St Margaret of Antioch Ilford
Privacy and Data Protection
At St Margaret of Antioch, we take your privacy seriously. We are committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR). This privacy policy explains how we collect, use and protect your personal information.
1. What is personal data?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in our possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”) and the Data Protection Act 2018, (the “DPA 2018”).
2. Who are we?
St Margaret of Antioch, Ilford is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
3. How do we process your personal data?
St Margaret of Antioch complies with its obligations under the GDPR and DPA 2018 by keeping personal data up to date, by storing and destroying it securely, by not collecting or retaining excessive amounts of data, by protecting personal data from loss, misuse, unauthorised access and disclosure, and by ensuring that appropriate technical measures are in place to protect personal data.
We may use your contact data for the following purposes:
-
To support communications by letter, email and telephone;
-
To include as required in meeting minutes, reports, agendas, invitations and other documents;
-
To maintain a database of contacts, parishes and posts;
-
Administration of training events, special services, conferences, consultations and other gatherings of diocesan post-holders;
-
Recording of attendance at training events, meetings, etc when there is a need to do so.
We may also process your personal data as a result of:
-
Identity checks required to complete DBS checks
-
And prevention of crime
4. What is the legal basis for processing your personal data?
Processing is carried out under different legal bases depending on the circumstances:
-
Legal Obligation - where we are required to meet legal requirements, such as legislation for taxation, charity law, safeguarding, employment law, health and safety, or church representation/faculty law.
-
Legitimate Interest - to support the collaborative working between the Church and members of our parishes, deaneries and the general public.
5. Sharing your personal data
Your personal data will be treated as confidential and will only be shared when necessary. If we wish to share your personal data outside the Church of England, then we will always seek your consent first.
6. How long do we keep your personal data?
We keep your personal data for no longer than reasonably necessary. This includes following Church of England guidelines in ‘Save or delete: the Care of Diocesan Records’ and ‘Personal Files Relating to Clergy’, see Church of England's records management guides. Our general policy for retention of personal data is:
-
Contact data held on personal devices (mobile phones, PCs, laptops, etc): reviewed and updated/deleted annually;
-
Contact/post database entries are changed to archive status when you no longer hold any post. Historic post data remains on archive for 25 years;
-
Training administration data: five years from the course date;
-
Training attendance data: six years after employment ceases;
-
Financial transaction data: six years from transaction date;
-
Logs of DBS checks are held indefinitely.
7. Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: -
-
The right to request a copy of your personal data which the Church holds about you;
-
The right to request that the Church corrects any personal data if it is found to be inaccurate or out of date;
-
The right to request your personal data is erased where it is no longer necessary for the Church to retain such data;
-
The right to withdraw your consent to the processing at any time;
-
The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
-
The right to lodge a complaint with the Information Commissioners Office.
8. Further processing
​If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
9. Contact Details
To exercise all relevant rights, queries or complaints, please in the first instance contact the data protection officer. You can contact the Information Commissioners Office on 0303 123 1113, via email or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Privacy Notice May 2019