G.D.P.R.

G.D.P.R.

“Personal data” is any information about a living individual which allows them to be identified from that data (for example a name, photographs, videos, email address, or address). Identification can be by the information alone or in conjunction with any other information.
The processing of personal data is governed by[the Data Protection Bill/Act 2017 the General Data Protection Regulation 2016/679 (the “GDPR” and other legislation relating to personal data and rights such as the Human Rights Act 1998].
This section holds our two statements about how we store and use data about individuals, in accordance with the General Data Protection Regulation.
In addition there is a form to be completed "Photographic release form" This si to be completed before any image of someone under 18 is used on Social Media or the website.

Approved by the PCC: February 2020 Introduction

The PCC of the Parish of Christ Church is committed to, and bound by both the Data Protection Act 1988 and the General Data Protection Regulation 2018 (GDPR). These make a number of provisions which include stating that person data.

Shall be processed fairly and lawfully.
Shall be obtained only for one or more specified and purposes and shall not be further processed in any manner incompatible with that purpose(s).
Shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
Shall be accurate and where necessary, kept up to date.
When processed for any purposes or purposes shall be kept for longer than is necessary for that purpose or those purposes.
Shall be processed in accordance with the rights of data subjects under the regulations.
Shall be protected by appropriate technical and organisational measures to prevent unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to personal data.
Shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection of the rights and freedoms of the data subjects in relation to the processing of personal data.

The PCC only uses personal data in connection with charitable purposes. Specifically, but not exclusively: -

The PCC receives and makes use of personal information about Parishioners.
The PCC receives and makes use of personal information about other volunteers.
The PCC holds records of financial contributions.
The PCC holds records of other charitable organisations.
The PCC holds details of activities of ‘MANNA’ – The Food Bank in Staines

The PCC treats all personal information in total confidence and in accordance with the regulations.

The PCC will always endeavour to protect personal data from loss, misuse, unauthorised access or disclosure, alteration or destruction. Any subject access data request will be managed in line with appropriate legislation's.

.
The PCC does not collect any personal information from visitors to its website other than information that is knowingly and voluntarily given.

The current data controller is the Vicar of the Parish of Christ Church, Staines.

Appendix 1 Records Management Policy Purpose

This policy sets out our commitment to achieving high standards in records management. Records management is vital to the delivery of our services in an orderly, efficient, and accountable manner. Effective records management will help ensure that we have the right information at the right time to make the right decisions. It will provide evidence of what we do and why. We will create and manage records efficiently, protect and store them securely and dispose of them safely at the right time. By adopting this policy, we aim to ensure that the record, whatever form it takes is accurate, reliable, ordered, complete, useful, up to date accessible whenever it is needed to:

help us carry out our mission and our business.

help us to make informed decisions.

protect the rights of our parishioners, employees and volunteers.

ensure we comply with relevant legislation.

provide an audit trail to legal requirements.

Support continuity and consistency in management and administration.

Promote our achievements.

Scope

This policy, together with any relevant procedures, applies to the management of all documents and records, in all technical or physical formats or media, created or received by the PCC in the conduct of its mission and/or business activities. It applies to all parties who are given access to our documents and records and information processing facilities.

Responsibilities

All Trustees of the PCC have a responsibility to ensure that our records are managed well. However, there are also some specific roles will are detailed below: -
The PCC in body corporate – to devise and annually review all data protection related polices.
The Standing Committee – to devise and annually review all procedures relating to data protection. To ensure that all parties who are given access to our documents and records and information processing facilities are aware of and adhere to both the policies and procedures.

Appendix 2 Data Retention Policy Purpose

This policy exits to ensure that the PCC only retains information for as long as it is needed. It takes account of the context within which the PPC operates and complies with the fifth data principle.
Retention Schedule
The table below contains the recommended retention period is given for each type of record held/used. The retention period applies to all records in that category by default and will be adhered to wherever possible. Retention periods also apply to all formats of records, i.e. paper and electronic, unless stated otherwise.

Appendix 3 Information Sharing Policy Purpose

This policy exits to ensure that the PCC only shares information when it is essential to do so. It takes account of the context within which the PCC operates and complies with the second data protection principle.

Scope

The PCC will only ever share the minimum amount of data necessary.

The PCC will only share information when it is essential to do so. Information will be shared with the following:

The Dioceses of London upon receipt of a legal or reasonable request.
Specific employees, parishioners and/or volunteers in order that they fulfil their individual roles in pursuit of the PCC’s mission and /or business.
Other similar organisation if the PCC are unable to fulfil the request.

In the case of safeguarding concerns information will be shared in line with the PCC’s Safeguarding police and appropriate legislation.

Signed

On behalf of the PCC

February 2020

Photographic Release Form

I hereby grant permission to Christ Church, Staines, to use any photographs of myself and/or my child, named below, taken at any Church event in publications, news releases, Facebook page and website from this date forward.

I will be given copies of any photograph if requested.

I can at any time withdraw this permission by requesting in writing use of the photographs be stopped and any that are currently stored are destroyed. I understand it is not always possible to completely remove images from any use on the internet, i.e. Facebook once published.

Copies of any photographs taken will be stored electronically in-line with Christ Church’s Data Protection, including GDPR Policy. Which may be viewed on their website: www.christchurchstaines.co.uk or you may request a copy from any member of staff.

Name (Adult): ______________________________________

Address: ______________________________________

Telephone: ______________________________________

E-mail (Optional): ______________________________________

Childs Name: ______________________________________

Relationship to adult above: ___________________________

Signature: ______________________________________

Date: ______________________________________

(Signature of Adult, or Guardian of Children under age 18)

This completed form will be kept on file under Christ Church’s Data Protection,

including GDPR Policy.

Christ Church, Warwick Ave, Staines, TW18 1DP