St. Mary Magdalene Church uses personal data about individuals for the purpose of general church administration and communication. The PCC of St. Mary Magdalene as data controller decides how personal data is processed and for what purpose, and therefore recognises the importance of the correct and lawful treatment of said data. All personal data, whether it is held on paper, on computer or other media, will be subject to the appropriate legal safeguards as specified in the Data Protection Act 2018 and the General Data Protection Regulation (GDPR)

St. Mary Magdalene Church fully endorses and adheres to the six principles of the Data Protection Act 2018. These principles specify the legal conditions that must be satisfied in relation to obtaining, handling, processing, transportation, storage and disposal of personal data. Employees and any others who obtain, handle, process, transport, store or dispose of personal data on behalf of St. Mary Magdalene Church must adhere to the following principles.

Data shall be:

• Processed lawfully, fairly and transparently in line with the terms detailed within this policy.
• Obtained for a specified, explicit and legitimate purpose and shall not be processed in any manner incompatible with that purpose.
• Adequate, relevant and not excessive for those purposes.
• Accurate and, where necessary, kept up to date.
• Stored for no longer than is necessary for that purpose.
• Processed in a manner that ensures appropriate security of the personal data, using appropriate technical or organisational measures, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.

Data shall be used for the following purposes:

• To enable us to provide a voluntary service for the benefit of the public in the Parish, including keeping Church Records of baptisms, marriages, funerals, blessings, first communions and confirmations.
• Church Electoral Roll – to administer membership records.
• Maintain contact lists used for administration, pastoral care and fundraising in order to promote the interests of the charity and the parish.
• To manage our employees and volunteers.
• To maintain our own accounts and records – including the processing of gift aid applications and voluntary giving.
• To inform of news, events, activities and services running at St. Mary’s.
• To share contact details of office holders with the Diocesan office as required.

Legal basis for processing personal data:

• When collecting data from subjects, St. Mary Magdalene Church aims to obtain their consent to hold their personal information in line with the policies of this document and the Data Protection Act 2018 and GDPR.
• Collection, processing and use of personal data only occurs in support of our church’s legitimate interests regarding the support of existing and potential members, and in carrying out its legal obligations.
• Processing is carried out by the Church as a not-for-profit body with a political, philosophical, religious or trade union aim provided: –

* the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes); and

* there is no disclosure to a third party without consent.

The use and handling of data:

St. Mary Magdalene Church will use personal data for four main purposes:

• Contact – to inform about services, activities and events.
• To gain a better understanding of church demographics.
• The day-to-day administration of the church: (e.g. pastoral care and oversight including calls and visits, preparation of ministry rotas, maintaining financial records of giving for audit and tax purposes.)
• Safeguarding.

Personal data will be treated as strictly confidential and will only be shared with other members of the church in order to carry out a service to other church members or for purposes connected with the church. We will only share data with third parties outside of the parish with consent.

All St. Mary Magdalene staff and volunteers who have access to personal data will by required to adhere to the policies laid out in this document and in the Data Protection Act 2018 and GDPR.

There are four legal exceptions to maintaining confidentiality:

• Where we are legally compelled to do so.
• Where there is a substantial duty to the public to disclose.
• Where disclosure is required to protect our vital interests.
• Where disclosure is made at the subjects request or with consent.

Photographic Images

St. Mary Magdalene Church will seek to obtain individual consent for the use of still images of individuals, but cannot guarantee the same level of security for crowd shots. St. Mary’s church will only use such images for its own marketing and creative purposes, and will not pass any on to a third party without first obtaining consent. Individuals can state that images of themselves are not to be used in this way by notifying the lead on data protection.

Live Streaming or Filming Church Services

St. Mary Magdalene Church is now recording and live-streaming services in order to reach out to those who are unable to attend in person, or who wish to participate in our services remotely.

We will be sharing the recorded or live streamed services with the general public by uploading it to social media and other internet sites.

An area of the church will be available which is not visible in the recording/streaming. This area will be available to all families with children or young people attending, and will also be available to members of the congregation who prefer to attend in privacy.

Use of this data is on a legitimate interest basis and notification that a service will be live-streamed or recorded will be given before each service, advising of the seating arrangements and stating that it will be presumed that consent has been given if attending the service after seeing the notice.

Storing of Data

Data will be stored both in paper form and electronically. Neither will be used for any other purposes than set out in this document.

Sensitive papers are kept in a locked cabinet and destroyed when no longer required.

Electronic data are kept on secure, password protected local computers, which are backed up regularly, and are also destroyed when no longer needed.

The accuracy of information and whether the information continues to be necessary will be reviewed periodically. We keep data in accordance with the guidance set out in the guide “Keep or Bin: Care of Your Parish Records” which is available from the Church of England website.

We retain electoral roll data while it is still current, gift aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate.

Parish registers are permanent records.

Access to sensitive data is strictly controlled and authorised by the lead on data protection. People who have secure and authorised access to data includes St. Mary Magdalene Church Staff, volunteers and the lead on data protection.

Rights and personal data

Subjects of personal data held by St. Mary Magdalene Church have the following rights. This is subject to any exemptions under the GDPR.

• The right to request a copy of your personal data which the PCC of St Mary’s, Alsager holds ;
• The right to request that the PCC of St Mary’s, Alsager corrects any personal data if it is found to be inaccurate or out of date;
• The right to request that personal data is erased where it is no longer necessary for the PCC of St Mary’s, Alsager to retain such data;
• The right to withdraw your consent to the processing at any time
• The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable) [Only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means].
• The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
• The right to object to the processing of personal data, (where applicable) [Only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics]
• The right to lodge a complaint with the Information Commissioners Office.

Any subject who wishes to exercise a right should make the request in writing to the Lead on Data Protection.

St. Mary Magdalene aims to comply with requests as quickly as possible, but will ensure it is provided within one month of receipt of a request unless there is good reason for delay. In such cases the reason for delay will be explained in writing to the individual making the request.

Further processing

If we wish to use personal data for a new purpose, not covered by this Data Protection Policy, then we will provide subjects with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek prior consent to the new processing.

Contact Details

The Lead for Data Protection at St. Mary Magdalene is Natasha Yelland

Contact – gdpr@stmarysalsager.org

To exercise all relevant rights, queries of complaints please in the first instance contact the PCC at St. Mary Magdalene, Church Office, Crewe Road, Alsager, Cheshire, ST7 2EW or office@stmarysalsager.org, telephone 01270 879114.

Contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.