Data Privacy Notice
The Parochial Church Council (PCC) of St Mary’s, Bures
We do our best to protect the privacy of anyone whose data is entrusted to us. Please read this privacy notice which explains how we collect, manage, use and protect your personal information.
Who are we?
The Parish of St Mary’s, Bures is one part of a Benefice of three Church of England (CofE) churches which together make up the Benefice of Bures, Assington and Little Cornard. We are part of the Diocese of St Edmundsbury and Ipswich and are served by three clergy, led by the Vicar, who is legally the Incumbent of all three parishes.
The Vicar has responsibility for leading the spiritual life of St Mary’s. He is aided in this work by the Parochial Church Council (PCC) who share in the spiritual leadership of the church and act as trustees of the church building, operations and finance. The Churchwardens are members of the PCC and have certain statutory responsibilities for the building. The PCC has a Ministry Team (including Clergy, Readers and Elders) whose members assist the vicar in pastoral and other areas of church leadership. The PCC has also appointed a Safeguarding Officer and an Administrative Assistant.
As the Church is made up of all of these office-holders it would be impossible to operate effectively if personal data were not appropriately shared between the relevant people to the extent that it is necessary for the good functioning of the church and its ministry. For this reason, this privacy notice covers the way that the Incumbent and the PCC jointly use personal data. Together we are joint data controllers. This means we are all responsible to you for how we process your data.
Only those people who need to see your data will have access to it. So, for example, if the Vicar needs to know the names of parents and godparents of a child to be baptised this information would not normally be shared with the PCC.
If you would like to make an enquiry about data protection, update the information we hold about you, request or opt out of receiving communications from us or change the way we process your information, you can let us know by contacting our Church Office:
Email: Nicola Hurley, Benefice Administrator, firstname.lastname@example.org
Tel: 01787 227407
Address: The Vicarage, Church Square, Bures, Sudbury, Suffolk CO8 5AA
Whose data do we process?
- Those who come to our church or who otherwise interact with the church community, or where necessary, those who do the same in another parish in the Benefice.
- Those who volunteer for the church, or who are on its payroll.
- Occasionally, those beyond the church community with whom the Vicar and the PCC regularly interact – for example, school governors, parish councillors etc.
Where we obtain information about you
Personal information is collected directly from you when you interact with us, e.g. joining the Electoral Roll, volunteering, coming to us for a baptism, wedding or funeral, hiring our church premises, making a gift, sending us an email, making an enquiry, participating in a service or an event or signing up for a magazine. Information may be collected in person, over the phone, through our website, social media or from something you’ve posted to us. It may also be given to us by a third party.
The information we hold about you
The information will always include some combination of your name, postal and/or email addresses, your phone number, and may include social media information if you interact with us in that way. We may record similar information about your close family and friends, especially if they are also connected with us, e.g. the information we need in order to organise a wedding or a memorial service.
If you support us financially, hire our church premises for a concert or have other financial transactions with us then we will record relevant information to ensure we can process these properly and comply with audit requirements.
If you volunteer for us, or are elected to a position in the church then we will hold information relevant to your volunteering activity e.g. what role you are undertaking, details of rotas etc.
CofE safeguarding policy requires some volunteers to have DBS checks and we will therefore need to collect information relevant to such a check.
If you are on the payroll of St Mary’s then your contract will contain details of the way in which we process your data for the fulfilment of that contract.
Data Protection legislation affords special protection to certain categories of data. Of relevance are religious affiliation and information about health. If you attend church, or join its Electoral Roll, or in some other way affiliate yourself with us, then we may be processing data about your religious affiliation. If you tell us you need gluten-free wafers, or special access to church, or to use our hearing loop, then you are giving us information about your health. With the exception of processing in relation to criminal records in the context of DBS checks, we are very unlikely to process any other information which falls into the categories requiring special protection. We explain below the legal basis for processing any such data.
What we do with your data
We use your personal data for some or all of the following purposes:
- The spiritual life of the church
- To carry out all the work necessary to organise and publicise a regular cycle of services together with baptisms, confirmations, weddings, funerals, interment of ashes, services of remembrance and blessing, etc.
- To organise pastoral and spiritual care which may include home or hospital visiting by the Ministry Team, Elders or some other appropriately authorised person
- To manage volunteering in an appropriate and efficient manner e.g. by organising rotas, meetings etc.
