DATA PROTECTION INFORMATION AND PRIVACY NOTICE

This is a summary of the Data Protection Policy and procedure of our Congregation. It has been ratified by the Kirk Session. It describes how we manage your personal data in accordance with the Data Protection Act 2018 and the UK General Data Protection Regulation (GDPR).

St John’s-Renfield Church is committed to protecting your privacy and safeguarding your personal data such as your name, address, telephone number, email address, bank details (for Gift Aid purposes), photographs and videos (including by live streaming of services), Safeguarding information including children’s details and details of any post held on behalf of our Congregation. This data,which we collect from you, is held and processed in the course of our legitimate activities in support of our Congregation and our local community.

Our Data Protection Coordinator is the Roll Keeper and our Data Controller is the Presbytery of Glasgow (Scottish Charity SC007691).

We may use the information we collect:

· in order to further our charitable aims and to advance the Kingdom of God as a parish church;

· for pastoral care purposes, in connection with membership records and in relation to your participation in our activities;

· in order to communicate with you (e.g. by letter, telephone or email) for example to provide information relating to our work or new developments;

· for fundraising activities and for internal administration such as for accounting purposes;

· to fulfil legal obligations;

· comply with safeguarding obligations including the protection of vulnerable groups scheme;

· in order to fulfil individual employment contracts with our employees (e.g. personnel administration) or for agreements with volunteers;

· to further the prevention and detection of crime by means of our CCTV systems.

The congregation, through its office bearers and employees, will use all reasonable endeavours to ensure that personal information is held in a secure and confidential environment and when the information is no longer needed it will be destroyed or permanently rendered anonymous. We follow the Church of Scotland’s recommended retention and disposal schedule (see schedule 1 here).

Additional sensitive (“special category”) personal data may also be collected for pastoral purposes by our Minister or Elders. This is held separately and in confidence and may include details of health, racial or ethnic origin, sex life or sexual orientation.

The lawful bases for our collection and processing of your data are in accordance with UK GDPR Articles 6(1)(a), 6(1)(c) and 6(1)(f). Additionally, the lawful basis for our collection and processing of sensitive data is in accordance with UK GDPR Article 9(2)(d). You can consult these on line at: https://www.legislation.gov.uk/eur/2016/679/contents

The congregation may need to share personal information that we hold about you for a number of reasons including to provide pastoral or other assistance, process donations or carry out any other contractual obligations. This data may be disclosed to our office bearers, other volunteers, the Presbytery of Glasgow and other bodies within the Church of Scotland and their agents. The congregation does not permit these parties to use such information for any other purpose than the foregoing.

The congregation may also need to disclose your information if required to do so by law (e.g. for safeguarding purposes).

By providing us with your personal data, including sensitive personal data, you consent to the collection and use of it in accordance with the above purposes and this privacy notice. Please tell us of any changes so that we may maintain accurate records.

You have certain rights under data protection laws. These include the right to be informed, rights of access to the data that we hold on you (including provision of electronic copies), rectification of it and rights to restrict processing and erasure. As all our processing is based on your consent you can withdraw it at any time. If you wish to discuss or exercise any of these rights, please contact our Data Protection Coordinator (our Roll keeper).

If you have any queries regarding the data that we hold on you or if you object to us doing so, please speak to the Roll Keeper (contact through the Church office). You can also contact the Church of Scotland Data Protection Officer at Privacy@churchofscotland.org.uk.

ou have the right to complain to the Information Commissioner’s Office about anything relating to the processing of your personal information by the Congregation. You can contact the ICO by email at casework@ico.org.uk or telephone on 0303 123 1113 or by mail at Customer Contact, ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.