01604 628623
 enquiries@stgilesnorthampton.org.uk

General Data Privacy Notice

The Parochial Church Council (PCC) of St Giles Church

St Giles Terrace, Northampton, NN1 2BN

Tel: 01604 628623 email: gdpr@stgilesnorthampton.org.uk

Charity No. 1149547

Data Controller: The PCC of St Giles Church and Incumbent

Data Protection Lead: Helen Goff

Date of Policy:  26th May 2018

Issue No.: 1.07 (July 2024)

________________________________________________________________

General Data Protection Regulation (GDPR) 25th May 2018

The General Data Protection Regulation replaces the existing law on data protection (the Data Protection Act 1998) and gives individuals more rights and protection as to how their personal data is used by organisations.

The information you provide will be held under the General Data Protection Regulation (GDPR) 2018. We will do all we can to protect your privacy and to make sure any personal information you share with us is stored securely.

We value and respect everyone who has a connection with us. In line with our Christian beliefs, our aim is to be as clear as possible about how and why we use the information you give us. If your questions are not fully answered by the information below, please contact us.

By providing your personal details you agree to allow St Giles Church to contact you either on the basis of the consents you have given us or for our Legitimate Interests in accordance with current data protection regulations. We will only share your data with third parties outside of the parish with your consent.

1. Who are we?

The Parochial Church Council (PCC) of St Giles Church and the Incumbent are the data controllers.  This means they decides how your personal data is processed (used and stored).  A list of PCC members can be inspected at the Church Office by request.

2. Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data (for example a name, photographs, videos, email address or address) Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the GDPR).

3. How do we collect information about you?

We collect personal information from you in a variety of ways: e.g. if you complete a consent form, serve on a team,  become a member, make a donation, book onto an event, request a resource, give your details to a member of staff,  complete a paper sign up form or card at an event.

4. How do we process your personal data?

The PCC of St Giles Church complies with its obligations under the GDPR by keeping personal data up to date*; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

*Keeping us up to date with your details and contact preferences 

  • Please tell us as soon as any of your contact details change so that we can keep our records up to date. 
  • You can change the way we contact you or the kind of material we send you at any time by contacting us by mail, phone or email using the contact details above.
  • If you have access to My ChurchSuite you are able to update your personal details and communication preferences yourself.  If you choose this option, we advise that you notify the office that a change has been made.
  • You can unsubscribe from our regular emails at any time by using the 'unsubscribe' or 'change preferences' links on the email you have received.

5. What is the lawful basis for holding and processing your personal      data?

GDPR provides a framework which permits us to use your information in a number of different ways.  There are three specific categories which we use at St Giles and they provide the ‘lawful basis’ for holding and processing your personal data:

  • Consent applies:
    • The primary means of capturing and recording your personal data is via the approved consent form.  On the basis of this consent, your personal data is then stored in our church database (ChurchSuite).

Legitimate interest applies:

    • Where you sign up for an event or group run by the church and we communicate with you about that event or group.
    • Where you have contacted us independently for information about the church. In this context we will only use your contact details to respond to your enquiry unless you explicitly consent for us to use your information for another purpose.
    • Where we need to communicate with you about: -
      • Relevant matters such as church news, events, courses, services and ministries
      • A public-interest matter, for example to let you know if an event is cancelled due to bad weather
      • A ministry or group that you are involved in as part of a serving team
    • For good governance, accounting, planning and analysis.  Examples might include:
      • An invitation to complete an electoral roll form.
      • A thank you letter.
      • Information about a church stewardship programme.
  • Legal obligation applies:
    • Where we are required to maintain and report financial/accounting information for up to six years from the end of the tax year in which a financial transaction was processed. This would typically be in respect of donations you may make to the church, or payments for certain events or courses run by the church.
    • Where we are required to maintain attendance records at groups or events in line with our safeguarding policy.
    • Where we are required to hold information and data relating to safeguarding incidents in order to fulfil our responsibilities to ensure the safety and wellbeing of people in our church in line with the statutory and legal obligations of the Church of England.
    • Where we are required to maintain and keep legal registers (baptisms, marriages, funerals, burials)

