St Peter's Church Data Protection Policy
From the 25th May 2018, a new General Data Protection Regulation (GDPR) is in force. Under the terms of the Regulation we are required to inform you about your personal data that we hold and how and by whom it can be accessed.
The Parish Church of St Peter’s, Jersey.
Will comply with the General Data Protection Regulation (GDPR) 2018, as enshrined in The Data Protection (Jersey) Law 2018 and Data Protection Authority (Jersey) Law 2018. The new law enhances the existing law and:
- Expands liability to all organisations that deal with personal data
- Introduces data breach notification within 72 hours to the local DP Authority
- Introduces increased fines – up to 4% of global annual turnover or EUR 20million (whichever is the highest)
Will provide a Privacy Notice, as required or requested, which forms part of this Policy and should be read in conjunction with it. Our Policy parameters may be summarised as follows:
- How we collect information about you
- What personal information we might collect from you
- How we use this information
- How we protect your personal information
- How we keep your information up to date.
Definitions and further information
You may find the explanations below helpful
Permission to store and process your data
In order to manage your relationship with St. Peter’s Church, we need to record personal data. The information we collect is limited to what is necessary for the administration of the Church’s work and commitments. We are happy to consider any requests you have in relation to your data.
What is personal data?
Personal data is data which can be used to identify you. This includes your name and address, email address, and contact telephone numbers. In order to be clear about what information you are happy for us to hold, we will make available a Consent Form which we request is completed and returned to the Data Controller. If you are in a position of leadership within the Church, we may display a picture to help others to identify you.
Where is the data stored?
Your information is stored electronically under the control of the Data Controller.
How will your data be used?
Your data will primarily be used for the purpose of managing your membership of St. Peter’s Church and activities there to and the Deanery of Jersey and Diocese of Canterbury, if applicable. We will contact you to inform you of upcoming events and other announcements directly relevant to these activities.
If your membership of the church ceases, information concerning you will be removed from the database as soon as practically possible. (Unless you have been remunerated by the Church in any capacity, when Employment Laws will take priority), the period will not exceed 6 months.
Personal data will not be shared with third parties, except where required by law or authorised by the member.
You are responsible for ensuring that if your personal data changes, you should inform the Rector accordingly, who is the data controller.
What is a Data Controller?
A Data Controller is someone who is responsible for your data and who must make sure that your data is processed according to the law. For example, they are responsible for making sure that the information held about you is accurate and that it is kept secure.
The Rector is the data controller for the purposes of the GDPR in respect of St. Peters Church, Jersey. Please contact the Rector at email@example.com if you have any questions regarding your data.
COVID-19 Data. During the 2020 Coronavirus Pandemic it has become law in Jersey that churches collect contact details for the purposes of Track and Trace. These details will be kept securely and only revealed to the appropriate authority on receipt of an official request. they will be destroyed after 21 days.
This policy will be reviewed from time to time to take into account legislative changes and practical experience.
Last updated: 3 December 2020