WHO are we?
The Parochial Church Council of St James the Great, Silsoe (referred to as the PCC) is the data controller. This means the PCC decides how your personal data is processed and for what purposes.
WHAT is Personal Data and Sensitive Personal Data?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. Some personal data falls into the category of Sensitive Personal Data and has more stringent rules governing it’s use; religious beliefs are categorised as sensitive personal data and, as such, the PCC holds a small amount of sensitive personal data. The processing of personal data is governed by the General Data Protection Regulation (GDPR) and covers not only our parishioners but individuals and businesses outside of the Parish with whom the PCC has contact. GDPR does not differentiate between private individuals and businesses – if the data held enables an individual to be identified, then GDPR applies
WHAT personal data does the PCC hold?
The PCC may hold personal data about you in some or all of the following categories:
- your contact details;
- details of money that you give to the Church;
- information that you share with the Church in connection with baptisms, confirmations, weddings and funerals or any other services held in our Church;
- your attendance at services, events and meetings run or hosted by the PCC;
- your participation in any Church rotas;
- information contained in emails or other correspondence from you and records of telephone calls or meetings with you;
- information contained in checks provided by the Disclosure & Barring Service;
- information that you share for the purposes of pastoral care, encouragement, training and prayer.
WHAT does the PCC use personal data for?
In general, the PCC holds records of members of our congregation, volunteers, guest and service users and uses this information to coordinate Church activities and to keep people informed of things happening in the life of the Church. The PCC also collect and use information about our suppliers, contractors, Churchwardens, Officers and other PCC members within our diocese, individuals within the Church of England’s national and diocesan staff, and personnel working for relevant public bodies. This information is used to manage and administer the Church
The PCC uses personal data for the following purposes:
- managing your relationship with the PCC, including administering membership records;
- helping the PCC organise rotas, group activities and to communicate with you;
- running the Church in an effective way, including maintaining accounting records, planning and charity governance (including Gift Aid)
- providing you with services and notifying you about either important changes or developments to the features and operation of those services;
- informing you of news, events, activities and associated ministries;
- updating, consolidating, and improving the accuracy of the PCC records;
- maintaining appropriate safeguarding arrangements for children and young people and vulnerable adults;
- responding to your enquiries and complaints; and
- ensuring that the PCC complies with the law for example when responding to court orders, or legal processes; to establish or exercise our legal rights or, defend against legal claims.
What is the legal basis for processing personal data?
Depending on what the type of personal data, the PCC will collect and handle your personal data:
- with your consent; or
- because the PCC is legally required to do so for compliance with a legal or regulatory obligation that the PCC is subject to (eg for Gift Aid); or
- (for sensitive personal data) because the processing is carried out for a legitimate activity of the Church; or
- because it is necessary for the PCC to do so for the purposes of the legitimate interests outlined above. Legitimate Interest means the interest of the PCC in conducting and managing activities to give you the best church community, events and services and the best and most secure experience. The PCC makes sure it considers and balances any potential impact on you (both positive and negative) and your rights before it processes your personal data for it’s legitimate interests. The PCC does not use your personal data for activities where it’s interests are overridden by the impact on you (unless the PCC has your consent or are otherwise required or permitted to by law).
How does the PCC collect personal data?
The PCC will usually collect personal data directly from you. The PCC may occasionally collect personal data via a third party – for example: from an organiser if you have volunteered to help at an event or be on a rota; from the Disclosure & Baring Service if you are organising or helping to organise Church activities where children or vulnerable adults may be involved.
How does the PCC process personal data?
The PCC complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
Depending on the content, a photograph may be considered personal data. People who attend Church events and activities sometimes take photos of the events and give the PCC copies for use on the Benefice/PCC website and in newsletters – those images will be retained indefinitely.
The Joint Benefice of Silsoe, Flitton and Pulloxhill maintains a prayer list on the 3churches.uk website – your name will not be included in that prayer list without your consent.
Does the PCC share personal data?
Personal data will be treated as strictly confidential. The PCC may share some personal data with others in the Joint Benefice of Silsoe, Flitton and Pulloxhill, for example:
- to ask the members of the Church to pray for you, along with other members;
- to enable them to provide pastoral care and support for you;
- to enable them to organise an event which you are participating in.
The PCC may need to share some personal data with organisations outside of the Joint Benefice, for example:
- agents, service providers, contractors and others involved in running church events and activities;
- with insurers and advisers in the event of a claim against the PCC;
- with auditors/examiners in connection with the PCC’s accounts;
- with any other organisation or entity, if the PCC is required by law to do so.
How long does the PCC keep personal data?
The PCC will only retain personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, reporting or potential insurance claim requirements.
- electoral roll data is retained while it is still current;
- Gift Aid declarations relating to single donations and the associated paperwork is held for up to 7 years after the calendar year to which they relate;
- non-specific Gift Aid declarations and the associated paperwork are held for up to 7 years after the last calendar year in which a donation covered by the declaration was made;
- Parish registers (baptisms, marriages, funerals) permanently.
Your rights and your personal data
Unless subject to an exemption under the GDPR, with respect to your personal data you have the right to: –
- request a copy of your personal data which the PCC holds about you;
- request that the PCC corrects any personal data if it is found to be inaccurate or out of date;
- request your personal data is erased where it is no longer necessary for the PCC to retain such data;
- withdraw your consent to the processing at any time;
- request that the PCC provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable);
- request a restriction is placed on further processing where there is a dispute in relation to the accuracy or processing of your personal data;
- object to the processing of personal data, (where applicable);
- lodge a complaint with the Information Commissioners Office.
If the PCC wishes to use your personal data for a new purpose, not covered by this Data Privacy Notice, then the PCC will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, the PCC will seek your prior consent to the new processing.
How to make a complaint
To exercise all relevant rights, queries or complaints please in the first instance contact the PCC Secretary at SilsoeGDPR@3churches.uk. If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office.