The Benefice recognises the importance of the correct and lawful treatment of personal data. All personal data, whether it is held on paper, on computer or other media, will be subject to the appropriate legal safeguards as specified in the General Data Protection Regulation 2018.
The Benefice fully endorses and adheres to the eight principles of the GDPR. These principles specify the legal conditions that must be satisfied in relation to obtaining, handling, processing, transportation and storage of personal data. Employees and any others who obtain, handle, process, transport and store personal data for the Benefice must adhere to these principles.
Your personal data – what is it?
Personal data relates to a living individual (the “Data Subject”) who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
Who are we?
The United Benefice of Henley with Remenham is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
The principles require that personal data shall:
- Be processed fairly and lawfully and shall not be processed unless certain conditions are met.
- Be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with that purpose.
- Be adequate, relevant and not excessive for those purposes.
- Be accurate and, where necessary, kept up to date.
How do we process your personal data?
The Benefice complies with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for the following purposes:
- The day-to-day administration of the church; e.g. pastoral care and oversight including calls and visits, preparation of rotas, maintaining financial records of giving for audit and tax purposes (including the processing of gift aid applications).
- To administer membership and contact records;
- To manage our employees and volunteers;
- Contacting you to keep you informed of church activities and events.
- Statistical analysis; gaining a better understanding of church demographics.
- For publicity purposes for the church; e.g. newsletters, magazines, leaflets, newspapers and other media sources
Storage of information
Information is stored upon various servers and databases:
- Payroll bureau – for processing of payroll;
- Web hosting – for church website
- Church server – for documents, accounts, etc.
- Individual PC’s – for rotas, names and addresses. Access to databases and servers is strictly controlled through the use of name specific passwords, which can be updated and controlled by the individual.
Those authorised to use our storage of information only have access to their specific area of use within a database. This is controlled by the Data Controller and other specified administrators. These are the only people who can access these security parameters.
- People who will have secure and authorised access to the database include Benefice staff, Church Leaders, Group Leaders, volunteers and the Rector
- Our databases will NOT be accessed by any authorised users outside of the EU, in accordance with the Data Protection Act, unless prior consent has been obtained from the individual whose data is to be viewed.
- Subject Access – all individuals who are the subject of personal data held by the Benefice are entitled to:
- Ask what information the church holds about them and why;
- Ask how to gain access to it;
- Be informed how to keep it up to date;
- Be informed what the Benefice is doing to comply with its obligations under the 1988 Data Protection Act.
- Personal information will not be passed onto any third parties outside of the church environment.
- Subject Consent – The need to process data for normal purposes has been communicated to all data subjects.
- Sensitive personal data may only be processed with the explicit consent of the individual and consists of information relating to:
- Race or ethnic origin;
- Political opinions and trade union membership;
- Religious or other beliefs;
- Physical or mental health or condition;
- Sexual life;
- Criminal offences, both committed and alleged
Rights to Access Information
Employees and other subjects of personal data held by the Benefice have the right to access any personal data that is being held in certain manual filing systems. This right is subject to certain exemptions: Personal Information may be withheld if the information relates to another individual. Any person who wishes to exercise this right should make the request in writing to St Mary’s Parish Office, Hart Street, Henley, RG9 2AU
How long do we keep your personal data?
We only keep information as legally required and information that is relevant to the work of the church and charity. Specifically, we retain gift aid declarations and associated paperwork for a minimum of 7 years after the tax year to which they relate.
If personal details are inaccurate, they can be amended upon request
The Benefice aims to comply with requests for access to personal information as quickly as possible but will ensure that it is provided within 30 days of receipt of a completed form unless there is good reason for delay. In such cases, the reason for delay will be explained in writing to the individual making the request.
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- The right to request a copy of your personal data which the Benefice holds about you;
- The right to request that the Benefice corrects any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary for the Benefice to retain such data;
- The right to withdraw your consent to the processing at any time;
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to lodge a complaint with the Information Commissioner’s Office
Your personal data will be treated as strictly confidential and will only be shared with other members of the church in order to carry out a service to other church members or for purposes connected with the church.
We will only share your data with third parties outside of the church with your consent. All Benefice staff and volunteers who have access to Personal Data are required to maintain confidentiality of personal information.
There are four exceptional circumstances to the above permitted by law:
- Where we are legally compelled to do so.
- Where there is a duty to the public to disclose.
- Where disclosure is required to protect your interest.
- Where disclosure is made at your request or with your consent.
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
To exercise all relevant rights, queries of complaints please in the first instance contact the Parish Office by email at firstname.lastname@example.org. You can contact the Information Commissioners Office on 0303 123 1113, via email through the ICO website or write to the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.