HOLY CROSS CHURCH, CHISELDON WITH DRAYCOTT FOLIAT
PAROCHIAL CHURCH COUNCIL (PCC)
DATA PRIVACY NOTICE
1 Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2018 (GDPR).
2 Who are we?
The PCC of Holy Cross church, Chiseldon with Draycott Foliat, is the Data Controller (contact details below). This means it decides how your personal data are processed and for what purposes.
3 How do we process your personal data?
The PCC complies with its obligations under the GDPR by: keeping personal data up to date, storing and destroying it securely, not collecting or retaining excessive amounts of data, protecting personal data from loss, misuse, unauthorised access and disclosure, and ensuring that appropriate technical measures are in place to protect personal data.
Subject to your consent, we may use your personal data for some or all of the following purposes:
- to enable us to provide a voluntary service to the local population and visitors to the parish of Chiseldon with Draycott Foliat
- to administer church membership records
- to fundraise for and promote the interests of Holy Cross church
- to manage our employees and volunteers
- to maintain our own accounts and financial records (including the processing of Gift Aid declarations, donations and claims)
- to inform you, from time to time, of news, events, activities and services at Holy Cross
- to share your contact details with the Diocesan office so they can keep you informed about news in the diocese and events, activities and services that will be occurring in the diocese and in which you may be interested.
4 What is the legal basis for processing your personal data?
The legal basis for processing your personal data will be one or more of the following:
- having your explicit consent so that we can keep you informed from time to time about news, events, activities and church services; where appropriate, to process your gift aid donations and to maintain our financial accounts; and to keep you informed about diocesan events. Where you have applied to join a particular church list, such as the electoral roll or a fund raising club, your application to join provides explicit consent for us to process your data in respect of that application (only)
- where you have joined duty rota lists such as those for sidespersons, lesson reading, intercessions, tea/coffee making, church cleaning we consider that there are legitimate interests and reasonable expectations with minimal privacy impact for us to process your data to allow the church to function effectively; in these cases we will process your data on duty rota lists amongst other persons on a duty list and amongst legitimate role holders within Holy Cross church, i.e.clergy, churchwardens, deputy wardens and elected sidespersons (please note that it is our policy that duty rota lists will not be displayed on noticeboards, but will be available in a file in the clergy vestry)
- processing is, or may be, necessary for carrying out obligations of the PCC under employment, social security or social protection law
- processing is carried out by a not-for-profit body with a religious aim, e.the PCC, provided that:
- the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes)
- there is no disclosure to a third party person or organisation without consent.
5 Sharing your personal data
Your personal data will be treated as strictly confidential and will only be shared with other members of the church in order to carry out a service to other church members or for purposes connected with the church. We will only share your data with third parties outside of the church membership with your consent.
6 How long do we keep your personal data?
We keep data in accordance with the guidance set out in the guide ‘Keep or Bin: Care of Your Parish Records’ which is available from the Church of England website [see footnote for link].
Specifically, we retain electoral roll data and church membership lists while they are still current, Gift Aid declarations and associated paperwork, donation records and claims for up to six years after the calendar year in which they were last active or relevant, and parish registers (i.e. baptisms, marriages and funerals), permanently.
7 Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- to request a copy of your personal data which the PCC holds
- to request that the PCC corrects any personal data if at any time it is found to be inaccurate or out of date
- to request that your personal data is erased where it is no longer necessary for the PCC to retain such data
- to withdraw your consent to the processing at any time
- to request that the data controller, e. the PCC, provide you with your personal data and, where possible, transmit that data directly to another data controller nominated by you (this is known as the right to data portability)
- where there is a dispute in relation to the accuracy or processing of your personal data, to request that a restriction is placed on further processing
- to object to the processing of personal data
- to lodge a complaint with the Information Commissioner’s
8 Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
9 Contact Details
To exercise all relevant rights, queries or complaints please, in the first instance, contact the PCC Data Protection Administrator at:
27 Home Close, Chiseldon, Swindon, SN4 0ND. (Telephone 01793 740105)
You can contact the Information Commissioner’s Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
 Details about retention periods can currently be found in the Record Management Guides located on the Church of England website at https://www.churchofengland.org/more/libraries-and-archives/records-management-guides
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
The website includes contact forms for users to obtain information from the Rector or members of the parish teams (such as Churchwardens, Treasurers, Lay Pastoral Assistants and Lay Worship leaders) as appropriate to the nature of your query.
Your data will not be shared with any third party without your express permission and then only for such purpose as you may agree.
Using the Contact Form your give us permission to contact you concerning your query.
We do not store the information we provide except in the email sent to the Rector who may forward it to a relevant member of the parish teams to deal with.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
How we protect your data
If you are a privileged user of this website with an account, then your username and other details are stored in a secure database with complex passwords to prevent unauthorised access.