Facebook Instagram YouTube

Privacy notice

Introduction

Auldhouse Church is committed to taking seriously its responsibilities relative to the personal data of its members and others with which it has been entrusted and to ensuring all elements of the General Data Protection Regulations (GDPR) are not only implemented, but that adequate assurances and protocols are in place and regularly reviewed to ensure we are compliant.

In accordance with GDPR, this Data Privacy Notice outlines what is meant by personal data, how we will process that data, the legal basis for doing so, how long we will keep your data for and the rights you have under GDPR - the legislation supersedes the Data Protection Act 1998.

 

1. Your personal data - what is it?

Personal data relates to a living person who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data contact person’s possession or that is likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (GDPR).

 

2. Who are We?

Auldhouse Community Church (“the Church”) is the data controller (contact details below). GDPR defines the data controller as ‘the person or body who/which has/have control over how personal data is handled within the organisation concerned’. This means the Church is responsible for how your personal data is processed and for what purposes.

 

3. How do we process your personal data?

Auldhouse Community Church will comply with its obligations under GDPR:

  • a. by keeping personal data up to date;
  • b. by storing and destroying it securely;
  • c. by only collecting that data which is sufficient for and/or proportionate to the requirement;
  • d. by protecting personal data from loss, misuse, unauthorised access and disclosure;
  • e. by ensuring that appropriate encryption is in place to protect personal data.

We use your personal data, subject to your consent, for the following specific purposes:

  • a. to undertake church business, including the maintenance and administering of the church roll; the maintenance of accounts and records (including Gift Aid applications); the management of employees and volunteers;
  • b. to enable the work of church organisations and events, including work and ministry undertaken internally; work and ministry undertaken within the local community and its environs; the wider work of the church;
  • c. to provide spiritual and pastoral care and support;
  • d. to keep members and friends in touch with the life, work and needs of the fellowship;
  • e. to inform you of news, events, activities and services running at Auldhouse Community Church or at other venues under the auspices of “the Church”.

 

4. What is the legal basis for processing your personal data?

a. The legal basis we use at Auldhouse Community Church is Consent. This consent is explicitly given by the data subject (i.e. each person). This allows us to fulfil the purposes stated above.

b. Processing is necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement.

c. Processing is carried out by a not-for-profit body with a political, philosophical, religious or trade union aim provided:

  • the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes); and 
  • there is no disclosure to a third party without consent

 

5. Sharing your personal data

Your personal data will be treated as strictly confidential and will only be shared with other members of the church in order to carry out a service to other church members or for purposes connected with the church. We will only share your data with third parties outside the life and work of the church with your consent, having outlined the specific purpose in question.

 

6. How long do we keep your personal data?

We keep data in accordance with the guidance set out within GDPR legislation. If you want to know more details about this, use the GDPR information services noted below. Specifically, we retain

  • a. membership list (and list of friends of the church)
  • b. gift aid declarations and associated paperwork for HMRC tax reclaim purposes up to 6 years after the calendar year to which they relate;
  • c. church records of membership, baptisms, marriages, funerals permanently.

 

7. Your rights and your personal data

Unless subject to an exemption under GDPR, you have the following rights with respect to your personal data:

  • the right to request a copy of your personal data that Auldhouse Community Church holds
  • the right to request that Auldhouse Community Church corrects any personal data if it is found to be inaccurate or out of date
  • the right to request your personal data is erased where it is no longer necessary for Auldhouse Community Church to retain such data
  • the right to withdraw your consent to the processing at any time
  • the right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit (where applicable) that data directly to another data controller (known as the right to data portability) [Only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means]
  • the right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing
  • the right to object to the processing of personal data, (where applicable) [Only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics]
  • the right to lodge a complaint with the Information Commissioners Office (ICO) (UK) - see address below.

 

8. Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice. The new notice will explain the new use of your personal data prior to commencing the processing. It will set out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

 

9. Contact Details

To exercise all relevant rights, queries or complaints please in the first instance contact the Data Protection Contact Point at Auldhouse Community Church, 51 Nether Auldhouse Road, Glasgow, G43 2XG - Scottish Charity No. SC001443

ICO Scotland contact details:

The Information Commissioner’s Office
43 Melville Street
EDINBURGH
EH3 7HL

Telephone: 0303 123 1115
Email: scotland@ico.org.uk 

Loading