Privacy policy

Who are we?

In this text, we mean the Parochial Church Council (PCC) of All Saints’ Church, Guildford. If you have any questions or issues to do with data, you can get in touch with us by phone (01483 563173) or email (allsaintschurchgfd@gmail.com). We also encourage you to give us feedback by talking directly either to the parish Data Protection Officer (Simon.J.Doran@gmail.com, 01483 821663) or individual PCC members, whose photos are on the noticeboard in the church lobby.

What is this document about?

This policy shows how we comply with the Law (in particular, the General Data Protection Regulation, or GDPR for short). But more than this, our aim as Christians is to treat with respect and dignity everyone we deal with, and to be good stewards of what is entrusted to us. We want to give you confidence that this extends to how we handle data about you.

Our role under the GDPR is that of a data controller, which means we take decisions about what data are stored and how they are used. When we talk about personal data, we mean any information about a living individual that could be used to identify them. This could be something straightforward like your name and address, for example, or a photo. However, we are also mindful that it could include something that doesn’t identify you directly, but does so indirectly, when put together with other information that we have.

Why do we need to keep data about you?

All Saints’ Church is here to serve the community and show forth the love of God in Jesus Christ. All of the reasons we keep your personal data trace back, in the end, to our efforts to live out this mission day by day. In particular:

  • We provide voluntary services to the community in our parish. You may either be helping to run one of these or using the service.
  • We hire out our buildings for societies, clubs and individuals in the local community and you may want to use them.
  • We organise church services, events, trips and other activities, and you may want us to have your contact details so we can send you news about them.
  • You may need to tell us information about children whom you leave in our care as part of an activity.
  • You may want to help contribute to the running, upkeep or future development of the church, either financially or through volunteering.
  • The church may employ you and need information to manage your post.
  • All Saints’ is part of the Church of England and you may want us to share your details so that you can find out about other activities in the Diocese.

Does the Law allow us to store your data?

Yes. The GDPR says that we can process your data on the following legal basis:

  • Usually it’s because you have given us informed, explicit consent that this is something you want us to do. You might, for example, sign a paper form or tick a box online to show this.
  • Because of our status as a religious, not-for-profit organisation, we don’t technically need consent in some cases to process data for people who have already been on the electoral role, as long as we aren’t going to pass the data on. But we will usually ask you for consent anyway, just to be sure.
  • We don’t need your consent if the reason we have your data is because we are legally obliged to process it, to comply with employment, social security or social protection legislation, or a collective agreement.

What are we doing to keep your data safe?

We commit ourselves to handling your data well:

  • We won’t collect more data than we have to for a given purpose, and when we don’t need to hang onto the data any longer, we’ll make sure we destroy them securely.
  • While the data are in our possession, we’ll take steps to protect them from loss or misuse; we’ll stop unauthorised people getting access to them, and we’ll ensure that nothing is disclosed without your express permission.
  • We won’t share your data with any other organisations without your consent.
  • Within All Saints’, we’ll keep your information confidential. We won’t share it with more people than necessary, and then only for the purposes we originally said.
  • We’ll do our best to keep all information up to date, and you can help us by letting us know as soon as possible when anything changes.

We are developing a set of guidelines following current best practice and you can find out the requirements that we have of people who access your data by looking at the conditions we make them sign up to.

How long will we keep your personal data?

This varies greatly depending on exactly what sort of data we are talking about, but to give a few examples:

  • Electoral role data are kept while they are current.
  • Financial paperwork (e.g., Gift Aid declarations) is needed for tax reasons up to six years after the calendar year in question.
  • Current advice is to keep records of activities involving children for 50 years.
  • Parish Registers (baptisms, marriages and funerals) are kept permanently.

All the details are in a guide called “Keep or Bin: Care of Your Parish Records” which you can get from the Church of England website.

Can we re-use your personal data for something different?

No. If we are currently using your data because you filled in a consent form, then when we want to do something different with the data, we will send you an explanation and ask you to consent explicitly to the new use.

What rights do you have?

The GDPR gives you a number of important general rights over your data:

  • You can ask us for a copy of any data we hold about you. Under some circumstances, you can also ask us to forward this to another data controller.
  • You have the right to ask us to correct any personal data if it is inaccurate.
  • You can ask us to remove your data from our systems when we don’t need them any longer. (Of course, we’ll try and do this anyway, but please remind us!)
  • Whenever we are processing something with your consent, you always have the right to withdraw that consent.
  • If you disagree with us about the accuracy of your personal data, or the correct way to process your data, you can ask us to stop doing it.
  • In several other technical circumstances, you also have a right to object to processing of personal data.
  • You can lodge a complaint contact the Information Commissioners Office on 0303 123 1113 or via email or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

Note that some of these GDPR rights could be subject to exemptions for a variety of reasons, e.g., safeguarding issues.