Diocesan Board of Finance Data Privacy Notice

DATA PROTECTION IN THE DIOCESE OF ELY

Data Privacy Notice – 28/06/2018


Data Controller

The Diocesan Secretary, Ely Diocesan Board of Finance, Bishop Woodford House, Barton Road, Ely, CB7 4DX.

Introduction

The scope of this privacy notice covers all data subjects whose personal data is collected, in line with the requirements of the GDPR (General Data Protection Regulation). This notice governs the handling of personal data by the Diocese where the information has been supplied by the data subject for the purposes of undertaking diocesan duties. This privacy notice will be published on our website and will be reviewed regularly. This policy covers:

  • Our responsibilities
  • Why we process your personal information
  • What information about you we may process
  • How long we keep your information for
  • Who we may share this information with
  • Your rights under the law.

Responsibilities

The Data Protection Manager is responsible for ensuring that this notice is made available to data subjects prior to the Diocese collecting/processing their personal data.

All representatives of the Diocese who interact with data subjects are responsible for ensuring that this notice is drawn to the data subject’s attention and their consent to the processing of their data is secured where consent is used as a basis for processing.

Our Data Protection Manager can be contacted directly here:

Where did Ely Diocesan Board of Finance receive your personal data from?

  • Ely Diocesan Board of Finance might also receive your personal data from third party sources such as Crockford’s Clerical Directory, A Church Near You, Parish Websites and other publicly accessible sources such as Google.

Why the Diocesan office processes personal details

  • We, the staff at the Diocesan office, need to be able to get in touch with the key people in parishes and deaneries across the Diocese to help us provide a proper service to you.
  • The services and daily legitimate activities we offer/undertake include:
    • ministry and mission support (including the filling of vacancies);
    • event management;
    • financial advice and support;
    • legal advice relating to trusts and other matters;
    • work relating to pastoral reorganisation and the Church Representation Rules;
    • advice relating to church buildings, their development and maintenance;
    • work relating to parsonages and other housing and property management;
    • provision of safeguarding training and advice;
    • educational work both in our church schools, academies and beyond;
    • publication of the Diocesan newsletter and all the news and guidance on our website.
  • In addition, we are legally required to consult with key office holders such as clergy, PCC Secretaries, PCC Treasurers and Churchwardens on matters affecting the Diocese and need to be able to write to these people.


Lawful basis for processing

Purpose of processing

Lawful basis for processing

Legitimate interests (if applicable)

Ministry and mission support

Contractual performance, legal obligation, consent, legitimate interest

Conduct of normal business; to contact LLMs and ALMs about courses for further professional training; to have an accurate record of training undertaken and to send certificates

Event management

Contractual performance, legal obligation, legitimate interest

To send resource packs after the events

Financial advice and support

Legitimate interest

To manage operational funding; to maintain local treasurers informed

Advice on legacy giving

Legitimate interest

To provide advice on legacy giving

Legal advice relating to trusts and other matters

Legal obligation

Work relating to pastoral reorganisation and the Church Representation Rules

Legal obligation, legitimate interest

Conduct of normal business

Advice relating to church buildings, their development and maintenance

Legal obligation

Work relating to parsonages and other housing and property management

Contractual performance, legal obligation

Provision of safeguarding training and advice

Legal obligation, legitimate interest

To keep an accurate record of safeguarding training undertaken and to send certificates; to inform safeguarding officers of upcoming courses to keep their training up to date

Educational work in our church schools, academies and beyond

Legal obligation, legitimate interest

To liaise with schools and provide support and guidance

Publication of the Diocesan newsletter and all the news and guidance on our website

Consent, legitimate interest

To provide information on the running of the Diocese

Consultation with key office holders (such as clergy, PCC Secretaries, PCC Treasurers and Churchwardens) on matters affecting the Diocese

Legal obligation, legitimate interest

To consult with key office holders on matters affecting the Diocese


Consent

Where we are using consent to process your data, by consenting you give us permission to process your personal data specifically for the purposes identified.

Consent is required for Ely Diocesan Board of Finance to process both types of personal data, but it must be explicitly given. Where we are asking you for sensitive personal data we will always tell you why and how the information will be used.

You may withdraw consent at any time by informing us that you wish to withdraw your consent. This can be by email, letter, telephone or in person.

Type of information processed

We process information relevant to the above reasons and purposes. This information may include:

  • Personal details
  • Family details (such as next of kin)
  • Membership details
  • Qualification and training records
  • Financial details in order to make payments.

We also process special categories of data. This information may include:

  • Religious beliefs
  • Health data.

What if I do not want to provide the information asked for?

You do not have to provide us with any personal data you do not want to. However, failure to provide data that we need to carry out our duties will mean that we won’t be able to provide you with services you have requested.

How long will we keep your information?

  • We will only keep information for as long as necessary in line with our retention schedule, a copy of which can be obtained from the Diocesan Data Protection Manager). The retention schedule has been devised in line with Church of England guidance and legal obligations which the Diocese must follow.
  • If after the Annual Parochial Church Meeting (APCM) you no longer hold a formal role within the parish, please tell us and your information will be archived in accordance with our Data Retention guidelines.
  • Clergy information will be held for the duration of service in post and thereafter archived.
  • We will hold information for the duration of a recognised role in the Diocese - ALMs, LLMs, PTO.
  • We will retain archived information to ensure a consistent and historical record is kept to support of the work of the Diocese in accordance with our Data Retention guidelines.
  • Some personal information may be retained indefinitely to ensure compliance with our legal safeguarding requirements.

Sharing information

  • Information might be shared with individuals or organisations including: Members and their families, Employees, Prospective employers, other church bodies (eg. The Archbishops Council), volunteers engaged by the Diocese, other such recipients where it is necessary to share data to discharge Diocesan obligations.
  • Information may also be shared with any third-party services the Diocese engages to help it fulfil its obligations. These include:
    • Our IT providers
    • Mailing providers
    • Survey tools
    • Training providers
    • Regulatory bodies required by law.

Where we keep this information?

  • Information the Diocese stores remains inside the EU. It is encrypted and securely held on password protected servers with no permitted access to anyone unless they have an operational/Diocesan business need to do so.
  • If a data subject permits us to do so, contact information will be made available through the Diocesan website or within the online and printed Diocesan Directory. It should be noted this information will then be visible outside of the UK.
  • Diocesan teams make use of third party services to keep you updated (such as MailChimp for subscription e-newsletters and Survey Monkey for questionnaires). Please note that these third party services may hold your personal data in the US: any personal data processed in the US is in accordance with the Privacy Shield safeguard.
  • Data protection guidance for the above providers can be found below:

Your rights

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

  • Right of access – you have the right to request a copy of the information that we hold about you. You can obtain a copy of our subject access request form from the Diocesan Data Protection Manager.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
  • Right of portability – you have the right to have the data we hold about you transferred to another organisation.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling. We currently do not use any automated decision-making or profiling: if this changes we will update this privacy notice accordingly.
  • Right to judicial review: in the event that Ely Diocesan Board of Finance refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below.

All of the above requests will be forwarded on should there be a third party involved in the processing of your personal data. To exercise any of these rights please contact our Data Protection Manager.

Complaints

In the event that you wish to make a complaint about how your personal data is being processed by the Diocese (or third parties as described above), or how your complaint has been handled, you have the right to lodge a complaint directly with the Information Commissioner’s Office and the Diocese’s Data Protection Manager.

Review Date: 28/06/2018

Version: 1.2

Authorised by: Data Protection Manager

Notes

View our Data Retention Statement here.

View our other main EDBF Data Protection Policies and Procedures here.