Following a routine review of our Data Protection measures we have revised the Data Protection Policy, created a new Data Retention Policy (both are on our website) and created a new Privacy Notice with all three also displayed inside church. Overall, nothing has changed – we comply with the law, minimise our personal data use and protect people. We have added a bit of colour to the basic terms, now that the current data protection system has been in place for a couple of years.
We must comply with legislation, but our higher (and highest!) authority is, of course, God. We are all called to His standards and this can be summarised as: A gossip betrays a confidence, but a trustworthy person keeps a secret. (Proverbs 11:13)
So we ask: Am I allowed, or do I need, to have, to use or to share this information? If so, how can I keep it secure and use or share it safely?
We will process personal data fairly and transparently, and collect it for legitimate purposes.
‘Personal information’ relates to a living person. ‘Special category data’ reveals certain characteristics and one of them is ‘religious beliefs’ so clearly we are closely involved with that!
Using special category data is prohibited unless we have an ‘exemption’ of which three are relevant: (1) consent; (2) legitimate activities of a religious organisation with appropriate safeguards; and (3) necessary for the public interest, particularly to protect an individual’s well-being. In practice, as well as praying for you and just showing family love to you, if we know your details, we can reach out to you and send you the E-pistle newsletter, details of services and call to check all is well. At any time, you can always tell us to stop!
We keep the data secure – this means we don’t share it unless we have to by law or as part of our church family activities, for example, someone in the church family using your phone number just to call on behalf of the church and see how you are.
We look after your data and will not leave address lists lying around or sell them. The Congregational Roll can be kept, by law, for 100 years (and can then archived). Miscellaneous contact information can be kept but must be reviewed and then deleted when there is no requirement to keep it. So, for example, if someone asks us to send correspondence to a relative who is not themself a member of SSCB, we can do so.
We use your data to administer membership records, for pastoral care and in relation to our activities (such as sending out this E-pistle) etc. This is why and how we have the information and are using it.
There are basic protection measures for all – e.g., if we are sending an email to a number of people, we will seek to send it as a ‘bcc’ blind copy so everyone’s email address is not listed openly. If we refer to anyone in a document but do not need to name them fully, then we will use a short form or use their initials etc.
All this applies to printed records as well as electronic.
Please be reassured: none of this stops you keeping and using your own contact details of people in church, even if you are also a church office-holder. It applies where you are acting on behalf of SSCB in carrying out a church task.
The Session Clerk is the ‘Data Protection Officer.’ If you have any questions or concerns, please make contact and they can be addressed.
While I was with them, I protected them and kept them safe by that name you gave me. (John 17:12)
[from Timothy Pitt, Data Protection Officer]