St Gabriel's Privacy Notice
St Gabriel’s Church undertakes to collect and use personal data in compliance with the GDPR (General Data Protection Regulations).
1. Personal data
Personal data relates to a living individual who can be identified from that data. (Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into their possession.)
2. Who is responsible for personal data in St Gabriel’s?
The Church Council of St Gabriel’s is the data controller. This means it decides how your personal data is processed and for what purposes.
3. How does St Gabriel’s process personal data?
St Gabriel’s complies with its obligations under the "GDPR" by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
St Gabriel’s uses personal data for the following purposes: -
• To meet relevant legal, statutory or contractual obligations
• To enable the Church to fulfil the its ministry and mission, providing a voluntary service for the benefit of the public in the area
• To organise and perform ecclesiastical services such as baptisms, confirmations, weddings and funerals;
• To promote the interests of the Church and raise money for its ministry and mission;
• To administer our list of adult and child members, friends and regular attendees
• To ensure the safety of children and vulnerable adults
• To manage our employees and volunteers
• To maintain our own accounts and records (including the processing of gift aid applications)
• To provide pastoral support for members and others connected with St Gabriel’s
• To inform people of news, events, activities and services running at St Gabriel’s
4. What is the legal basis for St Gabriel’s processing personal data?
• Some of our processing is necessary to comply with legal obligations including employment, social security and social protection law. Examples include the church Electoral Roll, marriage registers, Gift Aid declarations and safeguarding records.
• Some of our processing is necessary to fulfil contractual obligations. Examples include employee-related matters, lettings arrangements and the paying of bills.
• Some of our processing, while not being legally or contractually necessary, is necessary for our legitimate interests (enabling our charitable and missional aims). Examples include maintaining membership records, operating team rotas in connection with
services and other activities, and seeking and recording financial donations from members.
• We have explicit consent from people so that we can keep them informed about news, events, activities and services.
• Processing is carried out by St Gabriel’s, as a not-for-profit body with a religious aim, and relates to members, former members, or those who have regular contact with St Gabriel’s in connection with its purposes.
5. Sharing personal data
Personal data will be treated as strictly confidential and will only be shared with other members of the church in order to carry out a service to other church members or for purposes connected with the church. We will only share data with third parties outside of the parish with the subject’s consent.
6. How long do we keep personal data?
We will keep data only as long as is deemed necessary, taking into account legal obligations, accounting and tax obligations, and considering what would be reasonable for the activity concerned. Specifically: we retain membership data while the subject is part of St Gabriel’s or linked in any kind of active relationship, thereafter archiving information for a period before finally deleting it; details of donations, gift aid declarations, salary payments and associated paperwork are kept for 6 years after the calendar year to which they relate to meet tax and accounting requirements; and parish registers (baptisms, marriages, funerals) are kept permanently.
7. Personal rights and personal data
Unless subject to an exemption under the GDPR, a person has the following rights with respect to their personal data:
• The right to request a copy of personal data which St Gabriel’s holds, and where possible to transmit that data directly to another organisation (the right to data portability) where applicable
• The right to request that St Gabriel’s corrects any personal data if it is found to be inaccurate or out of date
• The right to request your personal data is erased where it is no longer necessary for St Gabriel’s to retain it
• The right to withdraw your consent to the processing at any time
• The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing
• The right to object to the processing of personal data
• The right to lodge a complaint with the Information Commissioners Office.
8. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.
9. Contact Details
To exercise all relevant rights, queries or complaints please in the first instance contact St Gabriel’s Church Manager (firstname.lastname@example.org or 020 8830 6626).
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.