The PCC of St John’s Church, Pleck, Walsall is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
The PCC of St John’s Church, Pleck, Walsall complies with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for some or all of the following purposes:
Your personal data will be treated as strictly confidential. It will only be shared with third parties where it is necessary for the performance of our tasks or where you first give us your prior consent, or except in certain limited situations, such as where we are required to do so by law or to protect members of the public from serious harm.
It is likely that we will need to share your data with some or all of the following, but only on an as-needed basis:
Internally: We will share your data amongst staff, trustees, treasurers, elders, team and group leaders. When you give us your email address or number, for example, it is stored in our secure staff-only database. The staff use that information for their specific roles and if you join a small group or serving team, the leaders are given access to that basic information, for example.
Legal compliance: We are legally obliged to share some information to adhere to UK law. For example, as we are a registered charity, we must submit our accounts, which need to be audited by a third party accountant. We must also fulfil our legal requirements for safeguarding, for which it may be necessary to share your information with law enforcement entities.
Approved third-parties: When we use the term third-party, we mean systems or organisations that are necessary for St John’s Church to function, as we are not able to internally do that work. We will carefully vet these before use to ensure they will in turn keep personal data secure in line with the law. We do not give, sell, trade or share any of your personal data to organisations that we think may be of interest to you, ever.
Examples of our approved third parties are, but not limited to:
Diocesan: Diocese of Lichfield, The Church of England, other local churches (when carrying out joint events or activities).
IT: Google (staff email, data storage, administrative tools, data management), MailChimp (email distribution and design), SurveyMonkey, Doodle (data collection).
Financial organisations: HMRC (gift aid reporting), Lloyds (banking), Stewardship (giving).
Venues for Events: for attendees only.
We keep your personal data for no longer than reasonably necessary having regard to the original purpose for which the data was processed. In some cases we will be legally obliged to keep your data for a set period.
Examples are below:
Specifically, we retain electoral roll data while it is still current; gift aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate; and parish registers (baptisms, marriages, funerals) permanently.
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: