Summary Section of the
Data Privacy Notice for the
Parochial Church Council and Vicar of Crofton Parish
The Parochial Church Council [PCC] of Crofton Parish and the Vicar of Crofton Parish hold and process information (often called “data”) about members of the Parish’s congregations, its staff and volunteers and other who have had contact with the Parish.
The PCC and Vicar share a single Data Privacy Notice. They are committed to applying the highest standards to the management and use of the personal information they hold; these standards will at least meet the stringent legal requirements of the General Data Protection Regulation [GDPR].
This means that only the personal information necessary for the PCC and Vicar to operate is held and it is only held while it is still needed by the PCC and Vicar, or because there is a legal requirement to hold it longer. The information is held securely and is only seen by those who need to know or have a legal right to know the information. We recognise that, because of the pastoral and safeguarding activities of the Parish, some of the information held is what the GDPR refers to as special category data or criminal offence data; we follow the requirements to take special care of this information.
The GDPR specifies a number of allowable reasons for holding and processing personal data. With the wide variety of contacts and activities within the parish, the PCC and Vicar rely on a variety of these reasons; the ones we rely on are consent, legitimate interest, contract and legal obligation. The PCC and Vicar recognise and check the extra conditions that must be met to process special category data.
How we process personal data, the basis for processing it and the length of time we hold the data varies depending on your relationship with the PCC and Vicar. These are listed in the later sections of the full version of this privacy notice (available online).
In general, the principles the PCC and Vicar follow are:
- If you have become a regular member of the Parish (indicated by joining the Congregational Database) or one of the groups run as part of the Parish, we use legitimate interest as the GDPR basis for using your data. This means that, although we do not tell you in advance all the ways we might use your information, we will only use in in ways you would reasonably expect and in ways which would not impact on your privacy. We may share your personal information with the Diocese, but will need a compelling reason; if we are unsure we will contact you for your consent.
- If, however, you have only had occasional contact with the Parish through, say, just visiting for a service or two, or from attending occasional events like Alpha or have been married in the Parish or have booked a room in the Parish Centre, the PCC and Vicar will let you know all the ways we will use your information and will obtain your consent for it to be used in these ways.
The PCC and Vicar do not sell personal information. There are times when they are legally required to share some of the information with other organisations.
The PCC and Vicar will respond to reasonable requests from you to find out what information they hold about you, to correct the information if it is not correct and, unless there is a legal or safeguarding requirement to keep it, to have the information deleted. There is a considerable amount of data that the PCC and Vicar hold that cannot be deleted.
If you wish to view, update or delete the information held about yourself by the PCC and Vicar either contact the Parish Office at Holy Rood Church, Gosport Road PO14 2AS or email email@example.com.
The PCC and Vicar have appointed the PCC Secretary, Simon Swindells, as the Parish’s Data Compliance Officer. He can be contacted via the Parish Office.
You can contact the Information Commissioners Office on 0303 123 1113 or email via https://ico.org.uk/global/contact-us/email/
This is just the Summary section of the Privacy Notice. Follow the links on this page to view or download the complete notice.
(Release 2, 25th February 2019)