Privacy
DATA PRIVACY NOTICE
The Parochial Church Council (PCC) of St George the Martyr, Newbury
1. Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
2. Who are we?
The PCC of St George the Martyr, Newbury is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
3. How do we process your personal data?
The PCC of St George the Martyr, Newbury complies with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for the following purposes: –
To enable us to provide a voluntary service for the benefit of the public in a particular geographical area as specified in our constitution;
To administer membership records;
To fundraise and promote the interests of the charity;
To manage our employees and volunteers;
To maintain our own accounts and records (including the processing of gift aid applications);
To administer facility bookings and lettings (including Centre, hall, meeting room & church bookings and related facilities & services)
To inform you of news, events, activities and services running at St George’s or in the wider benefice;
To operate the St George’s and benefice web site(s) and deliver any services that individuals have requested.
To contact individuals via surveys to conduct research about their opinions of current events and services or of potential new events and services that may be offered.
To share your contact details with the Diocesan office so they can keep you informed about news in the diocese and events, activities and services that will be occurring in the diocese and in which you may be interested.
4. What is the legal basis for processing your personal data?
Explicit consent of the data subject so that we can keep you informed about news, events, activities and services and process your gift aid donations and keep you informed about diocesan events.
Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract (including Centre, hall, meeting room & church bookings and related facilities & services.
Processing is necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement;
Processing is carried out by a not-for-profit body with a political, philosophical, religious or trade union aim provided: –
the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes); and
there is no disclosure to a third party without consent.
Processing relates to personal data manifestly made public by the data subject;
Processing is necessary for archiving purposes in the public interest, or scientific and historical research purposes or statistical purposes.
5. Sharing your personal data
Your personal data will be treated as strictly confidential and will only be shared with other members of the church and clergy in order to carry out a service to other church members or for purposes connected with the church. Other than parish register information that we are legally obliged to report to the General Register Office or deposit with the Diocesan Records Office, we will only share your data with third parties outside of the parish and benefice with your consent.
6. How long do we keep your personal data?
We keep data in accordance with the guidance set out in the guide “Keep or Bin: Care of Your Parish Records” which is available from the Church of England website https://www.churchofengland.org/sites/default/files/2017-11/care_of_parish_records_keep_or_bin_-_2009_edition.pdf.
Further details about retention periods can currently be found in the Record Management Guides located on the Church of England website at: https://www.churchofengland.org/more/libraries-and-archives/records-management-guides
Specifically, we retain electoral roll data while it is still current; gift aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate; records for safeguarding purposes (for various periods, see guides above); and parish registers (baptisms, marriages, funerals) permanently.
7. Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: –
The right to request a copy of your personal data which the PCC of St George the Martyr, Newbury holds about you;
The right to request that the PCC of St George the Martyr, Newbury corrects any personal data if it is found to be inaccurate or out of date;
The right to request your personal data is erased where it is no longer necessary for the PCC of St George the Martyr, Newbury to retain such data;
The right to withdraw your consent to the processing at any time
The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable)
The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
The right to object to the processing of personal data, (where applicable)
The right to lodge a complaint with the Information Commissioners Office.
8. Transfer of Data Abroad and Service Providers
Where we store your personal data
Dependent on the third party providers we use, the data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). The relevant providers all abide by and are registered under the relevant EU data privacy agreements. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy and in compliance with all relevant UK data protection legislation.
All information you provide to us is stored on our providers’ secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Our Providers
We use a third party provider SendGrid to deliver our email newsletters and similar communications. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-newsletter. For more information, please see https://sendgrid.com/policies/security/ and https://sendgrid.com/policies/privacy/ We also use Google Groups for opt-in mailing lists, please see https://policies.google.com/privacy?hl=en
We use a third party provider HostPapa to run our website and email servers. Our website uses the WordPress platform which requires visitors that want to post a comment to enter a name and email address, although this is not displayed to other visitors. https://www.hostpapa.co.uk/privacy/
We use a third party provider Polldaddy for online surveys. For more information, please see https://polldaddy.com/privacy/ this is run by the same company Automattic, that provides WordPress hosting and related services, their privacy policy is here https://automattic.com/privacy/
9. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
10. Contact Details
To exercise all relevant rights, queries of complaints please in the first instance contact the Parish Administrator on 01635 41249. St George the Martyr, Andover Road, Newbury RG14 6NU.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
11. Additional Information with respect to the Website & Cookies
We will collect and process the following data about you in the following ways:
Information you give us. This is information about you that you give us by registering for an account or filling in forms on our website (our site) or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you register to use our site, participate in discussion boards or other social media functions on our site, surveys campaigns and when you report a problem with our site. The information you give us may include your name, address, e-mail address and phone number.
Information we collect about you. With regard to each of your visits to our site we will automatically collect the following information:
technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, and operating system and platform;
information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page and any phone number used to call our customer service number.
Cookies
Our websites use cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our sites.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
We use the following cookies:
Strictly necessary cookies. These are cookies that are required for the operation of our websites. They include, for example, cookies that enable you, where provided, to log onto the secure area of our websites.
Analytical/performance cookies. These allow us to recognise and count the number of users and to see how the users move around our websites when they are using it. This helps us to improve the way our websites work, for example, by ensuring that users are finding what they are looking for easily.
