DATA PRIVACY STATEMENT
1. Personal data This is personal information that relates to a living individual who can be identified from that data. The processing of personal data is governed by the General Data Protection Regulation (the GDPR).
2. Data Controller The Eldership of Dore & Totley United Reformed Church is the Data Controller (contact details below). This means they decide how your personal data is processed and for what purposes. In this statement, we and us mean the Data Controller, i.e. the Eldership of Dore & Totley United Reformed Church.
3. How do we process your personal data. We comply with our obligations under GDPR by keeping personal data up to date; by storing it and destroying it securely; by not collecting and retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate measures are in place to protect personal data. We use personal data for the following purposes: –
– To administer membership records
-To provide personnel for leading worship
– To maintain our financial accounts and records (including the processing of Gift Aid and stewardship).
– To provide news and information about events, activities and services of the church and the Sheffield Team Ministry.
– To provide pastoral and spiritual support to the church fellowship and others connected with the church.
– To fundraise and promote the interests of the church and of charities we support
– To manage employees and volunteers
– In connection with the administration and maintenance of the buildings, including room lettings
– To enable the church to provide voluntary services for the benefit of the public and the local community
– To provide contact details of officers with specific responsibilities to Yorkshire Synod, the national URC and the Sheffield Team Ministry.
4. What is the legal basis of processing? Because we are a non-profit making religious body, we can process data if any one of the following applies: – The processing relates to the church fellowship and other people (including the team ministers) involved in church activities; provided the data is not disclosed to people outside the church without consent – Processing is necessary under a legal or other obligation (e.g. employment law or safeguarding) – Processing is necessary in connection with the performance of a contract (e.g. room hire or building maintenance) – You have given your explicit consent.
5. Sharing personal data Your personal data will be treated as strictly confidential and will only be shared with other people in the church and the Sheffield Team Ministers in order to carry out a service to others in the church, or for other purposes connected with the church. We will only share your data with other people with your explicit consent.
6. How long will we keep the data?
Record Type Retention Period
Members’, adherents’ and friends’ contact details – 2 years after last contact
Junior church contacts 2 years after last contact – Gift aid declarations and paperwork
6 years after calendar year to which it relates
Registers of Marriage – As required by the Registrar
General Register of Baptisms – Indefinitely
Personal data relating to events for which additional information is gathered e.g. church holidays –
Until immediately after event unless any need to keep record for a longer period (e.g. an accident)
Records of attendance of young people and helpers -Indefinitely for safeguarding purposes
Photographs and videos of events – 2 years after event – selected items retained for historical records
Insurance records – Indefinitely
Safeguarding matters – Indefinitely or as advised otherwise by authorities
Accident books – 3 years from date of last entry (or, If the accident involves a child/young adult, until that person is 21)
Complaints (nonsafeguarding) – 3 years after resolution of complaint (unless further action is contemplated)
Minute Books – Indefinitely
Employee records – 6 years after termination of employment
Visiting preachers and pianists – 2 years after last contact
Record of hall lettings – 6 years after calendar year to which it relates
7. Your rights and your personal data Unless subject to an exemption under GDPR, you have the following rights with respect to your personal data: – To request a copy of your personal data which we hold about you (a Subject Access Request or “SAR”) – To request that we correct any personal data that is found to be inaccurate or out of date – To request that we erase any personal data that we no longer need to retain – To withdraw your consent to processing at any time – To request that we provide you with personal data and, where possible, transmit that data directly to another data controller – If there is a dispute in relation to the accuracy of processing your personal data, to request a restriction is placed on further processing
– To object to the processing of personal data – To lodge a complaint with the Information Commissioner’s Office.
8. Further processing If we wish to use your personal data for a new purpose, not covered by the Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will ask your consent to the new processing.
9 Contact details To exercise all relevant queries and complaints, in the first instance please contact the Church Secretary at Dore & Totley United Reformed Church, 28 Totley Brook Road, Sheffield S17 3 QS. You can contact the Information Commissioner’s Office on 0303 123 1113 or email https://ico.org.uk/global/contactus/email or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
The Eldership, Dore & Totley United Reformed Church, May 2018