DATA PRIVACY NOTICE
The Parochial Church Council (PCC) of
St. Mary’s, Ely with ChristChurch, North Ely
The Parochial Church Council (PCC) of
St. Mary’s, Ely with ChristChurch, North Ely
Welcome to the privacy notice of the PCC of St. Mary’s Church, Ely with Christchurch, North Ely (“the PCC of St Mary’s”).
The PCC of St Mary’s respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.
1. Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the United Kingdom General Data Protection Regulation (the “UK GDPR”) and the Data Protection Act 2018.
2. Who are we?
The PCC of St. Mary’s is the data controller (contact details below). This means we decide how your personal data is processed and for what purposes.
3. How do we process your personal data?
The PCC of St. Mary’s complies with our obligations under the “UK GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for the following sorts of purposes: -
Special category data is sensitive personal information that needs extra protection. For our church, this could potentially include, but is not limited to, religious beliefs, health information, sexual orientation, or racial or ethnic origin. Our church processes special category data in compliance with Article 9 of the General Data Protection Regulation (GDPR), which provides specific conditions under which this sensitive data can be lawfully processed. Our church processes special category data with the utmost care and in compliance with the ‘not for profit’ condition of Article 9 of the data protection regulations, which sets the conditions for processing this type of data. As a not-for-profit body with a religious aim, we process this data with special consideration. This includes:
Examples of Using Special Category Data
Your personal data will be treated as strictly confidential and will only be shared with other members of the church in order to carry out a service to other church members or for purposes connected with the church. We will only share your data with third parties where it is necessary for the performance of our tasks or where you first give us your prior consent.
7. How long do we keep your personal data1?
We keep data in accordance with the guidance set out in the guide “Keep or Bin: Care of Your Parish Records” which is available from the Church of England website which can be found here: https://www.churchofengland.org/sites/default/files/2017-11/care_of_parish_records_keep_or_bin_-_2009_edition.pdf {Note: This guidance notes are being revised during the latter half of 2024}
Specifically, we retain safeguarding data, electoral roll data while it is still current; gift aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate; and parish registers (baptisms, marriages, funerals) permanently.
8. Your rights and your personal data
Unless subject to an exemption under the UK GDPR, you have the following rights with respect to your personal data: -
When exercising any of the rights listed above, in order to process your request, we may need to verify your identity for your security. In such cases we will need you to respond with proof of your identity before you can exercise these rights.
9. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
10. Contact Details
To exercise all relevant rights, queries or complaints about data processing and privacy, or to notify us of a data breach, please in the first instance contact the PCC Secretary Operations Manager at 01353 659550. Email: [email protected], Post: St Mary’s Church Office, St Marys Church, Ely CB7 4HF
This Data Privacy Notice was approved by the Parochial Church Council June 2024
For a copy of our policy on confidentiality and Data Protection please contact the church office either by email: [email protected] or phone 01353 659550
The PCC of St Mary’s respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.
1. Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the United Kingdom General Data Protection Regulation (the “UK GDPR”) and the Data Protection Act 2018.
2. Who are we?
The PCC of St. Mary’s is the data controller (contact details below). This means we decide how your personal data is processed and for what purposes.
3. How do we process your personal data?
The PCC of St. Mary’s complies with our obligations under the “UK GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for the following sorts of purposes: -
- To enable us to meet all legal and statutory obligations (which include maintaining and publishing our electoral roll in accordance with the Church Representation Rules).
- To minister to you and provide you with pastoral and spiritual care (such as visiting you when you are gravely ill or bereaved) and to organise and perform services for you, such as baptisms, confirmations, weddings and funerals, as well as provide ongoing contact and support.
- To deliver the Church’s mission to our community and to carry out any other voluntary or charitable activities for the benefit of the public in the parish/benefice.
- To enable us to provide a voluntary service for the benefit of the public in our parish/benefice.
- To administer records of our employees, ministers, office-holders, volunteers and members.
- To fundraise and promote the interests of our Churches and communities.
- To maintain our own accounts and records.
- To process any donations that you have made to us (including the processing of Gift Aid information).
- To seek your views or comments.
- To operate the Church websites and social media channels.
- To send you communications both which you have requested and that may be of interest to you. These may include information about campaigns, appeals, other fundraising activities;
- To notify you of our services, events, activities, news and office-holders
- To inform you of events, activities and services that will be occurring in the wider diocese and in which you may be interested.
- To process a grant or application for a role.
- To carry out safeguarding procedures in accordance with best safeguarding practice from time to time with the aim of ensuring that all children and adults-at-risk are provided with safe environments.
