Data Protection Privacy Notice – St James’s Church, Ryde
Who is processing your data?
St James’s Church is an evangelical Anglican church based in Ryde, Isle of Wight. We process the personal, and special category, data of congregation members, volunteers and visitors. If you have any queries about how we process your data, then the following contact information may be useful to you:
The Church’s correspondence address is:
St James’s Church
4 Market Street
Isle of Wight
Tel: 01983 566381
What do we do with your data?
As a member of St James’s Church, we:
- collect your name and contact details, so that we can keep you informed of church activities and church news, including membership of small groups such as Housegroups
- hold your contact details in order to provide pastoral support to you as a member of the church fellowship
- use your data, when requested, to include you on the church’s Electoral Roll
- share your name and prayer requests with members of the fellowship when requested
- collect the medical data (special category data) and parental or guardian contact details for any children and vulnerable adults regularly attending our children’s teaching groups or learning disability groups, so that leaders can be aware of any health matters and in case of emergency
- collect your bank details and/or Credit Card details when subscribing directly to the church or paying for any event. We are required to maintain our own accounts and records (including gift aid applications)
- we collect your name and contact details for booking attendance at services online
- process your image if you actively take part in a pre-recorded video or an online service (for example as a musician, reader or someone who leads prayers). You should be aware that your image will be shared on an internet platform such as the St. James’s Website or St James’s You Tube channel, but deleted as explained below
As a volunteer, we process your data
- to contact you about volunteering and to arrange rotas
- in relation to the Disclosure and Barring Service (DBS) certificates you provide for volunteering for the purpose of safeguarding children and vulnerable adults
As a visitor to St James’s church, we will
- process your contact details if you sign up to attend an event (whether in person or virtually) at the church, including the Mum’s and Toddler group to keep you informed of the group’s activities
- process your bank / credit card details if you donate towards or pay for an event organised by the church
Our legal basis for processing your data
We process your personal data with your explicit consent, which will be requested when you first provide us with your data. We will regularly review your consent.
As a member of St James’s Church, there may be times when we are required to process your personal data in order to comply with a legal obligation, for instance, to provide your data to external bodies, such as Her Majesty’s Revenue and Customs (HMRC) in relation to your giving to the Church, and to the Disclosure and Barring Service(DBS).
During the Covid-19 pandemic, we also rely on the legal basis that it may be necessary to process your personal data in order to perform a task in the public interest – for example, we may need to share your contact details with the NHS Test and Trace process.
Who will have access to your data?
For members of St James’s Church, the Church Minister and Associate Minister will have access to the data that you have shared with them to enable them to provide you with pastoral support.
All of St James’s Church staff will have access to your contact details, your details on the Electoral Roll, and the contents of the church registers for baptisms, marriages and funerals.
St James’s Church Safeguarding and Deputy Safeguarding Coordinator will have access to your details in your Disclosure and Barring Service (DBS) certificates.
Church members who help with the administration of the church’s finances may have access to your bank details and your address contained in your Gift Aid application in order to be able to claim back money for the church. Details for those donating via Church Suite will be kept and protected online.
Children’s and learning disability group leaders will have access to the medical forms and parental or guardian contact details for the children or vulnerable adults in the group(s) that they lead.
Current Church Members will have access to your name and contact details in the Church Member’s Address List if you agree to your contact details being seen by other Church Members.
Current and former Church members, friends of St James’s and regular church attendees not on the Electoral Roll, collectively referred to as the Church Fellowship, will have access to your name and participation in church activities. If you do not give permission for your name to be seen by other members of the Church fellowship for inclusion in Church News media or the Fellowship Prayer diary, please contact the church office.
As a visitor to St James’s Church, including but not confined to the Christianity Explored course and the Mum’s and Toddler group, group leaders and coordinators will have access to your name and contact details if you are a member of the group, as well as the names of your children attending, if appropriate.
Who we share your data with
We share your data where legally required to do so with HMRC and the DBS.
Some of our former church members now live abroad, so any personal data held on the Church new-sheet or the Fellowship Prayer Diary may be transferred abroad.
If you actively take part in a live-streamed service or pre-recorded video, your image will be shared across the internet via an online platform such as the St James’s Website or You Tube channel.
How long will we hold your data?
We will retain your personal data whilst you are a member of St James’s Church and for 18 months after you have left the church in order to pass on any queries / keep in touch with you. If you wish to be kept informed of church news once you have left the church, we will continue to hold your contact details until you no longer wish to receive church news.
During the Covid-19 pandemic, we are required to keep the details of those who have attended a service or an event within the Church buildings, for 21 days after the service in case it is necessary to track anyone who may have come into contact with an individual who tests positive for the coronavirus. Your attendance data will, however, be destroyed after those 21 days if no-one who attended that service / event tests positive for the virus.
Videos and recordings of live services will be held on the St James’s Church online platforms, such as YouTube, for 3 months, after which they will be removed and deleted.
For any videos to be kept longer than 3 months, specific consent will be sought. These will be removed from the internet and stored on a password protected computer, to which access is provided only for church staff or volunteers holding specific church offices that require your data in the execution of their duties.
Church registers must be kept in perpetuity as a record of baptism, marriages and deaths, whilst financial records must be kept for audit purposes for 7 years.
As a visitor to St James’s church, any personal data we have will be destroyed within 3 months of the end of the event. Should you subsequently become a member of St James’s Church, we will maintain your personal data as explained above.
How do we store your data?
Your data is kept either in paper records that are stored securely in locked filing cabinets, on “ChurchSuite” – the secure online church database system, or in electronic files held on password protected computers, to which access is provided only for church staff or volunteers holding specific church offices that require your data in the execution of their duties.
You have the right, at any time, to request a copy of the personal, and special category, data that we hold for you. You can also ask us to stop processing your data, to amend the data or to delete your data from the church records, where possible. If you wish to exercise these rights at any time or if you have any concerns about the way your data is processed, please contact the Church administrator, in the first place, using any of the contact details at the top of this notice.
If you have any concerns about the way we process your personal data, or wish to make a complaint to the regulatory body for data protection matters, you can do so by contacting the Information Commissioner’s Office via www.ico.org.uk or 0303 123 1113.