Bromsgrove Team GDPR Privacy Notice

Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in the Data Controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2018 (the “GDPR”).
 
Who are we?

The Bromsgrove Team comprises the Parochial Church Council (PCC) of the Benefice (Parish) of Bromsgrove and the PCC of the Benefice (Parish) of Dodford. The words ‘we’, ‘us’, ‘our’ refer to the team. Those on whom data is, or might be, held are ‘data subjects’ and the words ‘you’, ‘your’, ‘he/she’, ‘him/her’, they/them, refer to them.

Each PCC is (or appoints) a one or more Data Controllers who decides how personal data is processed and for what purposes.

The PCC of Bromsgrove may act through the District Church Councils (DCCs) of its constituent churches.
 
How do we process your personal data?

The Bromsgrove Team complies with its obligations under the “GDPR” by keeping personal data up to date1 ; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
 
We may use your personal data for the following purposes: -
To enable us to provide a voluntary service for the benefit of the public in a particular geographical area;
To administer those who use church facilities, services and records;
To fundraise and promote the objectives of the Benefices [Parishes];
To manage our employees and volunteers;
To maintain our accounts (including the processing of gift aid applications) and records (including statutory records such as the Electoral Roll);
To inform you of news, events, activities and services running in the Benefices. To describe anonymously the demographics (age, gender, residential area etc…) of our congregations with a view to optimising our provision for them. 

What is the legal basis for processing your personal data?

Data is held only for people who have, or have had, connections with the churches of the Benefices that makes the processing of their data advantageous to them and/or us.
 
Consent of the data subject is usually indicated by giving us their contact data so that we can keep them informed about Church news, events, activities and services and process their gift aid. In general, processing comprises safe storage, updating[1], selection of sub-sets of the data held and deletion of data when it is no longer needed.
 
Processing additional data (such as National Insurance number) may be necessary for carrying out obligations under employment, social security or social protection law or policies, or under a collective agreement.
 
Sharing your personal data

Your personal data will be treated as strictly confidential and will only be shared with others in the church when it is necessary for them to access the data in order to undertake a task allocated to them by the Church. We will only share your data with third parties outside your Parish with your consent.
 
How long do we keep your personal data?

We keep data in accordance with the guidance set out in the guide “Keep or Bin: Care of Your Parish Records”[2] which is available from the Church of England website. Specifically, we retain electoral roll data while it is still current; gift aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate; and parish registers (baptisms, marriages, funerals) permanently.
 
Your rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights[3] (briefly expressed, some with conditions) with respect to your personal data : -
The right to be informed of the person or persons (see the end of this document) to be contacted in order to exercise your rights and the purpose(s) for which your data is held and processed.
The right to be provided with a copy of the personal data which we hold about you;
The right to request that we correct any personal data if it is inaccurate or out of date;
The right to request your personal data is erased where it is no longer necessary for us to retain such data;
The right to restrict processing at any time;
The right to data portability (e.g., the right to request that the data controller passes your data to the data controller of another church or parish);
The right in certain circumstances to object to the accuracy or processing of your personal data. You have an unconditional right to object to your data being used for direct marketing. While we will try to resolve any issues, there may be (e.g., legal) requirements that prevent us accepting your objection.
The right to lodge a complaint with the Information Commissioner’s Office if we cannot accept your objection.
 
Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will publicise a new notice explaining this new use and setting out the relevant purposes and processing conditions prior to commencing the processing. We will allow an adequate time within which you can record your consent or objection to this new data use.
 
Contact Details
 
To exercise all relevant rights, queries of complaints please in the first instance contact us at the Parish Office, St Godwald's Church, Finstall Road, Bromsgrove B60 2EA.
 
Your data controller will be identified on your church noticeboard.
 
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
 
[1] This means promptly amending the data held when we are told or learn that it has changed.
[2] Details about retention periods can currently be found in the Record Management Guides located on the Church of England website at: - https://www.churchofengland.org/about-us/structure/churchcommissioners/administration/librariesandarchives/recordsmanagementguides.asp
[3] The guidance on GDPR is at
https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-be-informed/
It is 131 pages long. Please consult this guidance or the Data Protection Officer for more information about your rights.