DATA PRIVACY NOTICE
The Parochial Church Council (PCC) of the Ecclesiastical Parish of Holy Trinity, Meole Brace, Shrewsbury.
- Who are we?
- Whose details do we process?
- Your personal date – what is it?
- Where we obtain our information about you
- The information we hold about you
- What do we do with your data?
- Who do we share your data with?
- Children’s information
- What is the legal basis for processing your personal data?
- How long do we keep your personal data?
- Your rights and your personal data
- Further processing
- Transfer of Data abroad
- Contact details
- Complaints
We do our best to protect the privacy of anyone whose data is entrusted to us. Please read this privacy notice which explains how we collect, manage, use and protect your personal information.
1. Who are we?
The Ecclesiastical Parish of Holy Trinity, Meole Brace encompasses the churches of Holy Trinity, Meole Brace, Christ the King at Radbrook Community Centre and Church in the Meet Place, Meole Estate, which are collectively referred to throughout this document as ‘Trinity Churches’.
The vicar is legally the Incumbent of Trinity Churches, hereafter referred to as ‘the vicar’ which is part of the Church of England Diocese of Lichfield. The vicar, both formally and informally plays a leadership role in the community.
The vicar has responsibility for leading the spiritual life of the church in the parish of Meole Brace aided in this work by the PCC who share spiritual leadership and act as trustees of the church building, operations and finance. Churchwardens are members of the PCC; they have certain statutory responsibilities for the building. The PCC also appoints Safeguarding Officer(s), office staff and the Ministry Team whose members assist the vicar in pastoral, discipleship and liturgical leadership.
As the church is made up of all these people, office-holders and organisations working together, it would be impossible to work effectively if personal data were not shared between them to the extent that it is necessary for effective function and ministry of the church. For this reason, this privacy notice covers the way that the PCC and the vicar jointly use personal data. Together we are joint data controllers, which means together we decide how your personal data is processed and for what purpose, and that we are all responsible to you for how we process your data.
2) Whose details do we process?
Those who come to our church or who otherwise interact with the church community and those who volunteer for the church or are on its payroll. Due to the leadership community role of the vicar, occasionally this will require them to process contact details of those beyond the church community, including for example school governors, relevant councillors, etc.
3. Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (GDPR).
4. Where we obtain our information about you
Personal information is collected from you directly when you interact with us. For example: joining the Electoral Roll, volunteering, coming to us for baptism, wedding or funeral, hiring our premises, making a gift, sending us an email, making an enquiry, participating in a service or an event, completing a welcome or update card or signing up for a newsletter. Information may be collected in person, over the phone, through our website, social media or from something you have posted to us.
Personal information may also be given to us by someone else. For example: a parishioner might tell the vicar that someone was taken to hospital and would appreciate it if someone from the church could visit.
5. The information we hold about you
The information we hold will always include some combination of your name, postal and or email addresses, your phone number and may include social media information if you interact with us in that way. We may record similar information about your close family or friends, especially if they are connected with us. For example: information we need to organise a wedding or memorial service.
If you support us financially, hire our premises, have other financial transactions with us, then we will record relevant information to ensure that we can process these properly and comply with audit requirements.
If you volunteer for us, are elected into a position in the church then we will hold information relevant to that activity. For example: Church of England safeguarding policy requires some volunteers to have a DBS check; we will collect information relevant to this check.
GDPR legislation affords special protection to certain categories of data – those that are relevant to your religious affiliation or information about health. For example if you need gluten free wafers or the need for a hearing loop, you are giving us information about your health. If you attend church, join its Electoral Roll, or affiliate with us in some other way, then we may be processing data about your religious association. With the exception of processing in relation to criminal records in the context of DBS checks, we are very unlikely to process any other information which falls in to the categories requiring special protection.
6. What do we do with your data?
The PCC of Trinity Churches, Meole Brace, Shrewsbury complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for the following purposes: -
- To carry out all the work necessary to organise and publicise, a regular cycle of services together with baptisms, confirmations, weddings, funerals, interment of ashes, services of remembrance and blessings, etc.;
- To organise pastoral and spiritual care, which may include home visiting by the vicar or other appropriately authorised person;
- To manage volunteering in an appropriate and efficient manner, for example rotas, meetings, etc.;
- To administer membership records of adult or child members;
- To communicate with you about your views or comments;
- To fundraise and promote the interests of the church;
- To manage our employees and volunteers;
- To maintain our own accounts and records (including the processing of gift aid applications);
- To inform you of news, events, activities and services running at Trinity Churches;
- To organise appropriate opportunities for discipleship, service and spiritual development. For example: house groups, mission related activity, church trips, etc;
- To enable us to meet our legal and statutory obligations in accordance with Church Representation Rules and Canon law ,passing details of elected office holders, etc;
- To comply with the safeguarding procedures in order to ensure all vulnerable adults and children at risk are provided with a safe environment;
- To administer commercial activities , including the hire of the Trinity Centre and the Church itself;
- To share your contact details with the Diocesan office so they can keep you informed about news in the diocese and events, activities and services that will be occurring in the diocese and in which you may be interested.
