DATA PRIVACY NOTICE
(updated 2nd Dec 2018)
The Parochial Church Council (PCC) of St Luke’s, Colchester
1. Your personal data – what is it?
Personal data is information relating to a living individual who could be identified from that data. Identification may be possible from one piece of information alone, or that information read in conjunction with other information held by the same data controller or likely to come into their possession. From 25 May 2018 the collecting, processing and retention of personal data to which this notice relates is governed by the General Data Protection Regulation (the “GDPR”) and the Data Protection Act 2018.
2. Who is the data controller
The Parochial Church Council of St Luke’s Church, Highwoods, Colchester (“the PCC”) is the data controller to which this notice relates. The contact details of the data controller are set out below. Being the data controller means that the PCC decides how your personal data is collected and processed and for what purposes. The PCC also decides how long your personal data should be retained.
3. How does the PCC process your personal data?
The PCC complies with its GDPR obligations by keeping personal data up to date; by storing it securely and destroying it appropriately ; by not collecting or retaining excessive amounts of personal data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data at all times.
The PCC may use your personal data for the following purposes: -
To provide a voluntary service for the benefit of the public in the geographical area specified in our parish constitution;
To administer membership records;
To fundraise and promote the interests of St Luke’s Church as a registered charity;
To manage our employees and volunteers;
To maintain our own accounts and records (including the processing of gift aid applications);
To enable us to organise events activities and services at St Luke’s and to tell you about them.
To tell you about other events, activities or services that may be of interest to you.
To share your contact details with the Chelmsford Diocesan office so you are kept informed about news in the diocese and events, activities and services that will in the diocese which may be of interest to you.
The Annex to this Notice sets out how the ways in which the PCC processes your personal data
4. What is the legal basis for processing your personal data?
The PCC relies on your explicit consent so that we can organise and keep you informed about, news, events, activities and services at St Luke’s Church, and elsewhere.
Processing your personal data is necessary for the PCC to carry out its legal obligations in relation to Gift Aid or under employment, social security or social protection law.
All processing of your personal data is carried out by the PCC as a not-for-profit body (registered Charity) with a religious aim provided: -
- it relates only to members or former members of St Luke’s (or those who have regular contact with the church for its charitable purposes); and
- the PCC will not disclose your personal data to a third party without your explicit consent.
5. Sharing your personal data
Your personal data will be treated as strictly confidential and will only be shared with other members of the church to carry out a service to them or for purposes connected with the church. We will only share your personal data with third parties outside of the parish with your explicit consent.
6. How long do we keep your personal data1?
We keep data as set out in the guidance: “Keep or Bin: Care of Your Parish Records” which is available from the Church of England website [see footnote for link].
We retain electoral roll data while it is still current; gift aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate; and parish registers (baptisms, marriages, funerals) permanently.
7. Your rights and your personal data
Unless any data is subject to an exemption under the GDPR, you have the following rights:: -
The right to request a copy of all your personal data which the PCC holds; The right to ask the PCC to correct any of your personal data if it is inaccurate or out of date;
The right to ask for your personal data to be erased where it is no longer necessary for the PCC to retain it;
The right to withdraw your consent to the PCC processing your personal data at any time
The right to ask the PCC to provide you or another data controller with your personal data and to transfer that data directly to another data controller, (known as the right to data portability);
Where there is a dispute in relation to the accuracy or processing of your personal data, to request that the PCC places a restriction is placed on any further processing;
The right to object to the processing of your personal data;
The right to lodge a complaint about the PCC’s processing of your personal data with the Information Commissioners Office (see contact information below).
8. Further processing
If the PCC wishes to use your personal data for a new purpose, not covered by this Data Privacy Notice, then you will be given a new notice explaining this new use
1 Details about retention periods can currently be found in the Record Management Guides located on the Church of England website at: - https://www.churchofengland.org/more/libraries-and-archives/records-management-guides
before any processing begins. The PCC will always seek your explicit consent to any new processing before it begins.
9. Contact Details
To exercise all relevant rights, raise queries or make complaints please contact the St Luke’s Parish Administrator at firstname.lastname@example.org or 01206 598234.
