Privacy Statement
Privacy Statement
Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the Data Protection Act 1998 and subsequent UK legislation and regulations.
Who are we?
Wootton New Life Methodist Church are part of The Methodist Church. The Methodist Church in Britain is the data controller, and the Methodist Council is responsible for implementation of legal obligations (contact details at the end of this notice). This means it decides how your personal data is processed and for what purposes. The Methodist Council may change this policy from time to time and any such changes will be published on our website. Nothwithstanding any change to this policy, we will continue to process your personal data in accordance with your rights and our obligations in law.
How do we process your personal data?
We collect data necessary for the Methodist Church in Britain to pursue its stated charitable objectives, and by running events, maintaining memberships, keep our members and supporters informed of our activities, marketing, fundraising and the effective running of the Methodist Church in Britain through its staff, trustees and volunteers.
In furtherance of this we use your personal data, which includes but is not limited to the following purposes: -
To maintain and update lists of officers and groups that are part of the Methodist Church in Britain
Oversight of ministers, including the production of the Minutes of the Conference
Administrative support to committees and other bodies in the Methodist Connexion
Recruitment to appointments and volunteer posts in the Methodist Connexion
Safeguarding casework and safer recruitment work
Conference/events management
Responding to queries about Constitutional, Discipline and Practice of the Methodist Church in Britain
Oversight of the Complaints and Disciplinary procedures
Issuing and arranging the distribution of publications, mailings and newsletters
Enabling people to participate in campaigns/allowing the administration of campaigns
Communication with existing/new/potential supporters of the Methodist Church about enquiries relating to giving to/fundraising on behalf and promoting the interests of the Methodist Church
Facilitating the application process for Connexional Grants
Managing properties held connexionally by the Methodist Church in Britain
Recruitment and Administration of staff and mission personnel
Administration and support for users of Connexional Team IT resources as well as online applications serviced by the Connexional Team.
Financial services:
Payment of expenses/invoices
Payment of stipends/wages
Administering income
Fulfilling obligations under Health & Safety legislation
Oversight of Local Preacher training and records
Administering the candidating process and training of ministers
Training course administration
Archiving for research purposes
To respond to general enquiries
Data collected and processed may include, but not be limited to:
name and job title
contact information including email address
demographic information such as postcode, preferences and interests
Sensitive data [1] may be collected where necessary for safeguarding purposes, or upon application to become a minister or to hold an office in the Methodist Church, or for employment purposes, or where required by law.
What is the legal basis for processing your personal data?
Organisations are permitted to process data if they have a legal basis for doing so. The Methodist Church in Britain processes data on the basis that:
The Methodist Church in Britain has a legitimate interest to process data; and/or
Express and informed consent has been given by the person whose data is being processed; and/or
It is necessary in relation to a contract or agreement which the person has entered into or because the person has asked for something to be done so they can enter into a contract or agreement; and/or
There is a legal obligation on the Methodist Church in Britain to process data; and/or
Processing is necessary to protect the vital interests of a data subject or another person (in accordance with safeguarding policy and practice).
Where we process special category sensitive data (under Article 9 of the GDPR) we process data on the basis that:
Explicit consent has been given by the person whose data is being processed; and/or
It is necessary for the Methodist Council to carrying out its obligations under employment, social security or social protection law, or a collective agreement; and/or
Processing is necessary to protect the vital interests of a data subject or another individual where the data subject is physically or legally incapable of giving consent; (in accordance with safeguarding policy and practice); and/or
The Methodist Church in Britain is a membership organisation and the processing relates only to members or former members or those who have regular contact with it in connection with its purposes, and no disclosure is made to a third party without consent of the person whose data is being processed; and/or
Processing is necessary for archiving purposes in the public interest, or scientific and historical research purposes or statistical purposes.
Sharing your personal data
Your data will not be shared outside of the Methodist Church, except where required to do so by law, or with trusted third parties where necessary to communicate with our members, office holders and volunteers (such as mailing companies for postal communications or through small email campaigns or newsletters), and only once satisfied that any such use of data will accord with this policy. Explicit, informed consent will be sought from individuals whenever and wherever required in accordance with data protection legislation.
Security
We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the data we process. Users of our web-based applications are responsible for keeping passwords confidential. We will only ask users for passwords for IT support purposes.
How long do we keep your personal data?
We keep data in accordance with the guidance set out in the Connexional Team Retention Schedules, which incorporates statutory retention periods. The Schedules can be viewed at www.methodist.org.uk/dataprotection
We regularly review the data we hold and securely delete any personal data that is no longer necessary for us to process
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: -
The right to request a copy of your personal data which the Methodist Council holds about you;
The right to request that the Methodist Council corrects any personal data if it is found to be inaccurate or out of date;
The right to request your personal data is erased where it is no longer necessary for the Methodist Council to retain such data. (Records will remain in skeleton, to ensure no further contact in future);
The right to withdraw your consent to the processing at any time
The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable) [Only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means].
The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
The right to object to the processing of personal data, (where applicable) [Only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics]
The right to lodge a complaint with the Information Commissioners Office
9. Further Processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
10.Contact Details
To exercise all relevant rights, queries of complaints please in the first instance contact the Data Protection Officer at dataprotection@methodistchurch.org.uk or Data Protection, Methodist Church House, 25 Marylebone Road, London, NW1 5JR.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
[1] Article 9 GDPR defines sensitive data as information about an individual’s race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health, sex life, or sexual orientation