Website
Data Protection
East Clevedon Churches
All Saints’, East Clevedon
St Mary’s, Walton Clevedon
St Paul’s Walton in Gordano
St Peter & St Paul, Weston in Gordano
From time to time our churches need to gather and use certain information about individuals. These can include parishioners, members of the congregation and other people the church has a relationship with or may need to contact.
This Notice explains how data (information) relating to individuals is used by church to ensure compliance with the law which requires information to be collected and used fairly and stored securely.
(Words/terms that are underlined are defined in the Glossary at the end of this document.)
1. What is your personal data?
Personal data relates to a living individual who can be identified from that data
2. Who are we?
The PCC of each Church (“the PCC”) is the Data Controller (contact details below)
3. How do we process your personal data?
The PCC complies with its obligations under the General Data Protection Regulations (GDPR) by:
keeping personal data up to date
storing and destroying it securely
not collecting or keeping excessive amounts of data
protecting data from loss, misuse, unauthorised access and disclosure
ensuring appropriate technical measures are in place to protect personal data
We use your personal data for the following purposes:
to enable us to provide a voluntary service for the benefit of the public in the parish
to administer membership records
to fundraise and promote the interests of the church
to manage our volunteers
to maintain our accounts and records (including the processing of gift aid applications)
4. What is the legal basis for processing your personal data?
explicit consent of the data subject for specifically defined purposes
processing is carried out by the PCC provided:
the processing relates only to members or former members or those in regular contact with the PCC and church
there is no disclosure to a third party without consent
5. Sharing your personal data
Your personal data will be treated as strictly confidential and will only be shared with other members of the church in order to carry out a service to other church members or for purposes connected with the church. We will only share your data with third parties outside the parish with your consent.
6. How long do we keep your personal data?
We keep data in accordance with the guidance set out in the guide “Keep or Bin: Care of Your Parish Records” which is available from the Church of England website.
Specifically, we retain electoral roll data while it is still current; gift aid declarations and associated paperwork for up to 7 years after the tax year to which they relate; and parish registers (baptisms, marriages, funerals) permanently.
7. Your rights and your personal data
Unless subject to an exemption under GDPR, you have the following rights with respect to your personal data:
the right to request a copy of your personal data, held by the PCC
the right to request that the PCC corrects any personal data if it is found to be inaccurate or out of date
the right to request your personal data is erased where it is no longer necessary for the PCC to retain it
the right to withdraw your consent to the processing at any time
the right to object to the processing of personal data in certain situations
the right to lodge a complaint with the Information Commissioners Office
8. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and explain the purpose and processing conditions. Where necessary, we will seek your prior consent to the new processing.
9. Contact Details
To exercise all relevant rights, and for queries or complaints please contact the Parish Office in the first instance: eastcleveub@blueyonder.co.uk
Glossary
Personal data – information about a living individual which can be used to identify that individual
Data controller – the PCC of each Church who determines how and what data is processed
Process(ing) – anything done with personal data, including storing it
Data subject – the individual whose personal data is processed