Data Privacy Notice
This privacy notice provides you with details about how we (as the Data Controller) process your personal data through your connection with us. You may be connected to us through your attendance at church services or a church group or through a course or event such as a wedding, christening or funeral.
When we say “personal data” this means any information capable of identifying you as an individual. The Parochial Church Council Of The Ecclesiastical Parish of St John the Baptist Clayton may be referred to as “we”, “us” or “our” in this privacy notice.
If you have any questions about this privacy notice, please contact firstname.lastname@example.org or write to
St John the Baptist
c/o The Vicarage, Clayton Lane
If your personal information changes, please let us know so we can keep our records up-to-date and accurate. by emailing us at email@example.com
In most circumstances you provide your personal information directly to us in connection with your membership or attendance with us, or as a participant in one of our groups, or through an event held by us such as a wedding, funeral or christening, or through courses that we run. This information may be given to us verbally (during face to face or telephone contact) or by your completion of a form, or because you sent it to us by email.
Whether received directly or indirectly, this information may include your name, address, email address, telephone and mobile telephone numbers and current and past employment history, relevant medical information or disability information – as you provide it to us directly or indirectly and as is relevant to any of the above purposes. We collect personal information that is relevant to the purpose or purposes described in this notice. Only information relevant to the purpose is processed. For example, financial information is not included in a church directory.
CHRISTENINGS, CONFIRMATIONS, WEDDINGS AND FUNERALS
We use this data to keep records of christenings, confirmations, weddings and funerals and to enable us to prepare for, run and follow-up services. We have a legal obligation to retain these records permanently. After a set period of time they are archived in the West Yorkshire Archive. You maybe the relative of a deceased person and we process your information to administrate the Garden of Remembrance and the Burial of Ashes.
We may also use the information you have provided to communicate with you in relation to events or courses - for example The Marriage Course or the Alpha Course. We may also invite you to specific events which may help you in your journey such as special services for those who have been bereaved or to celebrations which build connection and community. We may also use your data to send cards on special anniversaries. For these purposes we rely on our Legitimate Interest (to fulfill our charitable objectives) as the legal basis for processing and / or to fulfill our legal obligations
YOUR ATTENDANCE AT ST JOHNS
You may attend our services and be on the Electoral Role or serve as a volunteer with us. You provide personal information to us including your contact information (for example, name, address, telephone and mobile telephone number and email address).
We will use this data to communicate with you based on our legitimate interest (to fulfill our charitable objective). We use this information to communicate with you in relation to your participation in the wide variety of groups we run and to effectively manage our organisation. These include (for example) being part of the music band, community choir, welcoming team, pastoral care team, home group or (say) holding keys for any of the buildings operated by us. The purposes also include any connection you may have with that group or team.
If you are a PCC member or officer of the church your details may be shared with third parties. We share personal details with the Diocese of Leeds on the basis of our legitimate interest in fulfilling our charity objectives and to fulfill our legal obligations under Ecclesiastical Law. We share personal details with the West Yorkshire Archive for historic Archiving in the Public Interest and with the Charity Commission to fulfill Charity Law.
If you fulfill the criteria for being on the church Electoral Roll, we will process the data required by law for that purpose
CHURCH DIRECTORY AND REQUESTS FOR GIFTS
We may communicate directly with you about the financial needs of the church. We do so on the basis of your consent.
As a Christian church we feel like family and to help us communicate with each other we provide a church directory which includes name, address, email address, telephone number and mobile telephone number. The directory is issued on a reciprocal basis, if you are included you receive a directory and are required to adhere to the conditions of use. Your consent is required for inclusion in the directory.
Where your consent is given you may be withdraw it at any time by emailing firstname.lastname@example.org . Should you withdraw your consent you will be required to delete any copy of the directory provided to you.
