Stepps Parish Church SC014212
Purpose of this Notice
This Privacy Notice outlines the way in which the Congregation will use personal information provided to us. Personal information includes any information that identifies you personally, such as your name, address, email address or telephone number.
The Congregation recognises the importance of your privacy and personal information and we have therefore outlined below how we use, disclose and protect this information. The Congregation, jointly with the Presbytery of Glasgow, is the data controller, because we decide how your data are processed and for what purpose. Contact details for us are provided below.
How we use information
We use the information you give to us:
• to administer membership records, including a Communion Roll and Supplementary Roll;
• for pastoral care purposes;
• in relation to participation in Congregational activities;
• to provide you with information about news, events, and activities within
the Congregation or the wider Church of Scotland;
• to provide the services of a parish church to the local community;
• to fulfill contractual or other legal obligations;
• to manage our employees;
• to further our charitable aims, for example through fundraising activities;
• to maintain our accounts and records (including the processing of Gift Aid
applications);
• to meet our safeguarding obligations
• if CCTV is in place, we have this for the prevention and detection of crime.
Our congregation shares information with Website4Christians to update our website on a monthly basis. This includes the uploading of our monthly newsletter, updating tiles with relevant information of what is happening locally and providing a service that forwards on e-mails ending steppsparishchurch.org.
Disclosure of information
The Congregation will only share your personal information where this is necessary for the purposes set out above. Information will not be shared with any third party out with the Church of Scotland without your consent unless we are obliged or permitted to do so by law.
Basis for processing personal information
The Congregation processes your information in the course of its legitimate activities, with appropriate safeguards in place, as a not-for-profit body with a religious aim and on the basis that our processing relates solely to members, former members or people who have regular contact with us, and that this information is not disclosed to any third party without your consent.
We also process information where this is necessary for compliance with our legal obligations; where processing is necessary for the purposes of our legitimate interests and such interests are not overridden by your interests or fundamental rights and freedoms; and where you have given consent to the processing of your information for a particular purpose.
Storage and security of personal information
The Congregation will strive to ensure that personal information is accurate and held in a secure and confidential environment. We will keep your personal information for as long as you are a member or adherent or have regular contact with us or so long as we are obliged to keep it by law or may need it in order to respond to any questions or complaints or to show that we treated you fairly. We may also keep it for statistical purposes but if so, we will only use it for that purpose. When the information is no longer needed it will be securely destroyed or permanently rendered anonymous. Our data retention policy is stated at the end of this document.
Getting a copy of your personal information
You can request details of the personal information which the Congregation holds about you by contacting us using the contact details given below.
Inaccuracies and Objections
If you believe that any information the Congregation holds about you is incorrect or incomplete or if you do not wish your personal information to be held or used by us, please let us know. Any information found to be incorrect will be corrected as quickly as possible.
You have the right to object to our use of your personal information, or to ask us to remove or stop using your personal information if there is no need for us to keep it. There may be legal or other reasons why we need to keep or use your data, but please tell us if you think that we should not be using it.
If we are processing your data based on your explicit consent, you can withdraw your consent at any time. Please contact us if you want to do so.
Contact us
You can contact us by getting in touch with the Session Clerk, Lorraine Robertson, sessionclerk@steppsparishchurch.org
How to complain
You have the right to complain to the Information Commissioner’s Office about anything relating to the processing of your personal information by the Congregation. You can contact the ICO via its website at www.ico.org.uk or at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
Data Retention Schedule
Category
Type of data
Retention Period
1.Congregational Roll
Members’ personal data and members of church organisations
Certificates of Transference
Database for mailing / distribution lists – Congregational roll and friends)
Keep for 100 years but data reviewed annually and delete out of date information
100 years
Reviewed annually. Out of date information deleted.
2.Minute Taking
Minutes of Congregational Board
Minutes of Kirk Session Resolutions
Minutes of church organisation meetings
50 years
50 years Permanent 6 years
3.Employment / Recruitment
Employee/appointment records; time records
Enquires; applications; notes; letters; references
Duration of employment plus 7 years
6 months after completion of recruitment. If a future similar activity is expected, hold the data for one year.
4.Safeguarding
Advice, emails, letters, Covenants of Responsibility, Risk Assessment, complaints concerning people; audit for congregations and presbyteries.
Volunteer records
Audit and review work papers
100 years
Duration of placement plus 7 years
5 years from the end of the period in which the audit or review was concluded
Category
Type of data
Retention Period
5.Safe buildings
Documents relating to litigation or potential litigation: first aid records; accident records
Hazardous material exposures
Injury and Illness Incident Reports
Construction documents Fixed Asset
Audit and review work papers
Environmental studies
Insurance contracts and policies; property; compensation
Leases
Buildings documentation; title deeds
Warranties
Records relating to legal proceedings
Until matter in concluded plus 7 years
30 years
5 years
Permanent
Permanent
5 years from the end of the period in which the audit or review was concluded
Permanent Permanent
7 years after completion Permanent
Duration of warranty plus 7 years
Conclusion of tribunal plus 7 years
Category
Type of Data
Retention Period
6.Finance
Salary schedules
Payroll records
Contracts
Charitable / tax exempt status records
Sales and purchases records
Audit and review workpapers
Record of financial donations
Accounts payable and receivables ledgers and schedules
Annual audit reports and financial statements
Annual plans and budgets
Bank statements
Business expense records
Cash/cheque receipts Electronic transfer fund
2 years
Minimum of 7 years
7 years after end of contract Permanent
Finance
5 years from the end of the period in which the audit or review was concluded
7 years 7 years
Permanent
2 years
Minimum of 7 years 7 years
7 years
7 years
7 years
Employee expense reports
General ledgers Journal entries Invoices
Petty cash vouchers Tax records
Note of fees paid to professionals
Insurance claims; applications; disbursements; denials