- To share your contact details, when necessary,{ for example in the case of office holders such as church wardens or PCC members}, with the Ely Diocesan Board of Finance which is responsible for the financial and administrative arrangements for the Diocese of Ely, including the granting of faculty permission for building repairs and maintenance.
- Legitimate interest occurs where your data is used reasonably from a pastoral perspective to keep you connected with relevant aspects of the church’s life. For example in connection with baptism’s, weddings or funerals.
- For more general use of your data we require the explicit consent of the “data subject” (that’s you, if we hold your data) so that we can keep you informed about our news, events, activities and services or keep you informed about diocesan events.
- The “processing” or use of data can be necessary for carrying out legal obligations, for example in relation to Gift Aid or under employment, social security or social protection law, or a collective agreement. Further examples include administering and publishing the electoral roll, as required by the Church Representation Rules, and, under Canon Law, announcing forthcoming weddings by means of the publication of banns.
- We may also process data if it is necessary for the performance of a service agreement, or contract, with you, or to take steps to enter into a contract. An example of this would be processing your data in connection with a contract for maintenance of our buildings or equipment, or hire of the church rooms;
- the processing relates only to members or former members, (legitimate interest), or others who have given their express consent, and
- there is no disclosure to anyone else (a “third party”) without express consent.
Special category data is sensitive personal information that needs extra protection. For our church, this could potentially include, but is not limited to, religious beliefs, health information, sexual orientation, or racial or ethnic origin. Our church processes special category data in compliance with Article 9 of the General Data Protection Regulation (GDPR), which provides specific conditions under which this sensitive data can be lawfully processed. Our church processes special category data with the utmost care and in compliance with the ‘not for profit’ condition of Article 9 of the data protection regulations, which sets the conditions for processing this type of data. As a not-for-profit body with a religious aim, we process this data with special consideration. This includes:
- Consent: We ask for your clear permission before using this data.
- Confidentiality: We keep your information secure and private.
- Limited Access: Only necessary church staff and volunteers can access this data.
- Specific Use: We use your data only for clear, specific purposes.
- Minimal Data: We only collect what is necessary and keep it only as long as needed.
- Your Rights: You can ask to see, correct, or delete your data.
Examples of Using Special Category Data
- Pastoral Care: Using health information to support you spiritually and emotionally.
- Community Support: Using ethnic background information to create inclusive activities.
- Confidential Counselling: Keeping sensitive personal issues discussed in counselling private.
- Streaming Services: Informing you when services are streamed online and offering options to not be featured.
- Publishing Reports: Getting your permission before including your name in any public reports
Your personal data will be treated as strictly confidential and will only be shared with other members of the church in order to carry out a service to other church members or for purposes connected with the church. We will only share your data with third parties where it is necessary for the performance of our tasks or where you first give us your prior consent.
7. How long do we keep your personal data1?
We keep data in accordance with the guidance set out in the guide “Keep or Bin: Care of Your Parish Records” which is available from the Church of England website which can be found here: https://www.churchofengland.org/sites/default/files/2017-11/care_of_parish_records_keep_or_bin_-_2009_edition.pdf {Note: This guidance notes are being revised during the latter half of 2024}
Specifically, we retain safeguarding data, electoral roll data while it is still current; gift aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate; and parish registers (baptisms, marriages, funerals) permanently.
8. Your rights and your personal data
Unless subject to an exemption under the UK GDPR, you have the following rights with respect to your personal data: -
- The right to request a copy of your personal data which the PCC of St. Mary’s holds about you;
- The right to request that the PCC of St. Mary’s corrects any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary for the PCC of St. Mary’s to retain such data;
- The right to withdraw your consent to the processing at any time
- The right to request that the PCC of St Mary’s as data controller provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable) [Only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means].
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data, (where applicable) [Only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics]
- The right to lodge a complaint with the Information Commissioners Office (ICO)
When exercising any of the rights listed above, in order to process your request, we may need to verify your identity for your security. In such cases we will need you to respond with proof of your identity before you can exercise these rights.
9. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
10. Contact Details
To exercise all relevant rights, queries or complaints about data processing and privacy, or to notify us of a data breach, please in the first instance contact the PCC Secretary Operations Manager at 01353 659550. Email: [email protected], Post: St Mary’s Church Office, St Marys Church, Ely CB7 4HF
This Data Privacy Notice was approved by the Parochial Church Council June 2024
For a copy of our policy on confidentiality and Data Protection please contact the church office either by email: [email protected] or phone 01353 659550