSuite.com to facilitate our church management. We will use ChurchSuite as our main contact database for people who are connected with us. Members of St Luke’s, Highwoods, Colchester will receive a login to ChurchSuite where they can view and update the personal data we hold about them. ChurchSuite use various cookies. Their privacy policy can be viewed here.
-
Subscribers to our E-newsletter
We use a third party provider, Mailchimp, to deliver our e-newsletters. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e- newsletter. This newsletter can be unsubscribed from at any time - just look for the link at the bottom of the email. For more information, their privacy policy can be viewed here.
-
Financial givers to the work of St Luke’s, Colchester

We use a third party provider, Fundfiler to record all giving to St Luke’s and also to process all gift aid claims which are required by HMRC (Her Majesties Revenue and Customs). Their privacy policy can be viewed here.
-
People who volunteer to participate in the work of St Luke’s, Colchester
We use a third party service, Samepage, to assist in the organisation and running of St Luke’s rotas and other committees and small groups, including the storing and sharing of meeting minutes and other related documents by, and with, the people involved. Their privacy policy can be viewed here.
-
We also use a third party service, Doodle poll, to further assist in the organisation and running of St Luke’s meetings and other events. Their privacy policy can be viewed here.
-
To store our church files we use a third party service called Google Drive. This is to assist with the historical filling of important documents such as PCC minutes, employment documentation and financial receipts. This information is only accessible by authorised Church staff. Their privacy policy can be viewed here.
-
Survey Monkey, a third party service, is sometimes used to gain feedback about an event or service and also is used to help Church members book for events we may hold. Their privacy policy can be viewed here.
-
We use a third party, Sage, for all our accounting records and upkeep. This will contain some employment information so we can pay our staff and also information about any of our accounting records to ensure we maintain and run the finances of the church in a fit a proper manner. Their privacy policy can be viewed here.
​
​
______________________________________________________________
​
​
COVID-19 Privacy Notice
Online List of Clergy, Staff and Visitors to Church buildings
This notice explains how information about you will be used temporarily by The Parochial Church Council (PCC) of St Luke’s, Colchester during the Covid-19 pandemic crisis so we can take your booking and at the same time put in place a list of clergy, staff and visitors to the church building/s, as requested by the Government in support of NHS Test and Trace.
1. Who we are
The Parochial Church Council (PCC) of St Luke’s, Colchester are the data controller (contact details in section 7. below). This means we decide how your personal data is used and why.
2. The information we collect about you and why we need it
We collect your data in order to process your booking of a visit to St Luke’s Church. However, we are also collecting your data for the purpose of supporting NHS Test and Trace, as requested by the Government.
Although we may have your contact details already the Covid-19 pandemic has created a unique situation and additional reasons for us to collect the name and contact telephone number of all clergy, staff and visitors who use/visit our church building/s in order to support NHS Test and Trace.
This is specifically in relation to contact tracing, which is the process of identifying, assessing, and managing people who have been exposed to a disease to prevent onward transmission and the investigation of local outbreaks.
In summary, Test and Trace:
-
provides testing for anyone who has symptoms of coronavirus to find out if they have the virus;
-
gets in touch with anyone who has had a positive test result to help them share information about any close recent contacts they have had; and
-
alerts those contacts, where necessary, and notifies them they need to self-isolate to help stop the spread of the virus.
This is voluntary, and you can opt out of letting us share your details with NHS Test and Trace. We will still accept your booking.
3. Lawful basis
We will use your information lawfully, as explained below:
-
Consent – We need your consent in order to collect your name and contact details to process your booking, and to share this with NHS Test and Trace if requested. You will give us your consent by providing your details by completing the on-line booking.
-
Explicit consent – We need your explicit consent to collect your data on the basis that you may have revealed a religious belief by using/visiting our church building/s. You will give us your explicit consent by completing the on-line booking and opting in/indicating “Yes” where requested, or “No” if you do not want us to share you data with Test and Trace.
You can withdraw your consent at any time after giving your details by letting us know you no longer want us to keep or share your personal data for the purpose of Test and Trace, however, once we have given your details to Test and Trace we will no longer be able to prevent processing. To contact us, please see our contact details at 7. below. We will continue to process your booking data, unless told otherwise.
4. Sharing your data
Personal data that is collected for bookings will be used only to share with NHS Test and Trace if requested. It will not be used for other purposes outside of those specified in this Privacy Notice.
5. Data Retention
We will keep your name and contact details for 12 months and will dispose of it after this period. Unless you are a registered member of St Luke’s and have consented to your data being held on our ChurchSuite database.
6. Your Legal Rights
Unless subject to an exemption under the GDPR or DPA 2018, you have the following rights with respect to your personal data: -
-
The right to be informed about any data we hold about you;
-
The right to request a copy of your personal data which we hold about you;
-
The right to withdraw your consent at any time, while the church body still has your data;
-
The right to request that we correct any personal data if it is found to be inaccurate or out of date;
-
The right to request your personal data is erased where it is no longer necessary for us to retain such data;
-
The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
-
The right to obtain and reuse your personal data to move, copy or transfer it from one IT system to another. [only applicable for data held online]
7. Complaints and queries
If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us using the details set out below.
St Luke’s Parish Administrator at admin@stlukescolchester.org.uk or 01206 598234
If you do not feel that your complaint has been dealt with appropriately, please contact Mark Rassell - mark@rassell.co.uk.
You also have the right to lodge a complaint with the Information Commissioners Office. You can contact the Information Commissioners Office on 0303 123 1113 or online: https://ico.org.uk/make-a-complaint/your-personal-information-concerns/ or https://ico.org.uk/global/contact-us/