General Data Protection Regulation for St James Mar Thoma Church – UK
Registered Charity No. 1059210
Privacy Notice Issued on 26th April 2018
The policies drawn out below are under the obligations of the St James Mar Thoma Church UK with regard to the data protection and the rights of the members of the St James Mar Thoma Church – UK. This is in compliance with the use of personal data under the Data Protection Bill/Act 2017, the General Data Protection Regulation (GDPR) 2016/679 and other regulations relating to personal data and rights such as the Human Rights Act 1998.
- Who we are?
The following private policy notice is provided to you by the St James Mar Thoma Church UK, which is a member of the newly instituted Zone of the Mar Thoma Church in the UK and Europe. The St James Mar Thoma Church UKworks together with the following entities and other agencies who handle personal data:
The incumbent of parishes Vicars and assistant ministers
Parish /Congregation Executive Committee
All members of the Mar Thoma Zone in the UK and Europe
Board of Trustees of the Council of the Mar Thoma Parishes in Europe (COMPE)
As the St James Mar Thoma Church UK is engaged with all these entities working together, we may need to share personal data we hold with them so that they can carry out their responsibilities to the Church and our community. The organisations or their appointed representatives referred to above are joint data controllers. Therefore, we are all responsible to the members for how we process your data.
Each of the data handlers have their own tasks within the parishes and congregations and a description of what data is processed and what purpose is set out in this Privacy and Data Policy Document. In the rest of this Data Protection Policy, we use the word ‘we’ to refer to each data controller, as appropriate.
- What data the Controllers listed above possess?
They will process some or all of the following where necessary to perform their tasks:
Name, titles, and aliases, photographs;
Contact details such as email ID, postal addresses and telephone numbers;
Where they are relevant to our Christian mission and charitable work, or where you provide them to us, we may process demographic information such as gender, age, date of birth, marital status, nationality, education/ work patterns, academic/ professional qualifications, hobbies, family composition and dependents;
Where you make donations or pay for activities such as the use of the church hall or conferences, financial identifiers such as bank account numbers, payment card numbers, payment transaction identifiers, policy numbers and claim numbers, and Gift Aid information;
The data we process is likely to constitute sensitive personal data because, as a church, the fact we process your data all may be suggestive of your religious orientation. Where you provide this information, we may also process other categories of personal data: racial or ethnic origin, mental and physical health, details of injuries (in prayers), medication/ treatment received, political belief and affiliation, genetic and biometric data, data concerning sexual orientation and criminal records, fines and other similar judicial records.
- How do we process your personal data?
The data handlers will comply with their legal obligations to keep personal data up to date; store and destroy it securely; to not collect or retain excessive amount of data; to keep personal data secure, and protect personal data from loss, misuses, unauthorised access and disclosure that appropriate technical measures are in place to protect personal data.
We use your personal data for some or all of the following purposes:
To enable us to meet all legal and statutory obligations (which include maintaining and publishing our annual parish membership list according to the parish register in accordance with the constitution of the Church);
To carry out comprehensive safeguarding procedures (including due diligence and complaint handling) in accordance with best safeguarding practice from time to time with the aim of ensuring that all children and adults-at-risk are provided with safe environments This includes DBS checks for those involved with children and vulnerable adults;
To minister to you and provide you with pastoral and spiritual care (such as visiting you when you are ill or bereaved) and to organise ecclesiastical services for you and your family such as baptism, confirmation, birthday thanksgiving prayers, praying for the sick, wedding and funerals;
To deliver church’s mission to the community, and to carry out any other voluntary and charitable activities for the benefit of the public as provided for in the constitution and the statutory framework of each data handler;
To administer the parish or congregation, COMPE, Zone membership records;
To fund raise and promote the interests of the church and its Charitable work;
To maintain the accounts and records of parishes, congregations, Zone and COMPE
To process a donation that you have made for charitable work (Gift Aid information);
To seek your view or comments on the work of the parish, congregation, COMPE and the Zone;
To notify of changes to our services, programmes, events and office bearers;
To send you communications which you have requested and that may be of interest to you. These may include information about conferences, campaigns, appeals, ecumenical and interfaith events;
To process a grant or application for an office or a role
To enable us to provide a voluntary service for the benefit of the public in a particular geographical area (e.g. prison and hospital visit);
Our processing may include security systems for the prevention of crimes.
