GDPR

​“Personal data” is any information about a living individual which allows them to be identified from that data (for example a name, photographs, videos, email address, or address).  Identification can be by the information alone or in conjunction with any other information.  

The processing of personal data is governed by[the Data Protection Bill/Act 2017 the General Data Protection Regulation 2016/679 (the “GDPR” and other legislation relating to personal data and rights such as the Human Rights Act 1998].

This section holds our two statements about how we store and use data about individuals, in accordance with the General Data Protection Regulation.

In addition there is a form to be completed "Photographic release form" This si to be completed before any image of someone under 18 is used on Social Media or the website. 

Approved by the PCC:
February  2020

Introduction
The PCC of the Parish of Christ Church is committed to, and bound by both the Data Protection Act 1988 and the General Data Protection Regulation 2018 (GDPR). These make a number of provisions which include stating that person data.
  1. Shall be processed fairly and lawfully.
  2. Shall be obtained only for one or more specified and purposes and shall not be further processed in any manner incompatible with that purpose(s).
  3. Shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
  4. Shall be accurate and where necessary, kept up to date.
  5. When processed for any purposes or purposes shall be kept for longer than is necessary for that purpose or those purposes.
  6. Shall be processed in accordance with the rights of data subjects under the regulations.
  7. Shall be protected by appropriate technical and organisational measures to prevent unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to personal data. 
  8. Shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection of the rights and freedoms of the data subjects in relation to the processing of personal data.
The PCC only uses personal data in connection with charitable purposes. Specifically, but not exclusively: -
  1. The PCC receives and makes use of personal information about Parishioners.
  2. The PCC receives and makes use of personal information about other volunteers.
  3. The PCC holds records of financial contributions.
  4. The PCC holds records of other charitable organisations.
  5. The PCC holds details of activities of ‘MANNA’ – The Food Bank in Staines.
The PCC treats all personal information in total confidence and in accordance with the regulations.
The PCC will always endeavour to protect personal data from loss, misuse, unauthorised access or disclosure, alteration or destruction. Any subject access data request will be managed in line with appropriate legislations.
 
The PCC does not collect any personal information from visitors to its website other than information that is knowingly and voluntarily given.
 
The current data controller is the Vicar  of the Parish of Christ Church, Staines.
Appendix 1
 
Records Management Policy
 
Purpose
 
This policy sets out our commitment to achieving high standards in records management. Records management is vital to the delivery of our services in an orderly, efficient, and accountable manner. Effective records management will help ensure that we have the right information at the right time to make the right decisions. It will provide evidence of what we do and why. We will create and manage records efficiently, protect and store them securely and dispose of them safely at the right time. By adopting this policy, we aim to ensure that the record, whatever form it takes is accurate, reliable, ordered, complete, useful, up to date accessible whenever it is needed to:
 
  • help us carry out our mission and our business.
  • help us to make informed decisions.
  • protect the rights of our parishioners, employees and volunteers.
  • ensure we comply with relevant legislation.
  • provide an audit trail to legal requirements.
  • Support continuity and consistency in management and administration.
  • Promote our achievements.
 
Scope
 
This policy, together with any relevant procedures, applies to the management of all documents and records, in all technical or physical formats or media, created or received by the PCC in the conduct of its mission and/or business activities. It applies to all parties who are given access to our documents and records and information processing facilities.
 
Responsibilities
 
All Trustees of the PCC have a responsibility to ensure that our records are managed well. However, there are also some specific roles will are detailed below: -
 
The PCC in body corporate – to devise and annually review all data protection related polices.
The Standing Committee – to devise and annually review all procedures relating to data protection. To ensure that all parties who are given access to our documents and records and information processing facilities are aware of and adhere to both the policies and procedures.
 
Appendix 2
 
Data retention policy
 
Purpose
 
This policy exits to ensure that the PCC only retains information for as long as it is needed. It takes account of the context within which the PPC operates and complies with the fifth data principle.
Retention Schedule
 
A table containing the recommended retention period is given for each type of record held/used. The retention period applies to all records in that category by default and will be adhered to wherever possible. Retention periods also apply to all formats of records, i.e. paper and electronic, unless stated otherwise.
 
Type of record
Format
Retention period
Responsibility for destruction

Agenda & Minutes of the PCC.
Electronic/paper
6 Years
Parish Administer

Agenda & minutes of The Standing and Finance Committee.
Electronic/paper
6 Years
Parish Administer

Agenda & minutes of respective Leadership Teams.
Electronic/paper
6 Years
Parish Administer

Electoral Roll.
Electronic/paper
6 Years from last entry
Electoral Roll Officer

Contact details of staff.
Electronic/paper
6 Years
Parish Administer

Contact details of volunteers.
Electronic/paper
6 Years
Parish Administer

Details of financial Contributions.
Electronic/paper
6 Years
Treasurer

Details of financial Receipts.
Electronic/paper
6 Years
Treasurer

DBS checks.
Electronic/paper
4 Years (Checked every 3 years)
Parish Safeguarding Officer

Contract details for paid staff.
Electronic/paper
6 Years
Star Warden for Office staff and caretaker Vicar for Director Music.

  
Appendix 3
 
Information Sharing Policy
 
Purpose
 
This policy exits to ensure that the PCC only shares information when it is essential to do so. It takes account of the context within which the PCC operates and complies with the second data protection principle.
 
Scope
 
The PCC will only ever share the minimum amount of data necessary.
 
The PCC will only share information when it is essential to do so. Information will be shared with the following: -
 
  • The Dioceses of London upon receipt of a legal or reasonable request.
  • Specific employees, parishioners and/or volunteers in order that they fulfil their individual roles in pursuit of the PCC’s mission and /or business.
  • Other similar organisation if the PCC are unable to fulfil the request.
 
In the case of safeguarding concerns information will be shared in line with the PCC’s Safeguarding police and appropriate legislation.
 
                              Signed
 
 
 
On behalf of the PCC
February 2020 
 

 
Photographic Release Form
 
I hereby grant permission to Christ Church, Staines, to use any photographs of myself and/or my child, named below, taken at any Church event in publications, news releases, Facebook page and website from this date forward.
 
I will be given copies of any photograph if requested.
 
I can at any time withdraw this permission by requesting in writing use of the photographs be stopped and any that are currently stored are destroyed. I understand it is not always possible to completely remove images from any use on the internet, i.e. Facebook once published.
 
Copies of any photographs taken will be stored electronically in-line with Christ Church’s Data Protection, including GDPR Policy. Which may be viewed on their website: www.christchurchstaines.co.uk or you may request a copy from any member of staff.
 
Name (Adult):           ______________________________________
Address:                    ______________________________________
Telephone:                ______________________________________
E-mail (Optional):     ______________________________________
 
Childs Name:            ______________________________________
Relationship to adult above:           ___________________________
 
Signature:                 ______________________________________
Date:                           ______________________________________
(Signature of Adult, or Guardian of Children under age 18)
 
This completed form will be kept on file under Christ Church’s Data Protection,
including GDPR Policy.


Christ Church, Warwick Ave, Staines, TW18 1DP
www.facebook.com/staineschristchurch
www.christchurchstaines.co.uk