- East Clevedon Churches
- All Saints’, East Clevedon
- St Mary’s, Walton Clevedon
- St Paul’s Walton in Gordano
- St Peter & St Paul, Weston in Gordano
From time to time our churches need to gather and use certain information about individuals. These can include parishioners, members of the congregation and other people the church has a relationship with or may need to contact.
This Notice explains how data (information) relating to individuals is used by church to ensure compliance with the law which requires information to be collected and used fairly and stored securely.
(Words/terms that are underlined are defined in the Glossary at the end of this document.)
1. What is your personal data?
Personal data relates to a living individual who can be identified from that data
2. Who are we?
The PCC of each Church (“the PCC”) is the Data Controller (contact details below)
3. How do we process your personal data?
The PCC complies with its obligations under the General Data Protection Regulations (GDPR) by:
- keeping personal data up to date
- storing and destroying it securely
- not collecting or keeping excessive amounts of data
- protecting data from loss, misuse, unauthorised access and disclosure
- ensuring appropriate technical measures are in place to protect personal data
We use your personal data for the following purposes:
- to enable us to provide a voluntary service for the benefit of the public in the parish
- to administer membership records
- to fundraise and promote the interests of the church
- to manage our volunteers
- to maintain our accounts and records (including the processing of gift aid applications)
4. What is the legal basis for processing your personal data?
- explicit consent of the data subject for specifically defined purposes
- processing is carried out by the PCC provided:
- the processing relates only to members or former members or those in regular contact with the PCC and church
- there is no disclosure to a third party without consent
5. Sharing your personal data
Your personal data will be treated as strictly confidential and will only be shared with other members of the church in order to carry out a service to other church members or for purposes connected with the church. We will only share your data with third parties outside the parish with your consent.
6. How long do we keep your personal data?
We keep data in accordance with the guidance set out in the guide “Keep or Bin: Care of Your Parish Records” which is available from the Church of England website.
Specifically, we retain electoral roll data while it is still current; gift aid declarations and associated paperwork for up to 7 years after the tax year to which they relate; and parish registers (baptisms, marriages, funerals) permanently.
7. Your rights and your personal data
Unless subject to an exemption under GDPR, you have the following rights with respect to your personal data:
- the right to request a copy of your personal data, held by the PCC
- the right to request that the PCC corrects any personal data if it is found to be inaccurate or out of date
- the right to request your personal data is erased where it is no longer necessary for the PCC to retain it
- the right to withdraw your consent to the processing at any time
- the right to object to the processing of personal data in certain situations
- the right to lodge a complaint with the Information Commissioners Office
8. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and explain the purpose and processing conditions. Where necessary, we will seek your prior consent to the new processing.
9. Contact Details
To exercise all relevant rights, and for queries or complaints please contact the Parish Office in the first instance: firstname.lastname@example.org
Personal data – information about a living individual which can be used to identify that individual
Data controller – the PCC of each Church who determines how and what data is processed
Process(ing) – anything done with personal data, including storing it
Data subject – the individual whose personal data is processed