Godalming Minster Privacy Policy

GODALMING MINSTER PRIVACY POLICY 

The Parochial Church Council (PCC) of Godalming Minster is committed to respecting your privacy and to complying with applicable data protection and privacy laws. We have provided this Data Privacy Policy to help you understand how we collect, use and protect your personal data when you provide it to us. Our use of any personal data is governed by the General Data Protection Regulation 2016/679 (GDPR) and the Data Protection Act 2018. 

Who are we?  

We are the Godalming Minster and our PCC is the Data Controller of any personal data we hold. This means that it decides, within the regulations, how your personal data is processed and for what purposes. For contact information, please see the details at the end of this document.   

What is personal data? 

“Personal data” is any information about a living individual which allows them to be identified from that data alone or in conjunction with any other information. We currently collect the following information:  

• Names, titles and photographs  

• Contact details including telephone numbers, postal and email addresses  

• Date of birth, gender, marital status and family groupings  

• Financial and bank account details   

• Health information  

• Information necessary to process a DBS check, including details of criminal offences  

• Religious belief may be inferred from the fact that we hold your data 

How do we process your personal data?  

We comply with our legal obligations by keeping personal data up to date; by storing it securely and destroying it when no longer required; by not collecting or retaining excessive amounts of data; by keeping personal data secure; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate physical and technical measures are in place to protect personal data.  

We may use your personal data for the following purposes:  

• To deliver the Godalming Minster’s mission of following Jesus, loving people and renewing faith;  

• To enable us to meet all legal and statutory obligations (which include maintaining and publishing our electoral roll in accordance with the Church Representation Rules); 

• To comply with safeguarding procedures with the aim of ensuring that all children and vulnerable adults are provided with safe environments; 

• To minister to you and provide you with pastoral and spiritual care (such as visiting you when you are gravely ill or bereaved) and to organise and perform ecclesiastical services for you, such as baptisms, confirmations, weddings and funerals; 

• To inform you of news, events, activities and services running across the Minster, and to send you other communications which may be of interest to you. These may include information about campaigns, appeals and other fundraising activities; 

• To seek your views or comments; 

• To operate the Godalming Minster website. We use cookies on our website to improve its functional performance; you can manage these cookies by activating the setting on your Internet browser that allows you to refuse the setting of all or some cookies; 

• To include your details on rotas and generally in connection with any role you may perform within the Minster; 

• To publish selected details (with your consent) in our notices, parish magazines or on our website; 

• To maintain our own accounts and to process donations, including Gift Aid applications;  

• To administer our records, including storing your information on our database. We may also publish your contact details in our online Church Directory, but only ever with your explicit consent;  

• To manage our employees and volunteers, and to process applications for such roles; 

• To fundraise and promote the interests of the Godalming Minster;  

• To collect data on attendance for pastoral care and to assist with our future planning by monitoring trends; 

• To operate church online via our YouTube channel, Zoom or other platforms; 

• To process your booking to visit our churches and associated buildings, including our services or other events;  

• To respond to and keep a record of any of your enquiries, requests for information or other communications from you; 

• Any other processing for which you have given your consent. 

Our processing also includes the use of CCTV systems for the prevention and prosecution of crime. 

What is the legal basis for processing your personal data? 

Some of your data is processed because it is necessary for our legitimate interests, or the legitimate interests of a third party (such as another organisation in the Church of England). Our legitimate interests will normally be the administration of the Minster or pastoral care. We will always take into account your interests, rights and freedoms. 

Some of our processing is necessary for compliance with a legal obligation. For example, we are required by the Church Representation Rules to administer and publish the electoral roll, and under Canon Law to announce forthcoming weddings by means of the publication of banns.  

We may also process data if it is necessary for the performance of a contract with you, or to take steps to enter into a contract. An example of this would be processing your data in connection with the hire of church facilities, or under a contract of employment. 

Religious organisations are also permitted to process information about your religious beliefs to administer membership or contact details, provided this information is not passed to a third party without your consent. 

In all other cases, the legal basis is your consent, which we will obtain prior to using your personal data.  

Sharing your personal data 

Your personal data will be treated as strictly confidential. It will only be shared with third parties where it is necessary for the performance of our tasks or else where you give us your prior consent. It is likely that we will need to share your data with some or all of the following (but only where necessary): 

• Our employees, volunteers and other members of Godalming Minster in order to carry out a service to other members or for purposes connected with the Minster;  

• Companies or individuals who we may ask to provide a service that we cannot, for example IT support. We will only use such third parties who fully comply with data protection legislation, and their use of your personal data will be limited to the specific purpose for which is has been shared;  

• Guildford Diocese or other persons or organisations who are part of the Church of England. 

How long do we keep your personal data?  

We keep data in accordance with the guidance provided by the Church of England. We will keep some records permanently if we are legally required to do so, such as parish registers (baptisms, marriages, funerals). We may keep some other records for an extended period of time. For example, we will keep financial records for a minimum period of 7 years to support HMRC audits. In general, we will endeavour to keep data only for as long as we need it. This means that we may delete it when it is no longer needed or if you ask us to remove your information.  

Your rights and your personal data 

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:  

• The right to request a copy of the personal data which we hold about you; 

• The right to request that we correct any personal data if it is found to be inaccurate or out of date;  

• The right to request that your personal data is erased where it is no longer necessary for us to retain such data; 

• The right to withdraw your consent to processing at any time (where consent was the original basis for processing); 

• The right to request that we transfer your personal data to another data controller (known as “the right to data portability”); 

• The right to request a restriction is placed on further processing, where there is a dispute in relation to the accuracy or processing of your personal data; 

• The right to object to the processing of personal data; 

• The right to lodge a complaint with the Information Commissioner’s Office (contact details below). 

When exercising any of the rights listed above, in order to process your request we may need to verify your identity for your security. In such cases, we will need you to respond with proof of your identity before you can exercise these rights.  

Transfer of Data Abroad 

Any electronic personal data transferred to IT systems outside the United Kingdom will only be placed on systems which provide the equivalent protection of personal rights as required in the United Kingdom. Our website is also accessible from overseas so on occasion some personal data (for example in a newsletter) may be accessed from abroad. 

Further Processing 

If we wish to use your personal data for a new purpose, not covered by this Privacy Policy, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.  

Changes to this notice 

We keep this Privacy Policy under regular review and will place any updates on this web page. This notice was last updated on 23rd January 2024.  

Contact Details  

Please contact us if you have any questions about this Privacy Policy or the information we hold about you or to exercise all relevant rights, queries or complaints:  

Godalming Minster Office 

The Old Rectory, Old Rectory Gardens, Godalming GU7 1XB 

Phone: 01483 421267 

Email: church.office@godalmingminster.org 

Contact name: Jenny Lansdowne 

You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.