Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (GDPR).
Who are we?
Hope Bedfordshire gathers and processes your personal information in accordance with this privacy notice and in compliance with the relevant data protection Regulation and law. This notice provides you with the necessary information regarding your rights and obligations, and explains how, why and when we collect and process your personal data.
We are registered with the Information Commissioner’s Office number A8345141
How do we process your personal data?
Hope Bedfordshire complies with their obligations under the GDPR by:
- Keeping personal data up to date;
- Storing and destroying it securely;
- Not collecting or retaining excessive amounts of data;
- Protecting personal data from loss, misuse, unauthorised access and disclosure, and
- Ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for the following purposes:
- To enable us to contact you about Church Services
- To enable us to contact you about social events and meetings
- To enable us to contact you about preaching engagements
- To contact you to ensure we have correct information;
- To administer database records;
- To maintain our own accounts and records, including the processing of invoice and expenses payments.
What is the legal basis for processing your personal data?
- Explicit consent of the data subject so that we can keep you informed about church services, social events and meetings
- Processing is necessary for carrying out obligations under Financial Standards rules, employment, social security or social protection law, or a collective agreement;
- Processing is carried out by our staff under the guidance of the Data Controller who ensures there is no disclosure to a third party without consent.
Sharing your personal data
Hope Bedfordshire takes your privacy very seriously and will never disclose, share or sell your data without your consent, unless required to do so by law. We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. We only retain your data for as long as is necessary and for the purposes specified in this notice. Your personal data will be treated as strictly confidential and will only be shared with third parties where you have given consent to share your personal data.
How long do we keep your personal data?
We retain personal data for the following periods:
a. Personal data required to be kept for legal or fiscal reasons, and associated paperwork, will be retained for up to 6 years after the calendar year to which they relate;
b. Personal data relating to individuals will be retained until they ask to be removed from our mailing list
Your rights and your personal data
You have the right to access your personal information that we process and to request information about:
- What personal data we hold about you;
- The purposes of the processing;
- The categories of personal data concerned;
- The recipients to whom the personal data has/will be disclosed;
- How long we intend to store your personal data;
- If we did not collect the data directly from you, information about the source.
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to update/correct it as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
You also have the right to request erasure of your personal data or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the relevant request; this is to ensure that your data is protected and kept secure.
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
To exercise all relevant rights, queries or complaints, in the first instance please contact:
The Data Controller
c/o 1 Abbey Road
You can contact the Information Commissioner’s Office:
By phone: +44 (0)303 123 1113
or email via www.ico.org.uk/global/contact-us/email/
or by post to:
The Information Commissioner’s Office