- To organise appropriate opportunities for discipleship, service and spiritual development, e.g. house groups, Lent groups, mission related activity, hospitality, church BBQs etc.
- Such other activities which enable us to carry out our mission in our community, to love our neighbour and to share the good news about Jesus.
We use your data to facilitate the administrative work of the church:
- To enable us to meet our legal and statutory obligations including maintaining and publishing our Electoral Roll in accordance with the Church Representation Rules and passing details of elected role holders (e.g. Churchwardens, Deanery Synod reps, PCC Secretary and Treasurer) to St Edmundsbury and Ipswich Diocese.
- To comply with safeguarding procedures in order to ensure that all children and adults at risk are provided with a safe environment.
- To maintain our own accounts and records, to fundraise and to process donations (including Gift Aid information).
- To send you communications about the church (which may be sent via electronic, nonelectronic and social media means).
- To administer our commercial activities, including the occasional hire of the Church.
Who we share your data with and why
We only share data if it is necessary to do so. The community life of St Mary’s, and the interconnected nature of the Church of England (as described in the section “Who are we?”) means that we sometimes have to share data with other parts of the church. We will share data in the following circumstances:
- Within the clergy team and with appropriate lay people. e.g. for the organisation of a joint service, or circumstances where one clergyperson is standing in for another at a service or meeting. Sometimes other licensed clergy or lay people may also fulfil this role.
- The Electoral Roll containing its members’ names and addresses is a statutory public document and we must publish it each year in a public place. In exceptional circumstances you can ask for your address to be redacted from the list. The roll is available for inspection at all times on request.
- Being elected to an office in the church, e.g. Churchwarden, Treasurer,
- Secretary, Deanery Synod representative or PCC member similarly carries with it a degree of openness. The results of elections for these offices must be published in public and are available for inspection by anyone resident in the parish.
- If you are on a rota to carry out a volunteering role in church, we will share this rota with others on the rota and in church.
- To administer regular giving to the church. This information is held confidentially by the Treasurer and is only shared with the St Mary’s independent financial examiner.
- On occasion, we may disclose data to other churches with whom we are undertaking joint events or activities, e.g. the contact details of a volunteer who will lead the prayers at a joint service.
- For the purpose of DBS Checks carried out in conjunction with the Diocesan Safeguarding Team who will disclose relevant details to the Parish Safeguarding Officer.
In the process of pastoral work, the Vicar, other clergy or lay people may encounter a situation where the law requires them to disclose data to a statutory authority. In this case their legal obligation will be paramount.
The law does not require us to have consent to hold data on children simply because of their age. However, where we collect data on children under 18, we will always check with a parent or guardian that they are happy for us to collect and use the information.
Your rights and responsibilities
- Seeing the information we hold about you:
This is known as a Subject Access Request, and you have the right to ask for a copy of all of the information related to you that we are processing. You can request this using the ‘Contacting us’ section above.
- How to ask us to amend or delete your information:
If your information is incorrect, out of date or if you believe there is no longer justification for us to hold it, you can ask for it to be updated or removed. Some information must be retained by us for audit, safeguarding or other statutory purposes (e.g. marriage registers) and we will not be able to accede to a request to delete it.
- How to request your information so that you can use it elsewhere:
You can ask for a copy of any personal information that you have provided to us in the past. We will provide it in a clear and easy to follow format. (Note that this relates to your right to have access to your information. Duplicate entries from the registers attract a statutory fee.)
- Our legal basis for using your personal information:
Where we have a legal obligation to process your data, e.g. to create the Electoral Roll, to administer the governance work of the PCC and to process Gift Aid claims. Certain aspects of the Vicar’s work, e.g., relating to the administration of baptisms, weddings and funerals are also subject to legal obligations.
Where we have a contract with you. This is most likely to relate to some form of commercial transaction or employment.
Where the law requires us to have consent to process data. We will not use your personal data without your consent for any purpose other than that for which you originally gave it.
How long do we keep your personal data?
We will only retain personal information for as long as is necessary to fulfil the purpose for which you gave it or to fulfil a legal obligation. So, for example:
- matters relating to safeguarding are likely to require long term or permanent retention of data and may preclude its deletion.
- other records may have statutory retention periods, e.g. HMRC requires financial records to be kept for a minimum period of 7 years.
If you do not like the way we are processing your data, please tell us. Contact details are above. You also have a right to lodge a complaint with the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF
25 May 2018