The processing of personal data (including use) is governed by the General Data Protection Regulation (the “GDPR”. This is an EU Regulation soon to be replaced in the UK by a new Data Protection Act (DPA). Personal data relates to a living individual who can be identified from it (the ‘data subject’.)
Consent and legitimate interests
The Church considers that it has legitimate interests in holding the personal data of present and former members, Sunday school pupils and their parent/guardians, suppliers, volunteers, and customers, so consent is not required from these individuals. We share members’ contact details with all other members for administrative use, and to encourage a sense of fellowship, subject to members giving their consent to this.
It is our policy that consent should be sought from non-members whose personal data is held by the Church in order to keep them informed about activities of this Church or other Christian Science organisations, such as Lectures, services, meetings and Reading Room activities.
Use of personal data
Personal data is used:
• to administer membership records;
• to manage the church/society’s activities, suppliers, customers, and volunteers;
• to maintain financial records (including the processing of gift aid applications);
• to inform people in the community of events and activities of the church/society and of related activities in the Christian Science movement and to respond to inquirers;
• generally, to promote the interests of the church.
The Church complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure; and by ensuring that appropriate technical measures are in place to protect personal data. The members’ book is held securely in the locked Records Room along with other church records. Data held by the Church in computer files is held securely on the Church’s account with a reputable Cloud services supplier (currently Google), and where appropriate on members’ personal computers which are kept securely.
All personal data will be treated as strictly confidential and will only be shared with other members of the Church in order to carry out a service to other members or for purposes connected with its activities. It will not be shared with third parties except with the data subject’s consent; it will not be sold.
Membership information, Sunday School records, and information related to Safeguarding will be retained for at least 50 years. Non-members’ data held with consent will be retained while it is still current or until consent is withdrawn. Consent will be confirmed every 5 years. Gift aid declarations and associated paperwork will be retained for 7 years after the tax year to which they relate. Other financial records will be retained for 6 years after the transaction they relate to.
Data subjects’ rights
Data subjects have the right:
• to request a copy of any personal data which the [church/society] holds about them;
• to request the Church to correct any personal data that is inaccurate or out of date;
• to request that personal data be erased if it is no longer necessary for the Church to retain it;
• to withdraw consent to the processing at any time;
• to request the data controller (the Board) to provide them with their personal data and, if they wish, send it to another data controller;
• if there is a dispute about the accuracy or processing of personal data, to request a restriction be placed on further processing;
• to object to the processing of personal data;
• to lodge a complaint with the Information Commissioner’s Office; see the website at www.ico.org.uk .
The Data Controller is the Board of the First Church of Christ, Scientist, Watford.
This policy will be reviewed every 2 years and any change adopted as required.