You can contact the Information Commissioners Office on 0303 123 1113 or via emailhttps://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
Visitors to our ChurchSuite portal
Subscribers to our E-newsletter
Financial givers to the work of St Luke’s, Colchester
People who volunteer to participate in the work of St Luke’s, Colchester
COVID-19 Privacy Notice
Online List of Clergy, Staff and Visitors to Church buildings
This notice explains how information about you will be used temporarily by The Parochial Church Council (PCC) of St Luke’s, Colchester during the Covid-19 pandemic crisis so we can take your booking and at the same time put in place a list of clergy, staff and visitors to the church building/s, as requested by the Government in support of NHS Test and Trace.
1. Who we are
The Parochial Church Council (PCC) of St Luke’s, Colchester are the data controller (contact details in section 7. below). This means we decide how your personal data is used and why.
2. The information we collect about you and why we need it
We collect your data in order to process your booking of a visit to St Luke’s Church. However, we are also collecting your data for the purpose of supporting NHS Test and Trace, as requested by the Government.
Although we may have your contact details already the Covid-19 pandemic has created a unique situation and additional reasons for us to collect the name and contact telephone number of all clergy, staff and visitors who use/visit our church building/s in order to support NHS Test and Trace.
This is specifically in relation to contact tracing, which is the process of identifying, assessing, and managing people who have been exposed to a disease to prevent onward transmission and the investigation of local outbreaks.
In summary, Test and Trace:
provides testing for anyone who has symptoms of coronavirus to find out if they have the virus;
gets in touch with anyone who has had a positive test result to help them share information about any close recent contacts they have had; and
alerts those contacts, where necessary, and notifies them they need to self-isolate to help stop the spread of the virus.
This is voluntary, and you can opt out of letting us share your details with NHS Test and Trace. We will still accept your booking.
3. Lawful basis
We will use your information lawfully, as explained below:
Consent – We need your consent in order to collect your name and contact details to process your booking, and to share this with NHS Test and Trace if requested. You will give us your consent by providing your details by completing the on-line booking.
Explicit consent – We need your explicit consent to collect your data on the basis that you may have revealed a religious belief by using/visiting our church building/s. You will give us your explicit consent by completing the on-line booking and opting in/indicating “Yes” where requested, or “No” if you do not want us to share you data with Test and Trace.
You can withdraw your consent at any time after giving your details by letting us know you no longer want us to keep or share your personal data for the purpose of Test and Trace, however, once we have given your details to Test and Trace we will no longer be able to prevent processing. To contact us, please see our contact details at 7. below. We will continue to process your booking data, unless told otherwise.
4. Sharing your data
Personal data that is collected for bookings will be used only to share with NHS Test and Trace if requested. It will not be used for other purposes outside of those specified in this Privacy Notice.
5. Data Retention
We will keep your name and contact details for 12 months and will dispose of it after this period. Unless you are a registered member of St Luke’s and have consented to your data being held on our ChurchSuite database.
6. Your Legal Rights
Unless subject to an exemption under the GDPR or DPA 2018, you have the following rights with respect to your personal data: -
The right to be informed about any data we hold about you;
The right to request a copy of your personal data which we hold about you;
The right to withdraw your consent at any time, while the church body still has your data;
The right to request that we correct any personal data if it is found to be inaccurate or out of date;
The right to request your personal data is erased where it is no longer necessary for us to retain such data;
The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
The right to obtain and reuse your personal data to move, copy or transfer it from one IT system to another. [only applicable for data held online]
7. Complaints and queries
If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us using the details set out below.
St Luke’s Parish Administrator at email@example.com or 01206 598234
If you do not feel that your complaint has been dealt with appropriately, please contact Mark Rassell - firstname.lastname@example.org.
You also have the right to lodge a complaint with the Information Commissioners Office. You can contact the Information Commissioners Office on 0303 123 1113 or online: https://ico.org.uk/make-a-complaint/your-personal-information-concerns/ or https://ico.org.uk/global/contact-us/