1. Your personal data – what is it? Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
2. Who are we? Nant Coch Church is the data controller (contact details below). This means we decide how your personal data is processed and for what purposes.
3. How do we process your personal data? Nant Coch Church complies with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We collect and use your personal data in order to:
maintain our list of church members and regular attenders;
provide pastoral support for members and others connected with our church;
provide services to the community including the baby and toddler group, community event and youth and children’s groups;
safeguard children, young people and adults with care and support needs;
recruit, support and manage staff and volunteers;
maintain our accounts and records;
promote our services;
maintain the security of property and premises
respond effectively to enquirers and handle any complaints; and
comply with the law regarding data sharing.
4. What is the legal basis for processing your personal data? Nant Coch Church uses the following legal bases for processing personal data. The Data Retention Schedule shows which bases are used for different data uses.
The processing is carried out in the course of our legitimate activities and only relates to our members or persons we are in regular contact with in connection with our purposes;
The processing is necessary for legitimate interests pursued by Nant Coch Church or another organisation;
The processing is necessary for a contract with the data subject;
The processing is necessary to fulfil an employment law obligation;
The processing is necessary for legal advice/proceedings;
The data subject has given their clear consent.
5. Sharing your personal data Your personal data will be treated as strictly confidential and will only be shared with other members of the church in order to carry out a service to other church members or for purposes connected with the church. We will only share your data with third parties outside of Nant Coch Church with your consent.
6. How long do we keep your personal data? We keep data in accordance with the lengths of time set out in the Data Retention Schedule.
7. Your rights and your personal data Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
To request access to any of your personal data held by us (known as a Subject Access Request);
To ask to have inaccurate personal data changed;
To restrict processing, in certain circumstances;
To object to processing, in certain circumstances, including preventing the use of your data for direct marketing;
To data portability, which means to receive your data, or some of your data, in a format that can be easily used by another person or organisation;
Not to be subject to automated decisions, in certain circumstances; and
To withdraw consent when we are relying on consent to process your data;
To lodge a complaint with the Information Commissioners Office.
8. Further processing If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
9. Data protection policy Nant Coch Church has a Data Protection Policy which explains our data protection responsibilities and how we meet them. This is accompanied by a Data Retention Schedule which provides more information about the data we process, the legal basis on which we process it and how long we retain the data.
10. Contact Details and further information For further information on how your information is used, how we maintain the security of your information and your rights to access information we hold on you please contact the Data Protection Officer – Wesley Harris, in person, by e-mail or on 07974 821991.
If you have a concern about the way we are collecting or using your personal data, please raise your concern with us in the first instance or directly to the Information Commissioner’s Office. You can contact the Information Commissioners Office on 0303 123 1113 or via email or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.