INFORMATION ABOUT CHILDREN
If your child attends a group, event or activity run by us we will process data about them. Where the consent of an adult is required – we will obtain that consent. The data we hold may include medical or other information which may be regarding as special category data. We do this to comply with social protection law. We process this data on the legal basis that it is in the vital interests of the child (the Data Subject) and in the fulfillment of our legal duty of care to your child.
We comply with the Diocese of Leeds Safe Guarding Policies and process personal data (which may include special category) to comply with our obligations in relation to those policies and to comply with the law, including social protection law.
In compliance with our Safeguarding Policy we also require many volunteers and officers of the church to complete Disclosure and Barring Service Checks and to take appropriate levels of Safeguarding training. We process personal and special category data in relation to these requirements on the legal basis of compliance with a legal obligation, and on the basis of protecting the vital interests of data subjects.
As an employee we will process personal information about you. This information is processed in our legitimate interest as an employer and to fulfill our legal obligations. If you are a referee, we process your data to take up references. To the extent necessary and relevant, some personal data may be transferred to third parties such as payroll and pension providers and government authorities.
We collect data in relation to gifts you make to us including the dates and amounts of donations and bank account details and gift aid information. We use this information for administration and to comply with our legal obligations in relation to charity finance and HMRC. The information is only seen by those who need to see it in relation to accounting and is kept confidential by those people.
SAFETY AND CRIME PREVENTION
We collect CCTV images in relation to any person visiting the exterior of our premises. This is held for a maximum of 30 days and is specifically recorded for the purposes of personal safety and crime prevention. It is not used for any other purpose and may be shared with the police in connection with these purposes.
We may track your use of our website using cookies. A cookie sits on the device that you used to browse our website and, in some cases, will be replicated across other devices you use. We do this so that we can understand how visitors arrived at our site, what they do when on the site and when they leave the site. This helps us to improve the site making it easier for visitors to navigate and to create content that makes the site more relevant.
During this process we may track data about your use of our website and online services such as your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website. The source of this data is from our analytics tracking system. We process this data to analyse your use of our website and other online services, to administer and protect our organisation and website and to deliver relevant website content Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our organisation and to help us evaluate the effectiveness of the site.
We may use User Data and Technical Data to deliver relevant website content and advertisements to you (including Facebook adverts or other display advertisements) and to measure or understand the effectiveness of the advertising we serve you. Our lawful ground for this processing is legitimate interests which is to provide relevant information to you. We may also use this data to send other marketing communications to you in ways which are compliant with GDPR. Our lawful ground for this processing is either consent or legitimate interests (namely to fulfill our charitable objectives).
We may collect data about you when you provide the data directly to us (for example by filling in forms on our site or by sending us emails).
We may receive data from third parties based outside the EU including analytics providers such as Google, advertising networks such as Facebook Where this is the case, those third parties are certified under the European Union / United States Privacy Shield scheme.
Our lawful ground of processing your personal data to send you marketing communications is either your consent or our legitimate interests (namely to fulfil our charitable objectives). We do not sell or share your personal data with any third party except as set out in this notice.
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
We do not transfer your personal data outside the European Economic Area (EEA) unless it is to an organisation that is certified under the European Union / United States Privacy Shield Agreement. Service Providers may include (for example) Mailchimp, Dropbox, Microsoft and Google
We have put in place security measures designed to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed by unauthorised people. We also allow access to your personal data only to those employees and volunteers who have a need to know that data in relation to the purposes set out in this notice and who agree to abide by this notice. Third parties will only process your personal data on our instructions, and they must keep it confidential.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When deciding what the correct time is to keep the data for, we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.[i]
In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
[i] Details about retention periods can currently be found in the Record Management Guides located on the Church of England website at: - https://www.churchofengland.org/more/libraries-and-archives/records-management-guides
Under data protection laws you have rights in relation to your personal data that include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and (where the lawful ground of processing is consent) to withdraw consent.
You can see more about these rights at:
If you wish to exercise any of the rights set out above, please email us at email@example.com
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you.
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.