DATA PRIVACY NOTICE
St Margaret’s Episcopal Church, Renfrew
This statement explains St Margaret’s Episcopal Church, Renfrew’s policy for the personal data you disclose to us. For example, signing up to receive our communications or becoming a member of the church. It identifies how we use, store and keep it. Your information will be held in line with applicable laws, including the EU General Data Protection Regulation (GDPR) (Regulation 2016/679); the EU e-Privacy Directive (Directive 2002/58/EC); and the UK Data Protection Act 2018.
1. Who are we?
The Vestry and Clergy of St Margaret’s Episcopal Church, Renfrew are the Data Controllers for any personal data you give us. Our contact details are: Doreen Ward, Vestry Secretary, 5 Birkhall Avenue, Inchinnan PA4 9QA. We are a charity registered with the Office of the Scottish Charity Regulator. Our charity number is SCO12004
2. What do we do with your information?
We keep your personal data up to date; store and, when no longer required, destroy it securely. We only collect or retain data we need; will protect it from loss, misuse, unauthorised access and disclosure and ensure that it is protected with appropriate security measures. In addition, we limit access to your personal data to those employees, and other third parties who have a need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We use your personal data for the following purposes: -
• To enable us to provide a voluntary service as specified in our constitution;
• To raise funds and promote the interests of St Margaret’s Episcopal Church, Renfrew;
• To manage our employees and volunteers;
• To maintain our own accounts and records (including the processing of gift aid);
• To inform you of services, news, events and other related activities.
3. What is the legal basis for processing your personal data?
• Consent of you, the data subject, so that we can keep you informed about news, events, activities and services, as well as processing your gift aid donations;
• Consent of the Vestry members or other volunteers to share their contact details as appropriate;
• Necessity to carry out our obligations under employment or other relevant laws;
• Pastoral necessity to support members or former members (or any who have regular contact with us).
4. Who it will be shared with?
We will treat your personal data as strictly confidential and will only share it with relevant members of the church for: pastoral, ministerial or social purposes. We will not share your data with third parties outside our control without your consent unless required to by law.
5. How long do we keep your personal data?
Your data will be kept for as long as it is relevant to the ministry, administration and governance of St Margaret’s Episcopal Church, Renfrew and/or for legal reasons. Where we process special categories of information relating to your racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, biometric data or sexual orientation, we will always seek to obtain your explicit consent for those activities unless this is not required by law or the information is required to protect your health in an emergency. Where we are processing data based on your consent, you have the right to withdraw that consent at any time.
* Type of Data Retention
* Contact data (name, email, address, phone number) While it is current and you fulfil a voluntary or employed role in this church such as Vestry Secretary, Lay Rep or Worship Leader.
* Employment data (for example, contact data, NI, remuneration details, performance assessments, emergency contact details) While it is current and you fulfil an employed role in the Diocese/SEC and for a minimum of 6 years after your leave employment.
* Gift aid declarations End of the current calendar year + 6years
* Parish registers (baptisms, marriages, funerals) Permanently
6. Your rights and your personal data
You can object or withdraw your consent to the use of your personal data at any time. Subject to some legal exceptions, you also have the right to:
• request a copy of the personal information we hold about you;
• to have any inaccuracies corrected;
• to have your personal data erased;
• to object to processing, or place a restriction on our processing, of your data;
• and to request that the data we have about you is given to you in a portable format.
Please direct any such requests to the Vestry Secretary at the address given above.
To learn more about these rights or if you are dissatisfied with our response you can complain to the Information Commissioner's Office Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Telephone: 0303 123 1113 (local rate) or 01625 545 745
Cookies, also known as browsers or tracking cookies, are small text files that are added to your computer when you visit a website. They help websites to perform certain functions e.g. to identify you if you log into a restricted part of a website, for a shopping cart, and for tracking purposes.
8. MANAGE COOKIES
If you would like to opt-in or opt-out of using cookies then you should be able to do so using your browser. You can review your cookie settings at any time.
St Margaret’s website collects data, but in an anonymous form, to help us make improvements, develop the website and enhance the user experience. Please note that you cannot opt-out of the deployment of cookies that are necessary for delivery of our website or services to visitors.
9. CHANGES TO THIS NOTICE
We may make changes to this Notice from time to time as our organisational practices and/or applicable laws change. We will not make any use of your personal information that is inconsistent with the original purpose(s) for which it was collected or obtained (if we intend to do so, we will notify you in advance wherever possible) or otherwise than is permitted by data protection laws.
"Data Controller" means a person, organisation or body that determines the purposes for which, and the manner in which, any Personal Data is processed. A Data Controller is responsible for complying with the data protection laws including the GDPR and establishing practices and policies in line with them.
"Data Processor" means any person, organisation or body that Processes personal data on behalf of and on our instruction. Data Processors have a duty to protect the information they process by following data protection laws.
"Data Subject" means a living individual about whom we processes Personal Data and who can be identified from the Personal Data. A Data Subject need not be a UK national or resident. All Data Subjects have legal rights in relation to their Personal Data and the information that we holds about them.
"Personal Data" means any information relating to a living individual who can be identified from that information or in conjunction with other information which is in, or is likely to come into, our possession. Personal Data can be factual (such as a name, address or date of birth) or it can be an opinion (e.g. a performance appraisal). It can even include a simple email address. A mere mention of someone's name in a document does not necessarily constitute Personal Data, but personal details such as someone's contact details or salary (if it enabled an individual to be identified) would fall within the definition.
"Processing" means any activity that involves use of Personal Data. It includes obtaining, recording or holding the information or carrying out any operation or set of operations on it, including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring or disclosing Personal Data to third parties.
"Special Categories of Personal Data" (previously called sensitive personal data) means information about a person’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health or condition or sexuality. It also includes genetic and biometric data. Special Categories of Personal Data can only be processed under strict conditions and such processing will usually, although not always, require the explicit consent of the Data Subject.
Last Update: October 2018
Review date: October 2019