GDPR Privacy Notice & Retention Policy - Edinburgh Vineyard
Edinburgh Vineyard is committed to protecting the privacy and security of your personal information that we collect as a "data controller". This privacy notice describes how we collect and use personal information about you in relation to church administration, in accordance with the General Data Protection Regulation (GDPR).
It applies to everyone who gives us their details so that we can run the various church serving teams smoothly, and get in contact with our members. We may update this privacy notice from time to time as required by law or due to changes in practice. This statement is effective from May 2019.
The kind of information we hold about you
Personal data, or personal information, means any information about an individual from which that person can be identified. We may collect, store, and use the following categories of personal information about you:
- Personal details such as name, age, email address, address, phone number, and gender.
- In specific scenarios, if needed to reimburse expenses, bank account details.
We may also collect, store and use "special categories" of more sensitive personal information, including information about your marital status if you choose to provide it.
How is your personal information collected?
We typically collect personal information about you through you filling in a form.
How we will use information about you
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information where it is necessary for our legitimate interests (or those of a third party) in the effective running of the church. We may also use your personal information where we need to protect your interests (or someone else's interests), or where it is needed in the public interest or for official purposes. These circumstances are likely to be rare.
Examples of situations in which we will use your personal information:
- To maintain accurate records.
- For monitoring and planning e.g., arranging service team rotas.
- To reimburse expenses (if applicable).
- To contact next of kin in an emergency.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law or regulation.
Do we need your consent?
In signing up to be part of a serving team, you are acknowledging that we need the information requested so that we can use it for the effective running of the church. If you request that we stop processing your data for this purpose, the consequence would be that you could no longer be part of the serving team, though of course you are still welcome at church.
In relation to special categories of data, you have the option not to provide details if you would rather not - this is your choice. You can withdraw your consent to providing special categories of data without any consequence.
Data sharing
All data is stored on ChurchSuite, a third-party application. We require third parties to respect the security of your data and to treat it in accordance with the law. We may transfer your personal information outside the EU. If we do, you can expect a similar degree of protection in respect of your personal information. We may also store information about you on Google Drive, in which case access to any personal data would be locked down to people within the organisation who need access to it to perform their role.
Other than this we will not share your data with any other organisation without your consent.
Data retention
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements, for the defence of any legal claims and for the legitimate interests of the organisation as applicable. We will retain and securely destroy your personal information in accordance with this privacy notice, and applicable laws and regulations.
We will normally retain your data for as long as you are attending the church, and up to [7] years after you leave, unless you ask us to delete this earlier.
Rights of access, correction, erasure, and restriction
It is important that the personal information we hold about you is accurate and current. You have a duty to keep us informed if your personal information changes during your relationship with us.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
- Request access to your personal information (known as a "data subject access request").
- Request correction of the personal information that we hold about you.
- Request the erasure of your personal information or ask us to stop processing personal information where we are relying on a legitimate interest and you object to processing on this ground, or where you wish to withdraw your consent to our processing of your data.
- Request the suspension or restriction of processing of your personal information.
- Request the transfer of your personal information to another party.
If you have any questions about this privacy notice, or to exercise any rights under it, please contact Ben or Kate at ben@edinburghvineyard.org or kate@edinburghvineyard.org If you believe that 2050 Climate Group has not complied with your data protection rights, you have the right to complain to the Information Commissioner.