Parish Church of St Luke - Holmes Chapel (Church Hulme)
Data Privacy Notice
[download a copy for printing]
This notice clarifies how we process (that is, treat and look after) personal data supplied to us in connection with your membership of St Luke’s Church in Holmes Chapel (the Church). We can assure you that the Church has always done its best to protect and respect personal information about its members and will continue to do so. The processing of personal data is governed by the EU General Data Protection Regulation (GDPR) and the counterpart UK Data Protection Act -2018 (2018 Act), coming into force in May 2018. This new legislation gives individuals more rights and protection in how their personal data is used by organisations including churches and registered charities.
- Personal data – what is it?
Personal data relates to information about a living individual (the data subject) who can be identified from that data alone or else together with any other information we may already have or are likely to acquire.
- Who deals with the personal data?
The Parochial Church Council of Church Hulme (the Church Council) is the data controller represented by its Data Protection Officer (DPO), Dr Stephen C Smith (contact details below). The data controller decides how personal data is processed and held by the Church Council and for what purposes. The Church Council is a charity registered in England no. 1132587.
- How will we process the personal data?
The Church Council complies with its obligations under GDPR and the 2018 Act by:
- keeping personal data up to date, storing it securely and destroying it when necessary;
- not collecting or retaining excessive amounts of personal data;
- protecting personal data from loss, misuse, unauthorised access and disclosure; and
- ensuring that appropriate technical measures are in place to protect personal data.
In general, we may use personal data for any one or more of the following purposes: –
- fund-raising and promoting the Church’s charitable interests;
- informing Church members about news, events, activities and services at St Luke’s;
- providing voluntary service to public benefit mainly within the parish of Holmes Chapel and Cranage;
- administering membership records;
- managing Church Council employees and volunteers;
- keeping the Church Council accounts and records (including processing of Gift Aid);
- sharing contact details of Church Council members and officers with the Diocesan office to inform about relevant news, activities and services in the Diocese.
- What is the legal basis for processing personal data?
One or more of the following:
- Where we have explicit consent to keep people informed about news, events, activities and services and process gift aid donations.
- Where we have legitimate interests to enable Church activities, events and operations (including fund-raising, stewardship and other planned giving activities) to be planned and run safely and legally, and with the appropriate resources and equipment.
- Where we need to process personal data to fulfil our legal obligations such as those to Government agencies or under contracts.
- Where, as a not-for-profit body with a religious aim, the processing relates only to Church members or former members (or those who have regular contact with the Church for religious purposes) and there is no disclosure to a third party without the data subject’s consent.
- Sharing personal data
Your personal data is treated as strictly confidential and will only be shared with other Church members as necessary to manage, organise, plan, run or operate the activities that you have consented to, and for operational reasons.
We will only share your data with third parties with your consent or where we must do so by law.
- How long do we keep your personal data?
We keep data in accordance with the Church of England guidance available from their website
In particular, we will keep:
- electoral roll data while it is still current;
- gift aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate;
- parish registers (baptisms, marriages, funerals) permanently
- details about children’s, young people’s and vulnerable adults’ activities and events for at least 50 years after the last activity.
- Internet and Social Media
The Church Council operates one or more websites and visits to those websites capture certain information such as the type of browser used to access the sites, IP address of the device used, pages viewed. We will not use this information to identify individuals and will only use the data to identify trends and patterns of usage to improve our services through the websites.
We also use social media, currently Facebook, to publicise images, audio, video and information relating to events, activities and the Church. These media are publicly available and are used by us as a service to inform about future activities and report on past events. Our posting/publishing information is not tailored to specific individual preferences and so signing up/subscribing to an account will only deliver information non-specifically. Any personal information provided will be subject to the Privacy Notice of the respective service provider, currently Facebook.
Original images, videos, audio files and any other information which is subject to copyright and supplied for publication on the Church Council’s websites and social media such as its Facebook page are used with the copyright owner’s permission.
- Your rights and your personal data
Unless subject to an exemption under the GDPR or the 2018 Act, you have the right to:
- request a copy of the personal data we hold about you;
- ask us to correct any inaccurate or out of date personal data about you;
- request your personal data is erased where it is no longer necessary for us to hold it;
- withdraw your consent at any time to the data being used;
- request that the data is no longer used where there is a dispute about its accuracy or usage;
- object to our use of your personal data;
- ask that we provide you with your personal data and, where possible, transmit that data directly to another data controller, (known as the right to data portability);
- lodge a complaint with the Information Commissioner’s Office (see below).
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
- Further processing of your personal data
If we wish to use your personal data for a new purpose, not covered by this Privacy Notice then we will provide you with a new notice before we do so. The new notice will explain what the new use is, the reasons for it and how it will be performed. We will always seek your consent before using the data for a new purpose.
- Who to contact
If you have any questions or concerns or wish to exercise any of the rights (including withdrawing consent to process your personal data), please contact in the first instance our Data Protection Officer (DPO):
Dr Stephen Smith: New Farm, Twemlow Green, Holmes Chapel, CW4 8BS
Tel: 01477 571872
If he is unable to help or if you are not satisfied, you can contact The Information Commissioner:
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 03031 231113
Privacy Notice issued: 26 May 2018 (minor updates: 29 October 2022)