Christ Church New Catton
Data Protection & Privacy Policy
This Privacy Notice is provided by the PCC of Christ Church New Catton to explain what to expect when we collect, use, store, and protect your personal data in accordance with the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018, and guidance issued by the Church of England.
Data Controller
The Parochial Church Council (“PCC”) of Christ Church New Catton is the data controller for the purposes of data protection law.
1. Personal Data We May Collect
We may collect, store, and use the following categories of personal data:
Personal details
- Names
- Postal addresses
- Telephone numbers
- Email addresses
- Dates of birth (where appropriate)
Church administration information
- Electoral roll information
- Baptism, confirmation, marriage, and funeral records
- Pastoral care records
- Volunteer information
- Church directory
- DBS and safeguarding information where required
Financial information
- Gift Aid declarations
- Donation records
- Bank details for payments or reimbursements
Communications data
- Preferences for newsletters and communications
- Attendance at church events
- Mailing list subscriptions
Website and online data
- Information submitted through website forms
- Cookies and analytics data where applicable
2. How We Use Personal Data
We process personal data for the following purposes:
- To maintain church records
- To administer membership and the electoral roll
- To organise church services, events, and activities
- To provide pastoral support
- To communicate news, events, and church activities
- To manage volunteers and safeguarding obligations
- To process donations and Gift Aid
- To comply with legal obligations
- To maintain security and prevent fraud
3. Lawful Bases for Processing
Under UK GDPR, we rely on one or more of the following lawful bases:
Legitimate interests
Processing necessary for the normal running of the church and parish activities.
Consent
Where required, we will ask for clear consent before sending marketing communications or publishing photographs.
Legal obligation
Where processing is necessary to comply with legal requirements. For example we are required by law to collect and process data for weddings, funerals, baptisms etc.
Vital interests
In rare circumstances where processing is necessary to protect someone’s life or wellbeing.
Religious organisations
As a religious body, we may process certain categories of personal data relating to members or former members in accordance with Article 9 UK GDPR.
4. Special Category Data
Certain information, such as religious belief, health information, or safeguarding records, is classed as special category data.
We will only process such information:
- with appropriate safeguards,
- where permitted by law,
- and only where necessary for church activities or safeguarding responsibilities.
Access to such data is restricted to authorised persons.
5. Sharing Personal Data
We will not sell personal data.
We may share information where necessary with:
- the Diocese
- the Church of England
- HM Revenue & Customs (for Gift Aid)
- safeguarding authorities
- professional advisers
- IT and administrative service providers
- law enforcement agencies where legally required
All third parties are expected to keep data secure and use it only for authorised purposes.
6. Data Retention
We keep personal data only for as long as necessary.
Some church records, including registers of baptisms, marriages, and funerals, may be retained permanently in accordance with legal and ecclesiastical requirements.
Other records will be securely deleted or destroyed when no longer required, in line with the Church of England Records Retention Schedule.
7. Data Security
We take appropriate measures to protect personal data, including:
- password protection
- secure storage
- restricted access
- secure disposal of records
- staff and volunteer awareness
Where data is held electronically, reasonable technical safeguards are used to reduce the risk of unauthorised access or loss.
8. Photography and Media
Photographs or videos may occasionally be taken during church services or events for church publications, displays, social media, or the church website.
Where appropriate, consent will be obtained, especially for children and vulnerable adults.
Anyone who does not wish to be photographed should inform the minister or event organiser.
9. Your rights and your personal data
Unless subject to an exemption under the UK GDPR, you have the following rights with respect to your personal data: -
- The right to request a copy of the personal data held by the PCC and church holds about you (a Subject Access Request or ‘SAR’);
- The right to request that the PCC corrects any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary to retain such data;
- The right to withdraw your consent to the processing at any time where we have obtained your consent;
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data (in limited circumstances);
- The right to lodge a complaint with the Information Commissioners Office.
10. Complaints
If you are concerned about how your data is being handled, please contact us first.
You also have the right to complain to the UK supervisory authority:
Information Commissioner's Office
The link below opens this information in a pdf that can be downloaded