6. How do we use your personal data?

  • To administer membership records.
  • To inform you of news, events, activities and services running at St Giles. This may include using an external email platform such as MailChimp or Mailerlite.
  • To process donations you may give us and maintain our own accounts and records (including the processing of gift aid applications).
  • To organise rotas and other administrative tasks.
  • To ask for financial and non-financial support, such as prayer.
  • To customise the information we send to ensure we work in the most cost-effective way and only send information which is appropriate to you.
  • To record your attendance or involvement at a St Giles event.
  • To enhance or improve your experience on our website.  When you indicate your preferences through the use of our site, we may use this information to personalise the site to better meet your needs.
  • To process a grant or application for a role.
  • St Giles may carry out analysis of the personal information we collect about you to create a profile of your interests and preferences so we can contact you in the most appropriate way and with the most relevant information.
  • From time to time we may use photos or videos of members of the congregation on promotional material, our website or social media platforms to share the ministry of St Giles’ church with others and to promote our services, events and activities. 

7. How long do we keep your personal data?

We keep data in accordance with the guidance set out by the GDPR and the Church of England guide ‘Keep or Bin: Care of Your Parish Records’. We endeavour to maintain only data that is relevant, accurate and up to date. We operate to an annual process of review by which we assess who is actively engaging in church membership and where this is not the case, we will remove your data.  However, we retain member and former member information if there is a legal requirement to do so eg Gift Aid declarations and financial data for up to 6 years after the calendar year to which they relate; and legal registers (baptisms, marriages and funerals) and safeguarding records permanently. 

The Church of England guide ‘Keep or Bin: Care of Your Parish Records’ can be found here:

https://www.churchofengland.org/more/libraries-and-archives/records-management-guides

8. Viewing the Information we hold about you

You may request details of all the information St. Giles Church holds about you by submitting a written or verbal request to the Church Office. Please write to: The PCC, St Giles Church, St Giles’ Terrace, Northampton, NN1 2BN or by telephone 01604 628623 or email: gdpr@stgilesnorthampton.org.uk. We will respond to your request, free of charge, within 30 days.

9. Who sees your information?

Your personal data will be treated as strictly confidential and will only be shared with other members of the church in order to carry out a service to other church members or for purposes connected with the church.  We will only share your data with third parties outside of the parish (church) with your consent.

10. Your rights and your personal data 

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: -

  • The right to be informed about the identity of St Giles and how St Giles intends to use your information (this is usually achieved through the Data Privacy Notice).  
  • The right of access to your personal data which St Giles holds about you (Subject Access Request).
  • The right to be forgotten (erasure)- to request your personal data is erased where it is no longer necessary for the Data Controller to retain such data, unless there is a legal obligation to keep it.
  • The right to withdraw your consent to the processing at any time. In this case we will inform you if we are able to comply or if we have legitimate grounds to continue to process your data.
  • The right to rectification (correction) - to request that the Data Controller corrects any personal data if it is found to be inaccurate or out of date.
  • The right to data portability – you have the right to request that we transfer some of your data to another controller and we will comply with your request where it is feasible to do so, within one month of receiving your request (known as the right to data portability), [Only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means]
  • The right to object to the processing of personal data.  You have the right to request that we stop processing your data, upon receiving the request, we will contact you and let you know if we are able to comply or if we have legitimate grounds to continue to process your data. Even after you exercise your right to object, we may continue to hold your data to comply with your other rights or to bring or defend legal claims.
  • The right to lodge a complaint with the Information Commissioners Office (see below details of how to contact the ICO).

11. Further Processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

11.1 Livestreaming Sunday Services

From 13th February 2022, Sunday morning services will be livestreamed in order to reach out to those who are unable to attend in person, or wish to participate in our services remotely.  It will also set down the extra time required to prepare an on-line service. 

The congregation and those taking part in the service will be notified in advance using a variety of communication platforms such as the weekly newssheet, website, social media, notices in church and announcements before services.  Those being filmed will have given ‘opt-in’ consent either in writing or verbally.  All consent will be documented and filed. 

We will not be livestreaming services on the first Sunday of each month when we have an all-age service.

Services will be available online via the St Giles Northampton YouTube channel and http://stgilesnorthampton.online.church/.  With effect from 1st May 2022, the retention period for keeping services available on these platforms will be three months.   Wedding and funeral services will be available for one week.

12. Contact Details

To exercise all relevant rights, queries or complaints please, in the first instance, contact the Office Administrator at the Church office by email:  gdpr@stgilesnorthampton.org.uk. or telephone: 01604 628623.

You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
 

Privacy Notice | Powered by Church Edit