Login Search
Emmanuel Church, Plymouth
in partnership with St Paul's, Efford
June 2023

DATA PROTECTION AND PRIVACY POLICY

 The Parochial Church Council (PCC) of Plymouth (Emmanuel)

 The Parochial Church Council (PCC) of Plymouth (Emmanuel) is classed as a Data Controller under the Data Protection Act 1998 (“the Act”). This statement confirms our commitment to protect your privacy and to process your personal information in accordance with the Act.  Our main point of contact for data protection matters is Simon Springett.  If you have any questions about this policy, please email us: office@emmanuelplymouth.co.uk; or in writing to The Parish Office, Emmanuel Church, 1 Compton Avenue, Plymouth, PL3 5BZ.
 
What personal information we might collect:
We may collect and process the following examples of personal information, although we may, at times, also need to collect other personal information that is not listed here:
    • Your name
    • Contact information (for example address, telephone numbers, email addresses)
    • Information about your age, ethnicity, gender, nationality, disability status
    • Your occupation
    • Your place of work
    • Information about your qualifications
    • Information about your skills and expertise
    • Information relevant to our HR function
    • Information that is relevant to us carrying out our duties as a church and charity.
    • We may sometimes hold special categories of personal data such as information about your health and wellbeing, religious beliefs, or in the case of background checks, information about criminal records or proceedings.
 
How we get the information and why we have it
We gather the information from various sources but always in accordance with at least one legal basis for processing:
We collect and process qualifications and administrative details, and where necessary information to allow us to conduct DBS checks, for those who work for the church (whether the work is paid or voluntary) on the basis of legal obligation and legitimate interest.
We may collect or receive (from third parties, for example family members, other parishioners or other diocese or external agencies) personal data about you to allow us to deliver pastoral and spiritual care; such data is processed on the basis of legal obligation and legitimate interest.
We may collect details of individual supporters and visitors from individuals and from our website, and we process these on the basis of legitimate interest.
We collect financial details in order to receive and make payments.  We process these on the basis of legitimate interest and/or the performance of contracts. 

What we do with the information:
We may use/process this information to:
    • Carry out our religious, social and charitable functions
    • Handle complaints
    • Conduct investigations
    • Conduct research
    • Understand people’s views and opinions (for example through consultations)
    • Deliver and improve our services
    • Carry out administrative functions (for example HR)
    • Share it with third parties for the purpose of obtaining professional advice and in complying with our contractual obligations
    • Send you information that we think might be of interest to you
    • Comply with our legal and regulatory obligations.
    • To enable us to provide a voluntary service for the benefit of the public generally and in particular in the particular geographical area as specified in our constitution;
    • To provide pastoral, personal and spiritual support for members and others connected with our church;
    • To administer membership records;
    • To fundraise and promote the interests of the churches;
    • To manage our employees and volunteers;
    • To maintain our own accounts and records (including the processing of gift aid applications);
    • To inform individuals of news, events, activities and services run by or at Plymouth (Emmanuel);
    • To share your contact details with the diocesan office so they can keep you informed about news, events, activities and services that will be occurring in the diocese and which are relevant to the role you are undertaking.
    • We operate CCTV at our facilities for the purposes of maintaining the security of property and premises and for preventing and investigating crime.
 
Where we process your information
    • We do not process information outside the UK. 
 
How we store your information
We store your information securely and restrict access to those who need it.  Files are password protected where necessary.
 
Protecting your information
We have appropriate technical and organisational measures in place to protect your information.
We will handle and protect your information in line with the data protection principles set out in the Act:
    • Personal data will be processed fairly and lawfully.
    • Personal data will be obtained only for one or more specified and lawful purpose(s) and will not be processed in a manner that is not compatible with that purpose(s).
    • Personal data will be adequate, relevant and not excessive in relation to the purpose(s) for which they are processed.
    • Personal data will be accurate and where necessary, kept up to date.
    • Personal data will not be kept for longer than is necessary and will be securely deleted  in accordance with the guidance set out in the guide “Keep or Bin: Care of Your Parish Records” which is available from the Church of England website [see footnote for link].[1]
Specifically, we retain electoral roll data while it is still current; gift aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate; and parish registers (baptisms, marriages, funerals) permanently.
    • Personal data will be processed in accordance with the data subject’s rights under the Act.
    • Appropriate technical and organisational measures are in place to protect personal data from unauthorised or unlawful processing and from accidental loss, damage or destruction.
    • Personal data will not be transferred to a country or territory outside of the European Economic Area (EEA) unless we can be assured there is an adequate level of protection for the rights and freedoms of the data subjects.
 
Your data protection rights
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact Simon Springett via: office@emmanuelplymouth.co.uk; or in writing to The Parish Office, Emmanuel Church, 1 Compton Avenue, Plymouth, PL3 5BZ if you wish to make a request.
 
