Who are we?
The King’s Church, Durham (“KCD”) is the data controller, managed by the Trustees (contact details below). This means they decide and are responsible for how your personal data is processed and for what purposes.
Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or together with any other information KCD holds. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
How do we process your personal data?
KCD complies with its obligations under the GDPR by:
- keeping personal data up to date;
- storing and destroying it securely;
- not collecting or retaining excessive amounts of data;
- protecting personal data from loss, misuse, unauthorised access and disclosure;
- ensuring that appropriate technical measures are in place to protect personal data;
- profiling for your benefit not discrimination e.g. children’s groups, men’s or women’s events.
Why do we process personal data?
We process personal data to fulfil our legitimate interests and activities as follows:
- fulfil our charitable and company aims;
- maintain our record of current and former church members and regular contacts;
- enable church members to communicate with one another;
- record and track pastoral events and needs in order to coordinate and provide pastoral care for members and ministry recipients;
- provide, evaluate and improve services to church members and ministry recipients;
- inform people of news, events, activities and services running at KCD e.g. in notice sheets, emails, the website etc;
- safeguard children, young people and adults at risk;
- fundraise and promote the interests of the charity, our goods and services;
- recruit, support and manage trustees, staff, volunteers and trainees;
- provide education, training and references;
- purchase and deliver goods and services needed to fulfil a ministry;
- maintain financial accounts and records, including gift aid, pensions, pledges and salaries;
- secure and manage property and premises;
- undertake research and statistical analysis;
- respond effectively to enquirers;
- handle any complaints;
- send accurate reports to Companies House and the Charities Commission.
What is the legal basis for processing your personal data?
ANY one of the following, forms a legal basis for processing your personal data.
- This is the most common reason – as a not-for-profit organisation with a religious aim we can process data (including special categories like religious beliefs and health), in the course of our legitimate activities with appropriate safeguards, provided that:
- the processing relates only to members or former members, or those who have regular contact with KCD in connection with those purposes/aims; AND
- KCD will not pass that data on to a third party without your consent UNLESS your interests, rights and freedoms could be clearly harmed.
- Where it is necessary for carrying out legal obligations e.g. under employment, social security or social protection laws, or a in collective agreement.
- Where the processing is necessary to protect someone’s life.
- Where processing relates to personal data, which is manifestly made public within the church community and/or more widely, by the data subject;
- Or with your clear, specific and informed consent.
Sharing your personal data
Your personal data will be treated as confidential and will only be shared with other members of KCD for purposes outlined above.
We will only share your data with third parties outside of KCD with your consent, unless we have a legal exemption, for example, safeguarding.
How long do we keep your personal data?
We keep data in accordance with our Data Protection policy. Please email the Data Protection Lead for more information.
Specifically, we keep gift aid declarations and associated paperwork for up to 10 years after the calendar year to which they relate; and records of baptisms, marriages, and funerals permanently.
If you think you might need a ministry or character reference from us after you leave KCD, you will need to give us permission to keep relevant data to refer to.
Your rights as to your personal data
Unless under an exception in the GDPR, you have the following rights: –
- The right to request a copy of your personal data which KCD holds about you;
- The right to request that KCD corrects any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary for KCD to retain such data;
- The right to withdraw your consent to the processing at any time;
- The right to request that KCD provide you with your personal data;
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data, (where applicable);
- The right to lodge a complaint with the Information Commissioner’s Office.
If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then before processing, we will provide you with a new notice explaining this new use and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your consent to the new processing.
To see our full Data Protection Policy, exercise your rights or express any queries or complaints please contact our Data Protection Lead for the Trustees, Katherine Jacklin by email email@example.com or by telephoning our office on 0191 384 2018.
You can contact the Information Commissioner’s Office on 0303 123 1113 or via email or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.