- What is the legal basis for processing your data?
Most of our data is processed because it is necessary for legitimate interests, or the legitimate interest of a 3rd party (such as a sister church, ecumenical partners such as, WCC, CTE and CTBI). We will always take into account your interests, rights and freedoms. Some of our processing is necessary for compliance with a legal obligation. For example, we are required to publish wedding bans. Religious organisations are permitted to process information about your religious beliefs to administer membership register. Where your personal data is used other than in accordance with one of these legal bases, we will first obtain your consent to that use.
- Sharing your personal data
Your personal data will be treated strictly confidential. It will only be shared with 3rd parties where it is necessary for the performance of our tasks or where you first give us your prior consent. It is likely that will need to share your data with some or all of the following (but only where necessary):
To authorised organisation of the Church;
Our agents, servants and contractors. For Example. we may ask agencies which help us to obtain Visas for our clergy, visiting evangelists, bishops and other speakers of conference; we may ask a commercial provider to send out newsletters and other publications on our behalf, or to maintain our data base software;
Our clergy or lay person nominated or appointed by the Diocesan Bishop or Metropolitan for carrying out the mission of the church;
On occasions, other churches, ecumenical bodies with which we are carrying out joint programmes.
- How long do we keep your personal data?
We will keep some records such as parish register, baptism records, marriage register and any such if we are legally required to do so permanently. For Example, it is the practice to keep financial records for a period of seven years to facilitate HMRC inspections. In general, we will endeavour to keep data only as long we need it. This means that we may destroy it when it is no longer needed and we shall inform such deletions to the persons concerned.
- Your rights and your personal data
You have the following rights with respect to your personal data:
When exercising any rights listed below, in order to process your request, we may need to verify your identity for your security. In such cases we will need you to respond with proof your identity (Passport, driving Licence, etc.) before you can exercise your right.
- 1. The right to access information we hold on you.
Any time you can contact us to request the information we hold on you as well as why we have such information and where we obtained the information from. Once we have received your request we will respond within one month.
There are no fees or charges for the first request but additional request for the same data may be subject to an administrative fee.
- 2. The right to correct and update the information that we hold on you.
If the data we hold on you is out of date, incomplete or incorrect, you can inform us and your data will be updated.
- 3. The right to have your personal data removed
If you feel that we should no longer be using your personal data or that we are illegally using your data you can request that we remove the data we hold.
When we receive your request we will confirm whether the data has been deleted of the reason why it cannot be deleted (for example because we need it for legitimate interest for regulatory purpose(s).
7.4. The right to object to processing your data
You have the right to request that we stop processing your data. Upon receiving the request we will contact you and let you know if we are able to comply or we have legitimate grounds to continue to process your data. Even after you exercise your right object, we may continue to hold your data to comply with your other rights or bring or defend legal claims.
- 5. The Right to data transferability
You have the right to request that we transfer some of your data to other data handler as indicated in section 2 of this document. We will comply with your request, where it is feasible to do so, within one month of receiving your written request.
- 6. The right to withdraw your consent by email or post (see contact details below).
- 7. The right to object to the processing of the personal data where applicable.
- 8. The right to lodge a complaint with the ‘Information Commissioner’s office.
- Transfer of Data Abroad
Our websites (COMPE and Parish websites), digital publication (ECHO and Newsletters) are accessible from other countries and so on some occasion personal data may be assessed from overseas.
- Further processing
If we wish you to use your data for a new purpose, not covered by this document, then we will provide you with a new notice of information explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever, necessary, we will seek your prior consent to the new processing of personal data.
- Contact details
Please contact us if you have any questions about this Privacy notice or the information we hold about you or to exercise all relevant rights, queries or complaint at:
Other contact points: Information Commissioner’s Office on 0303 123 1113 or via email:
https://ico.org.uk/gobal/contact-us/email/ or by post Information Commissioner’s office,
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.