Privacy policy

Stepps Parish Church SC014212

Purpose of this Notice

This Privacy Notice outlines the way in which the Congregation will use personal information provided to us. Personal information includes any information that identifies you personally, such as your name, address, email address or telephone number.

The Congregation recognises the importance of your privacy and personal information and we have therefore outlined below how we use, disclose and protect this information. The Congregation, jointly with the Presbytery of Glasgow, is the data controller, because we decide how your data are processed and for what purpose. Contact details for us are provided below.

How we use information

We use the information you give to us:

• to administer membership records, including a Communion Roll and Supplementary Roll;

• for pastoral care purposes;

• in relation to participation in Congregational activities;

• to provide you with information about news, events, and activities within

the Congregation or the wider Church of Scotland;

• to provide the services of a parish church to the local community;

• to fulfill contractual or other legal obligations;

• to manage our employees;

• to further our charitable aims, for example through fundraising activities;

• to maintain our accounts and records (including the processing of Gift Aid


• to meet our safeguarding obligations

• if CCTV is in place, we have this for the prevention and detection of crime.

Our congregation shares information with Website4Christians to update our website on a monthly basis. This includes the uploading of our monthly newsletter, updating tiles with relevant information of what is happening locally and providing a service that forwards on e-mails ending steppsparishchurch.org.

Disclosure of information

The Congregation will only share your personal information where this is necessary for the purposes set out above. Information will not be shared with any third party out with the Church of Scotland without your consent unless we are obliged or permitted to do so by law.

Basis for processing personal information

The Congregation processes your information in the course of its legitimate activities, with appropriate safeguards in place, as a not-for-profit body with a religious aim and on the basis that our processing relates solely to members, former members or people who have regular contact with us, and that this information is not disclosed to any third party without your consent.

We also process information where this is necessary for compliance with our legal obligations; where processing is necessary for the purposes of our legitimate interests and such interests are not overridden by your interests or fundamental rights and freedoms; and where you have given consent to the processing of your information for a particular purpose.

Storage and security of personal information

The Congregation will strive to ensure that personal information is accurate and held in a secure and confidential environment. We will keep your personal information for as long as you are a member or adherent or have regular contact with us or so long as we are obliged to keep it by law or may need it in order to respond to any questions or complaints or to show that we treated you fairly. We may also keep it for statistical purposes but if so, we will only use it for that purpose. When the information is no longer needed it will be securely destroyed or permanently rendered anonymous. Our data retention policy is stated at the end of this document.

Getting a copy of your personal information

You can request details of the personal information which the Congregation holds about you by contacting us using the contact details given below.

Inaccuracies and Objections

If you believe that any information the Congregation holds about you is incorrect or incomplete or if you do not wish your personal information to be held or used by us, please let us know. Any information found to be incorrect will be corrected as quickly as possible.

You have the right to object to our use of your personal information, or to ask us to remove or stop using your personal information if there is no need for us to keep it. There may be legal or other reasons why we need to keep or use your data, but please tell us if you think that we should not be using it.

If we are processing your data based on your explicit consent, you can withdraw your consent at any time. Please contact us if you want to do so.

Contact us

You can contact us by getting in touch with the Session Clerk, Lorraine Robertson, sessionclerk@steppsparishchurch.org

How to complain

You have the right to complain to the Information Commissioner’s Office about anything relating to the processing of your personal information by the Congregation. You can contact the ICO via its website at www.ico.org.uk or at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

Data Retention Schedule


Type of data

Retention Period

1.Congregational Roll

Members’ personal data and members of church organisations

Certificates of Transference

Database for mailing / distribution lists – Congregational roll and friends)

Keep for 100 years but data reviewed annually and delete out of date information

100 years

Reviewed annually. Out of date information deleted.

2.Minute Taking

Minutes of Congregational Board

Minutes of Kirk Session Resolutions

Minutes of church organisation meetings

50 years

50 years Permanent 6 years

3.Employment / Recruitment

Employee/appointment records; time records

Enquires; applications; notes; letters; references

Duration of employment plus 7 years

6 months after completion of recruitment. If a future similar activity is expected, hold the data for one year.


Advice, emails, letters, Covenants of Responsibility, Risk Assessment, complaints concerning people; audit for congregations and presbyteries.

Volunteer records

Audit and review work papers

100 years

Duration of placement plus 7 years

5 years from the end of the period in which the audit or review was concluded


Type of data

Retention Period

5.Safe buildings

Documents relating to litigation or potential litigation: first aid records; accident records

Hazardous material exposures

Injury and Illness Incident Reports

Construction documents Fixed Asset

Audit and review work papers

Environmental studies

Insurance contracts and policies; property; compensation


Buildings documentation; title deeds


Records relating to legal proceedings

Until matter in concluded plus 7 years

30 years

5 years



5 years from the end of the period in which the audit or review was concluded

Permanent Permanent

7 years after completion Permanent

Duration of warranty plus 7 years

Conclusion of tribunal plus 7 years


Type of Data

Retention Period


Salary schedules

Payroll records


Charitable / tax exempt status records

Sales and purchases records

Audit and review workpapers

Record of financial donations

Accounts payable and receivables ledgers and schedules

Annual audit reports and financial statements

Annual plans and budgets

Bank statements

Business expense records

Cash/cheque receipts Electronic transfer fund

2 years

Minimum of 7 years

7 years after end of contract Permanent


5 years from the end of the period in which the audit or review was concluded

7 years 7 years


2 years

Minimum of 7 years 7 years

7 years

7 years

7 years

Employee expense reports

General ledgers Journal entries Invoices

Petty cash vouchers Tax records

Note of fees paid to professionals

Insurance claims; applications; disbursements; denials