General Data Protection Regulation for St James Mar Thoma Church - UK
Registered Charity No. 1059210
Privacy Notice Issued on 26th April 2018
The policies drawn out below are under the obligations of the St James Mar Thoma Church UK with regard to the data protection and the rights of the members of the St James Mar Thoma Church – UK. This is in compliance with the use of personal data under the Data Protection Bill/Act 2017, the General Data Protection Regulation (GDPR) 2016/679 and other regulations relating to personal data and rights such as the Human Rights Act 1998.
2. Who we are?
The following private policy notice is provided to you by the St James Mar Thoma Church UK, which is a member of the newly instituted Zone of the Mar Thoma Church in the UK and Europe. The St James Mar Thoma Church UK works together with the following entities and other agencies who handle personal data:
As the St James Mar Thoma Church UK is engaged with all these entities working together, we may need to share personal data we hold with them so that they can carry out their responsibilities to the Church and our community. The organisations or their appointed representatives referred to above are joint data controllers. Therefore, we are all responsible to the members for how we process your data.
Each of the data handlers have their own tasks within the parishes and congregations and a description of what data is processed and what purpose is set out in this Privacy and Data Policy Document. In the rest of this Data Protection Policy, we use the word ‘we’ to refer to each data controller, as appropriate.
3. What data the Controllers listed above possess?
They will process some or all of the following where necessary to perform their tasks:
4. How do we process your personal data?
The data handlers will comply with their legal obligations to keep personal data up to date; store and destroy it securely; to not collect or retain excessive amount of data; to keep personal data secure, and protect personal data from loss, misuses, unauthorised access and disclosure that appropriate technical measures are in place to protect personal data. We use your personal data for some or all of the following purposes:
4. What is the legal basis for processing your data?
Most of our data is processed because it is necessary for legitimate interests, or the legitimate interest of a 3rd party (such as a sister church, ecumenical partners such as, WCC, CTE and CTBI). We will always take into account your interests, rights and freedoms. Some of our processing is necessary for compliance with a legal obligation. For example, we are required to publish wedding bans. Religious organisations are permitted to process information about your religious beliefs to administer membership register. Where your personal data is used other than in accordance with one of these legal bases, we will first obtain your consent to that use.
5. Sharing your personal data
Your personal data will be treated strictly confidential. It will only be shared with 3rd parties where it is necessary for the performance of our tasks or where you first give us your prior consent. It is likely that will need to share your data with some or all of the following (but only where necessary):
6. How long do we keep your personal data?
We will keep some records such as parish register, baptism records, marriage register and any such if we are legally required to do so permanently. For Example, it is the practice to keep financial records for a period of seven years to facilitate HMRC inspections. In general, we will endeavour to keep data only as long we need it. This means that we may destroy it when it is no longer needed and we shall inform such deletions to the persons concerned.
7. Your rights and your personal data
You have the following rights with respect to your personal data:
When exercising any rights listed below, in order to process your request, we may need to verify your identity for your security. In such cases we will need you to respond with proof your identity (Passport, driving Licence, etc.) before you can exercise your right.
7. 1. The right to access information we hold on you.
7. 2. The right to correct and update the information that we hold on you.
7. 3. The right to have your personal data removed
7.4. The right to object to processing your data
7. 5. The Right to data transferability
7. 6. The right to withdraw your consent by email or post (see contact details below).
7. 7. The right to object to the processing of the personal data where applicable.
7. 8. The right to lodge a complaint with the ‘Information Commissioner’s office.
8. Transfer of Data Abroad
Our websites (COMPE and Parish websites), digital publication (ECHO and Newsletters) are accessible from other countries and so on some occasion personal data may be assessed from overseas.
9. Further processing
If we wish you to use your data for a new purpose, not covered by this document, then we will provide you with a new notice of information explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever, necessary, we will seek your prior consent to the new processing of personal data.
10. Contact details
Please contact us if you have any questions about this Privacy notice or the information we hold about you or to exercise all relevant rights, queries or complaint at:
Other contact points: Information Commissioner’s Office on 0303 123 1113 or via email:
https://ico.org.uk/gobal/contact-us/email/ or by post Information Commissioner’s office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.