Data Protection Policy and Privacy Notice


The Over Wyre Benefice

Data Protection Policy and Privacy Notice

 Introduction

  • The purpose of this policy is to describe the steps that the Benefice Council of the Benefice of Over Wyre, (comprising the parishes of Hambleton the Blessed Virgin Mary; Out Rawcliffe St. John the Evangelist; Preesall St. Oswald; Pilling St. John the Baptist and Stalmine St. James) is taking to comply with Data Protection legislation.
  • Personal data is data relating to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the Data Controller’s possession or likely to come into such possession.  The processing of personal data is governed by the Data Protection Act 2018 and the UK General Data Protection Regulation.
  • The Benefice Council of the Benefice of Over Wyre aims to comply with its obligations under the Data Protection Act 2018 and the UK General Data Protection Regulation by keeping personal data up to date, by storing and destroying it securely, by not collecting or retaining excessive amounts of data and by protecting personal data from loss, misuse, unauthorised access and disclosure.

Data Controller

The Parochial Church Council of each of the constituent parishes is the Data Controller for that parish.  This means it decides how personal data is processed and for what purposes.

Parish websites

There are separate Privacy Policies in respect of each website, which can be found thereon.

The categories of personal data we collect

  • The types of information we process include:
    • personal details
    • contact information
    • financial information
  • Special categories of information may include:
    • religious or philosophical beliefs
    • health data
    • criminal allegations, proceedings or convictions, including DBS status
    • sex life or sexual orientation
  • We process personal information about:
    • clergy
    • employees (if any)
    • volunteers
    • congregation members
    • individuals connected with Occasional Offices
    • individuals who attend church groups
    • children and parents/carers
    • visitors
    • professional advisers and consultants
    • individuals involved in or connected with claims and dispute resolution
    • individuals who may pose a risk
    • individuals whose safety has been put at risk
    • complaints and details of misconduct

How we process personal data

We use personal data for the following purposes:

  • To enable us to provide a voluntary service for the benefit of the public.
  • To administer Occasional Offices.
  • To inform data subjects about services, events and activities taking place in the Benefice.
  • To raise funds and promote the interests of the charity (the parishes that comprise the Benefice).
  • To manage our employees and volunteers.
  • To administer membership records.
  • To maintain our own accounts and records.
  • To maintain information required for legal purposes, e.g.:
    • Charity law
    • Tax, VAT and other financial laws and regulations
    • Reporting of Injuries, Diseases and Dangerous Occurrences Regulations.
  • To manage, maintain and publish the electoral rolls in accordance with the Church Representation Rules in order to
    • determine eligibility for attendance and participation at the Annual Parochial Church Meetings
    • determine eligibility for election to the Parochial Church Councils
    • determine eligibility for election to Synods and to calculate the number of representatives who may be elected
    • undertake reviews and revisions of the Electoral Rolls as necessary
    • publish names and addresses of data subjects by exhibiting the rolls in the constituent churches.
  • To undertake Safeguarding and Safer Recruitment measures in accordance with UK law and Church of England and Diocesan directions and guidance, including:
    • undertaking risk assessments
    • investigating safeguarding allegations
    • maintaining records of criminal record checks, conduct data and/or criminal offence data (including allegations) and training
    • maintaining records and case files about safeguarding incidents and/or investigations
    • providing support to individuals involved in safeguarding cases.
  • To manage records for historical and research reasons, including deposit in the approved repository under the Parochial Registers and Records Measure 1978.

Legal bases for processing personal data

  • Consent of the data subject.
  • Processing is necessary for the performance of a contract or to enter into a contract.
  • Processing is necessary for compliance with a legal obligation.
  • Legitimate interests of the Data Controller.
    • Processing is carried out by a not-for-profit body with a political, philosophical, religious or trade union aim (the processing relates only to members or former members or those who have regular contact with it in connection with those purposes, and there is no disclosure to a third party without consent)

Sharing personal data

  • Personal data will be treated as strictly confidential and will only be shared with other members of the Benefice in order to carry out a service to other church members or for purposes connected with the activities of the constituent churches.
  • Data provided for the Electoral Roll will be shared within the institutional Church of England and with the general public (by display in the constituent churches).
  • Data provided as part of the safer recruitment process for roles having contact with children or vulnerable adults may be shared with the Diocesan Safeguarding Adviser. It may be also be shared outside the Church of England for the prevention or detection of an unlawful act, to protect members of the public from harm, for safeguarding purposes or as required by law with the following:
    • Police
    • Emergency Medical Services
    • Children’s or Adults Social services in Local Authorities
    • Data provided as part of the financial activities of the Benefice may be shared with statutory or regulatory agencies or with financial institutions for the purpose of administering finances, employees and donations.
  • Apart from the above, we will not share personal data with third parties outside the Benefice without the consent of the data subject.

Storage of personal data

  • We limit access to data on a need to know basis.
    • If a data breach should occur we will do everything in our power to limit the damage.
    • In the case of a high-risk data breach, and depending on the circumstances, we will inform you about the breach and any remedial actions to prevent any further damage.
    • We will inform the Information Commissioner’s Office of any qualifying data breaches.
  • We keep data in accordance with the recommendations and retention schedule in the document “The Benefice of Over Wyre: Management of Parish Records” and destroy it as recommended therein. (NB Document to be produced!)

Individuals’ rights in respect of their personal data

Unless subject to an exemption data subjects have the following rights with respect to their personal data:

  • The right to request a copy of their personal data.
  • The right to request that we correct their personal data if it is found to be inaccurate or out of date.
  • The right to request that their personal data be erased where it is no longer necessary for us to retain such data.
  • The right to withdraw their consent to the processing at any time.
  • The right, where there is a dispute in relation to the accuracy or processing of their personal data, to request that a restriction is placed on further processing.
  • The right to request that we transfer their data to them or another organisation, in certain circumstances.
  • The right to object to our processing of their data if the processing is in our legitimate interests.
  • The right to lodge a complaint with the Information Commissioners Office.

To exercise these rights please contact the appropriate PCC using the contact information provided below.

Further processing

  • If we wish to use personal data for a new purpose not covered by this Data Protection Policy and Privacy Notice, then before commencing the processing we will provide data subjects with a notice explaining the new use, setting out the relevant purposes and processing conditions and requesting consent where necessary.

Contact Details

To exercise all relevant rights, queries or complaints please contact:

Contact details for each parish to be inserted here.