Privacy & GDPR

The Parochial Church Council (PCC) of St Mary's Church, Capel St Mary do our best to protect the privacy of anyone whose data is entrusted to us. Please read this privacy notice which explains how we collect, manage, use and protect your personal information.

Your personal data - what is it?

Personal data relates to a living individual who can be identified from that data (the ‘data subject’). Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”) and the Data Protection Act (“data protection legislation”).

The information will include your name, postal and/or email addresses and your phone number. We may record similar information about your close family and friends, especially if they are also connected with us, e.g. the information we need in order to organise a wedding or a memorial service.

If you support us financially, or have other financial transactions with us then we will record relevant information to ensure we can process these properly and comply with audit requirements.

If you volunteer for us, or are elected to a position in the church then we will hold information relevant to your volunteering activity e.g. what role you are undertaking, details of rotas etc.

CofE safeguarding policy requires some volunteers to have DBS checks and we will therefore need to collect information relevant to such a check.

If you are on the payroll of the church then your contract will contain details of the way in which we process your data for the fulfilment of that contract.

Data protection legislation affords special protection to certain categories of data. Of relevance are religious affiliation and information about health. If you attend church, or join its Electoral Roll, or in some other way affiliate yourself with us, then we may be processing data about your religious affiliation. If you tell us you need gluten-free wafers, or special access to church, or to use our hearing loop, then you are giving us information about your health. With the exception of processing in relation to criminal records in the context of DBS checks, we are very unlikely to process any other information which falls into the categories requiring special protection. We explain below the legal basis for processing any such data.

Who are we?

The Parish of St Mary, Virgin and Mother, Capel St Mary, Suffolk, is one part of the Benefice of Capel St Mary with Lt and Gt Wenham, part of the Diocese of St Edmundsbury and Ipswich.

The Vicar has responsibility for leading the spiritual life of St Mary's, aided in this work by the Parochial Church Council (PCC) who share in the spiritual leadership of the church and act as trustees of the church building, operations and finance. The Churchwardens are members of the PCC and have certain statutory responsibilities for the building. The PCC has a Ministry Team (including Clergy, Readers and Elders) whose members assist the vicar in pastoral and other areas of church leadership. The PCC has also appointed a Safeguarding Officer and an Administrative Assistant.

As the Church is made up of all of these office-holders it would be impossible to operate effectively if personal data were not appropriately shared between the relevant people to the extent that it is necessary for the good functioning of the church and its ministry. For this reason, this privacy notice covers the way that the Incumbent and the PCC jointly use personal data. Together we are joint data controllers. This means we are all responsible to you for how we process your data.

Only those people who need to see your data will have access to it. So, for example, if the Vicar needs to know the names of parents and godparents of a child to be baptised this information would not normally be shared with the PCC.

How do we process your personal data?

The PCC of St Mary's complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We use your personal data for some or all of the following purposes:

  • The spiritual life of the church
  • To carry out all the work necessary to organise and publicise a regular cycle of services together with baptisms, confirmations, weddings, funerals, interment of ashes, services of remembrance and blessing, etc.
  • To organise pastoral and spiritual care which may include home or hospital visiting by the Ministry Team, Elders or some other appropriately authorised person.
  • To manage volunteering in an appropriate and efficient manner e.g. by organising rotas, meetings etc.
  • To organise appropriate opportunities for discipleship, service and spiritual development, e.g. house groups, Lent groups, mission related activity, hospitality, church BBQs etc.
  • Such other activities which enable us to carry out our mission in our community, to love our neighbour and to share the good news about Jesus.

We use your data to facilitate the administrative work of the church:

  • To enable us to meet our legal and statutory obligations including maintaining and publishing our Electoral Roll in accordance with the Church Representation Rules and passing details of elected role holders (e.g. Churchwardens, Deanery Synod reps, PCC Secretary and Treasurer) to St Edmundsbury and Ipswich Diocese.
  • To comply with safeguarding procedures in order to ensure that all children and adults at risk are provided with a safe environment.
  • To maintain our own accounts and records, to fundraise and to process donations (including Gift Aid information).
  • To send you communications about the church (which may be sent via electronic, non-electronic and social media means).
  • To administer our commercial activities, including the occasional hire of the Schoolroom.

What is the legal basis for processing your personal data?

  • Explicit consent so that we can keep you informed about news, events, activities and services and keep you informed about diocesan events.
  • Processing is necessary for carrying out legal obligations in relation to Gift Aid or under employment, social security or social protection law, or a collective agreement;

Sharing your personal data

We only share data if it is necessary to do so. The community life of  our church and the interconnected nature of the Church of England means that we sometimes have to share data with other parts of the church. We will share data in the following circumstances:

  • Within the clergy team and with appropriate lay people. e.g. for the organisation of a joint service, or circumstances where one clergyperson is standing in for another at a service or meeting. Sometimes other licensed clergy or lay people may also fulfil this role.
  • The Electoral Roll containing its members’ names and addresses is a statutory public document and we must publish it each year in a public place. In exceptional circumstances you can ask for your address to be redacted from the list. The roll is available for inspection at all times on request.
  • Being elected to an office in the church, e.g. Churchwarden, Treasurer, Secretary, Deanery Synod representative or PCC member similarly carries with it a degree of openness. The results of elections for these offices must be published in public and are available for inspection by anyone resident in the parish.
  • If you are on a rota to carry out a volunteering role in church, eg cleaning, flowers, or reading, we will share this rota with others on the rota and in church.
  • To administer regular giving to the church. This information is held confidentially by the Treasurer and is only shared with our independent financial examiner.
  • On occasion, we may disclose data to other churches with whom we are undertaking joint events or activities, e.g. the contact details of a volunteer who will lead the prayers at a joint service.
  • For the purpose of DBS Checks carried out in conjunction with the Diocesan Safeguarding Team who will disclose relevant details to the Parish Safeguarding Officer.

In the process of pastoral work, the Vicar, other clergy or lay people may encounter a situation where the law requires them to disclose data to a statutory authority. In this case their legal obligation will be paramount.

How long do we keep your personal data?

We will only retain personal information for as long as is necessary to fulfil the purpose for which you gave it or to fulfil a legal obligation. So, for example:

  • matters relating to safeguarding are likely to require long term or permanent retention of data and may preclude its deletion.
  • other records may have statutory retention periods, e.g. HMRC requires financial records to be kept for a minimum period of 7 years.

Your rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

  • The right to request a copy of your personal data which we hold about you;
  • The right to request that the PCC corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for the PCC to retain such data;
  • The right to withdraw your consent to the processing at any time
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to lodge a complaint with the Information Commissioners Office.

Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

Contact Details

To exercise all relevant rights, queries or complaints please contact the PCC Secretary (see contact info)

You can contact the Information Commissioners Office on 0303 123 1113 or via chat/email or by post at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.