(updated 2nd Dec 2018)


The Parochial Church Council (PCC) of St Luke’s, Colchester


1. Your personal data – what is it?

Personal data is information relating to a living individual who could be identified from that data. Identification may be possible from one piece of information alone, or that information read in conjunction with other information held by the same data controller or likely to come into their possession. From 25 May 2018 the collecting, processing and retention of personal data to which this notice relates is governed by the General Data Protection Regulation (the “GDPR”) and the Data Protection Act 2018.


2. Who is the data controller

The Parochial Church Council of St Luke’s Church, Highwoods, Colchester (“the PCC”) is the data controller to which this notice relates. The contact details of the data controller are set out below. Being the data controller means that the PCC decides how your personal data is collected and processed and for what purposes. The PCC also decides how long your personal data should be retained.


3. How does the PCC process your personal data?

The PCC complies with its GDPR obligations by keeping personal data up to date; by storing it securely and destroying it appropriately ; by not collecting or retaining excessive amounts of personal data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data at all times.

The PCC may use your personal data for the following purposes: -

To provide a voluntary service for the benefit of the public in the geographical area specified in our parish constitution;
To administer membership records;
To fundraise and promote the interests of St Luke’s Church as a registered charity;

To manage our employees and volunteers;
To maintain our own accounts and records (including the processing of gift aid applications);
To enable us to organise events activities and services at St Luke’s and to tell you about them.
To tell you about other events, activities or services that may be of interest to you.
To share your contact details with the Chelmsford Diocesan office so you are kept informed about news in the diocese and events, activities and services that will in the diocese which may be of interest to you.

The Annex to this Notice sets out how the ways in which the PCC processes your personal data


4. What is the legal basis for processing your personal data?

The PCC relies on your explicit consent so that we can organise and keep you informed about, news, events, activities and services at St Luke’s Church, and elsewhere.
Processing your personal data is necessary for the PCC to carry out its legal obligations in relation to Gift Aid or under employment, social security or social protection law.

All processing of your personal data is carried out by the PCC as a not-for-profit body (registered Charity) with a religious aim provided: -

- it relates only to members or former members of St Luke’s (or those who have regular contact with the church for its charitable purposes); and
- the PCC will not disclose your personal data to a third party without your explicit consent.


5. Sharing your personal data

Your personal data will be treated as strictly confidential and will only be shared with other members of the church to carry out a service to them or for purposes connected with the church. We will only share your personal data with third parties outside of the parish with your explicit consent.


6. How long do we keep your personal data1?

We keep data as set out in the guidance: “Keep or Bin: Care of Your Parish Records” which is available from the Church of England website [see footnote for link].

We retain electoral roll data while it is still current; gift aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate; and parish registers (baptisms, marriages, funerals) permanently.


7. Your rights and your personal data

Unless any data is subject to an exemption under the GDPR, you have the following rights:: -

The right to request a copy of all your personal data which the PCC holds; The right to ask the PCC to correct any of your personal data if it is inaccurate or out of date;
The right to ask for your personal data to be erased where it is no longer necessary for the PCC to retain it;

The right to withdraw your consent to the PCC processing your personal data at any time
The right to ask the PCC to provide you or another data controller with your personal data and to transfer that data directly to another data controller, (known as the right to data portability);

Where there is a dispute in relation to the accuracy or processing of your personal data, to request that the PCC places a restriction is placed on any further processing;
The right to object to the processing of your personal data;

The right to lodge a complaint about the PCC’s processing of your personal data with the Information Commissioners Office (see contact information below).


8. Further processing

If the PCC wishes to use your personal data for a new purpose, not covered by this Data Privacy Notice, then you will be given a new notice explaining this new use

1 Details about retention periods can currently be found in the Record Management Guides located on the Church of England website at: -

before any processing begins. The PCC will always seek your explicit consent to any new processing before it begins.


9. Contact Details

To exercise all relevant rights, raise queries or make complaints please contact the St Luke’s Parish Administrator at or 01206 598234.

You can contact the Information Commissioners Office on 0303 123 1113 or via email or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.


  1. Visitors to our ChurchSuite portal
    We plan to use a third party service, to facilitate our church management. We will use ChurchSuite as our main contact database for people who are connected with us. Members of St Luke’s, Highwoods, Colchester will receive a login to ChurchSuite where they can view and update the personal data we hold about them. ChurchSuite use various cookies. Their privacy policy can be viewed here.

  2. Subscribers to our E-newsletter
    We use a third party provider, Mailchimp, to deliver our e-newsletters. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e- newsletter. This newsletter can be unsubscribed from at any time - just look for the link at the bottom of the email. For more information, their privacy policy can be viewed here.

  3. Financial givers to the work of St Luke’s, Colchester

    We use a third party provider, Fundfiler to record all giving to St Luke’s and also to process all gift aid claims which are required by HMRC (Her Majesties Revenue and Customs). Their privacy policy can be viewed here.

  4. People who volunteer to participate in the work of St Luke’s, Colchester
    We use a third party service, Samepage, to assist in the organisation and running of St Luke’s rotas and other committees and small groups, including the storing and sharing of meeting minutes and other related documents by, and with, the people involved. Their privacy policy can be viewed here.

  5. We also use a third party service, Doodle poll, to further assist in the organisation and running of St Luke’s meetings and other events. Their privacy policy can be viewed here.

  6. To store our church files we use a third party service called Google Drive. This is to assist with the historical filling of important documents such as PCC minutes, employment documentation and financial receipts. This information is only accessible by authorised Church staff. Their privacy policy can be viewed here.

  7. Survey Monkey, a third party service, is sometimes used to gain feedback about an event or service and also is used to help Church members book for events we may hold. Their privacy policy can be viewed here.

  8. We use a third party, Sage, for all our accounting records and upkeep. This will contain some employment information so we can pay our staff and also information about any of our accounting records to ensure we maintain and run the finances of the church in a fit a proper manner. Their privacy policy can be viewed here.

© 2019 St Luke's Church, Colchester - Proudly created with                                                                                         View our Privacy Policy here