7. Who do we share your data with?
Your personal data will be treated as strictly confidential. It will only be shared with other members of the church in order to carry out a service to other church members or for purposes connected with the church. We will not share your data with third parties outside of the parish without your express consent.
Within the church only those people who need to see your data will have access to it. For example:
- the vicar needs to know the names of the parents and godparents of the child being baptised but there is no need for the PCC to have this information;
- The Electoral Roll is a statutory document that we must publish in a public place each year. The Roll is available for inspection at all times on request;
- If you are elected to office in the church the results of these elections must be published;
- If you are on a rota in church we will share this with others on the rota and in church.
- DBS checks are carried out in conjunction with the Diocesan Safeguarding Team which will disclose relevant data to the Parish Safeguarding Officer.
- In the process of pastoral work, the vicar, other clergy or lay people may encounter a situation where the law requires them to disclose to a statutory authority. In this case their legal obligation will be paramount.
Occasionally we may need to share with other churches with whom we are carrying out joint events or activities or appropriate bodies within our denomination/ synodical structure. All of these bodies will be part of our church set up; each will have their own privacy policies.
8. Children’s information
Under GDPR in the UK, children are able to give consent at age 13 which means that consent must come from the child rather than the parent or guardian unless the child does not have capacity to give consent. The law does not require us to have consent to hold data on children simply because of their age. However, where we collect data on children under 13, we will always obtain consent from a parent or guardian ensuring that they are happy for us to collect and use the information provided.
9. What is the legal basis for processing your personal data?
A legal basis must exist for us to process your data. No legal basis is better than another; there may be more than one basis applicable. The six legal bases for processing data with examples are below:
- Consent: electronic marketing, prayer requests that are recorded and published on the church website or in a parish newsletter. Prayer requests spoken in church do not need consent.
- Contract: commercial transactions or employment contracts, buying tickets, etc.
- Legal Obligation: Electoral Roll, Governance of PCC, process Gift Aid (not contracts), administration of weddings, baptisms and funerals.
- Vital Interest: Protect Life
- Public Task: performance of a task carried out in the public interest or exercise of official authority of the data controller(s)
- Legitimate Interest: Rotas connected to running the activities of the church, information required to operate and fulfil our charitable aims and objectives. To communicate with the members of the church about the activities of the church.
Most of our data is processed because it is necessary for our legitimate interests to enable our charitable and missional aims. For example: maintaining membership records, safeguarding our children, recording our financial donations and operating team rotas for the effective function of the Sunday services.
10. How long do we keep your personal data[1]?
We keep data in accordance with the guidance set out in the guide “Keep or Bin: Care of Your Parish Records” which is available from the Church of England website [see footnote for link].
Specifically, we retain electoral roll data while it is still current; gift aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate; and parish registers (baptisms, marriages, funerals) permanently.
11. Your rights and your personal dataUnless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: -
- The right to request a copy of your personal data which the PCC of Trinity Churches, Meole Brace, Shrewsbury holds about you known as a Subject Access Request;
- The right to request that the PCC of Trinity Churches, Meole Brace, Shrewsbury corrects or removes any personal data if it is found to be inaccurate or out of date (Some information must be retained by us for audit, safeguarding or other statutory purpose. We will not be able to accede to a request to delete it);
- The right to request your personal data is erased where it is no longer necessary for the PCC of Trinity Churches, Meole Brace, Shrewsbury to retain such data (See above caveat);
- The right to withdraw your consent to the processing at any time
- The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), where applicable [Only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means].
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data, (where applicable) [Only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics]
- The right to lodge a complaint with the Information Commissioners Office.
Although data on religious beliefs enjoys special protection, religious organisations are themselves permitted to process information about those who belong to them or are associated with them without having to seek specific consent.
We will keep some records permanently if we are legally required or it is prudent to do so, some records have specific retention periods. For example; HMRC requires financial records to be kept for a minimum period of seven years.
12. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
13. Transfer of Data Abroad
Our website is accessible from overseas. On occasion some personal data (for example in a newsletter) may be accessed from overseas.
14. Contact Details
If you would like to make an enquiry about data protection, to exercise all relevant rights, queries, update the information we hold about you, request or opt out of receiving communications from us or change the way we process your information, please in the first instance you can let us know in the following ways:
Email: info@trinitychurches.org
Tel: 01743 362399 (Church Office)
Post: The Data Protection Officer, c/o Trinity Centre, Church Road, Meole Brace, Shrewsbury, SY3 9HF.
15. Complaints
If you do not like the way that we are processing your data, please tell us, our contact details are as above.
You also have a right to lodge a complaint with the Information Commissioners Office
Email: https://ico.org.uk/global/contact-us/email/
Tel: 0303 123 1113
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF
This notice will be reviewed periodically, at least annually, from either publication or last update whichever was most recent review, to ensure that it is still fit for purpose.
[1] Details about retention periods can currently be found in the Record Management Guides located on the Church of England website at: - https://www.churchofengland.org/more/libraries-and-archives/records-management-guides
