The Parochial Church Council (“the PCC”) of St John’s, Neville’s Cross, Durham
1. Who are we?
The PCC of St John’s Church, Neville’s Cross, Durham (“the Church”). Under the General Data Protection Regulations (“the GDPR”) we act as Data Controller for any personal information you have provided which means that we are responsible for ensuring that any such data is securely stored and used/processed only for legitimate purposes (as listed below). The PCC is committed to safeguarding your privacy.
2. Your personal data – what is it?
Personal data relates to a living individual (Data Subject) who can be identified from that data. Identification can be by the information alone (e.g. a mailing list), or in conjunction with any other information in the Data Controller’s possession, or likely to come into their possession, (e.g. to administer the Electoral Roll). Using/processing personal data is governed by the GDPR.
To comply with this legislation:-
• Consent is generally required for legitimate use/processing of any personal data (e.g. to enable us to keep you informed about church news, events, activities and services and keep you informed about diocesan events).
• Data may also be used to carry out any legal obligations (e.g. for claiming Gift Aid). In case of employment or governance, this may include making statutory returns to HMRC, Companies House, or the Charity Commission.
• As a not-for-profit religious body, personal data of members, former members, or those in regular contact with us, may be stored and used for legitimate purposes (e.g. as listed below) under implied consent provided there is no disclosure to a third party without specific consent.
3. How do we process/use your personal data?
The PCC complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure, and by ensuring that appropriate technical measures are in place to protect personal data.
Use/processing of personal data by the PCC is restricted to the following legitimate purposes:
• To enable us to provide Christian Ministry and voluntary service for the benefit of the community in the ecclesiastical parish of St John’s Neville’s Cross and generally to the wider public;
• To administer the Electoral Roll and membership records of our church organisations;
• To fundraise and promote the interests of the Church;
• To manage our employees and volunteers (including creating and circulating rotas and schedules for activities and events);
• To maintain our own accounts and records (including the processing of gift aid applications);
• To inform you of news, events, activities and services running at the Church, and also elsewhere in the Diocese, in the wider church, and in the community;
4. Sharing your personal data
Your personal data will be treated as strictly confidential and will only be shared internally with other members of the Church in order to carry out a service to other church members or for purposes connected with the Church. We will only share your data with third parties outside of the Church with your specific consent.
5. Information gathered automatically.
When you visit the website for the Church, your browser automatically sends certain internet-related information, such as the Internet protocol (IP) address of the computer you are using. When we collect this information, so as to understand better how visitors use the site, it is not collected in a way that enables you to be identified as an individual.
6. How long do we keep your personal data ?
We keep data in accordance with the guidance set out in the guide “Keep or Bin: Care of Your Parish Records” which is available from the Church of England website [see footnote for link].
Specifically, we retain: electoral roll data, and data for other church organisations, while it is still current; gift aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate; and parish registers (baptisms, marriages, funerals) permanently.
7. Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: –
• The right to request a copy of your personal data which the PCC holds about you;
• The right to request that the PCC corrects any personal data if it is found to be inaccurate or out of date;
• The right to request your personal data is erased where it is no longer necessary for the PCC to retain such data;
• The right to withdraw your consent to the processing at any time;
• The right, where applicable, to request that the PCC transmit your data directly to another Data Controller, (known as the right to “data portability”);
• The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
• The right to lodge a complaint with the Information Commissioners Office.
8. Further use/processing
Should we need to use/process your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this, prior to using/processing it, setting out the relevant purposes and conditions for using/processing it. Where and whenever necessary, we will seek your prior consent for further use/processing.
9. Contact Details
To exercise all relevant rights, queries of complaints please in the first instance contact
the Rector’s Secretary at Antioch House, 66 Crossgate, Durham, DH1 4PR, or by email at:- firstname.lastname@example.org
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
Details about retention periods can currently be found in the Record Management Guides located on the Church of England website at: – https://www.churchofengland.org/more/libraries-and-archives/records-management-guides