FIRST CHURCH OF CHRIST, SCIENTIST, CHELTENHAM

DATA PRIVACY POLICY

The processing of personal data (including use) is governed by the General Data Protection Regulation (the “GDPR”). This is an EU Regulation soon to be replaced in the UK by a new Data Protection Act (DPA). Personal data relates to a living individual who can be identified from it (the ‘data subject’).

Consent and legitimate interests
The church considers it has legitimate interests in holding the personal data of present and former members, Sunday school pupils and their parents/guardians, members, former members, suppliers, volunteers, suppliers, customers and employees, so consent is not required from these individuals. We share members’ contact details with all other members for administrative use.

It is our policy that consent should be sought from non-members whose personal data is held by the church in order to keep them informed about activities such as lectures, services, meetings and Reading Room activities.

Use of personal data
Personal data is used as following:

  • to administer membership records;
  • to manage the church’s activities, suppliers, customers, and volunteers;
  • to maintain financial records (including the processing of gift aid applications);
  • to inform people in the community of events and activities of the church and of related activities in the Christian Science movement and to respond to inquirers;
  • generally, to promote the interests of the church.

If the church wishes to use personal data for a purpose not covered by this Data Privacy Policy, a new notice will be issued explaining the use and setting out the purposes and processing conditions and seeking the data subject’s consent.

Data protection
The church complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure; and by ensuring that appropriate technical measures are in place to protect personal data.

All personal data will be treated as strictly confidential and will only be shared with other members of the church in order to carry out a service to other members or for purposes connected with its activities. It will not be shared with third parties except with the data subject’s consent; it will not be sold.

Data retention
Membership information, Sunday School records, and information related to Safeguarding will be retained for at least 50 years. Non-members’ data held with consent will be retained while it is still current or until consent is withdrawn. Consent will be confirmed every 5 years. Gift aid declarations and associated paperwork will be retained for 7 years after the tax year to which they relate. Other financial records will be retained for 6 years after the transaction year they relate to.

Data subjects’ rights
Data subjects have the right:

  • to request a copy of any personal data which the church holds about them;
  • to request the church to correct any personal data that is inaccurate or out of date;
  • to request that personal data be erased if it is no longer necessary for the church to retain it;
  • to withdraw consent to the processing at any time;
  • to request the data controller to provide them with their personal data and, if they wish, send it to another data controller;
  • if there is a dispute about the accuracy or processing of personal data, to request a restriction be placed on further processing;
  • to object to the processing of personal data;
  • to lodge a complaint with the Information Commissioner’s Office; see the website at www.ico.org.uk.

Data Controller 
The Data Controller is The Board.

Policy reviews
This policy will be reviewed every 2 years and any change adopted as required.

Adopted by the Board

27 May 2018

 

Chair _____Mrs Adrienne Ivey_____________________________________

 

Clerk ___Mr. David Wilson_________________________________________