Accessing your information (Subject Access Requests)
Under the Act, you are entitled to ask for a copy of the personal information that we hold about you and to have any inaccuracies in your personal information corrected.
When you submit a request for your personal information, you are entitled to:
    • know what personal information we are processing or have processed.
    • why we have processed your personal data − the reason(s) and purpose(s) for the processing of your personal information;
    • know if we have shared your personal information and if so, with whom and for what purpose(s).  Requests for your personal information should be submitted to us in writing or email.
 
Sharing your personal information
We may need to share your information with third parties. This may be for a variety of reasons but will always be to enable us to undertake our charitable functions and/or to comply with our legal obligations.
When your personal information is shared it will be done so in line with the Act. You are entitled to know why and how we are sharing your personal information (as noted above) and the organisation or individual receiving your personal information will be required to protect your information in line with the Act.
 
Logging and recording of communications with you
We may log communications between you and us for the purposes described earlier in this statement.
 
Links to other websites
Our website includes links to other websites. We are not responsible for the data protection and privacy practices of these organisations, including their website. This Data Protection Policy applies to the Parochial Church Council (PCC) of Plymouth (Emmanuel) only.
 
Cookies
A cookie is a small text file that a website stores on your computer or mobile device when you visit the site.  In addition to first party cookies, set by our website we may use external services, which also set their own cookies, known as third-party cookies.  Persistent cookies are cookies saved on your computer and that are not deleted automatically when you quit your browser, unlike a session cookie, which is deleted when you quit your browser.  When you first visit our website, you will be prompted to accept or refuse cookies.  The purpose is to enable the site to remember your preferences for a certain period of time.  That way, you don’t have to re-enter them when browsing around the site during the same visit.  Cookies can also be used to establish anonymised statistics about the browsing experience on our sites. 
 
Further information about the Data Protection Act 1998
This policy applies to personal data as defined by the Act – that is, data from which a living individual can be identified, either from that data alone, or from that data and other information that is held by the data controller. This includes information held on computer, paper files, photographs, audio recordings and CCTV or webcam footage.
The purpose of the Act is to make sure that personal data is used in a way that is fair to the individual and protects their rights, while enabling organisations to process personal data in pursuit of their legitimate aims. In order to do this, the Act sets out the eight data protection principles (listed earlier in this document) which provide a framework for good information handling which the data controller must comply with.
 
Conditions under which personal data can be processed
Schedule 2 of the Act lists six possible conditions under which personal data can be processed. The processing of personal data can only take place if one of these conditions can be satisfied. The Schedule 2 conditions are:
1.  The data subject has given his consent to the processing. This consent must be fully informed and freely given.
2.  The processing is necessary:
    • for the performance of a contract to which the data subject is a party, or, for example, a contract of employment or a consumer contract.
    • for the taking of steps at the request of the data subject with a view to entering into a contract.
3.  The processing is necessary for compliance with a legal obligation to which the data controller is subject, other than an obligation imposed by contract.
4.  The processing is necessary in order to protect the vital interests of the data subject. This condition is narrowly interpreted by the Information Commissioner and applies to emergency situations only.
5.  The processing is necessary –
    • for the administration of justice,
    • for the exercise of any functions of either House of Parliament,
    • for the exercise of any functions conferred on any person by or under any enactment,
    • for the exercise of any functions of the Crown, a Minister of the Crown, or a government department, or
    • for the exercise of any other functions of a public nature exercised in the public interest by any person.
6.  The processing is necessary for the pursuit of legitimate interests by the data controller or by the third party or parties to whom the data are disclosed, except where such processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject.  The Secretary of State may by order specify particular circumstances in which this condition is, or is not, to be taken to be satisfied.
 
The Information Commissioner’s Office
The Information Commissioner’s Office (ICO) is “the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals” (ICO website). It is responsible for administering the provisions of the Data Protection Act 1998 and the Freedom of Information Act 2000. The Act requires every data controller who is processing personal information to register with the ICO (unless they are exempt). The ICO publishes a Register of data controllers on their website. Our registration reference is ZA842607.
 
For more information
Our main point of contact for data protection matters is Simon Springett.  If you have any questions about this policy, please email us: office@emmanuelplymouth.co.uk; or in writing to The Parish Office, Emmanuel Church, 1 Compton Avenue, Plymouth, PL3 5BZ.
 
How to complain
You can also complain to the ICO if you are unhappy with how we have used your data.
 
The ICO’s address:     
     
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
 
Helpline number: 0303 123 1113
 
April 2022

[1]     Details about retention periods can currently be found in the Record Management Guides located on the Church of England website at: - https://www.churchofengland.org/more/libraries-and-archives/records-management-guides