Updated January 2020
The Coventry Diocesan Board of Finance Limited (“we”, “us”, “our”) are committed to protecting and respecting your privacy. For the purposes of data protection legislation, we are the data controller and we will process your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 and national laws which relate to the processing of personal data. Please read the GDPR Classification: Confidential following carefully to understand our views and practices regarding your personal data and how we will treat it.
2. VISITORS TO OUR WEBSITE
2.1 We may collect and process personal data about you in the following circumstances:
2.1.1 when you complete forms on our website (“Site”). This includes subscribing to our e-bulletin;
2.1.2 whenever you provide information to us when reporting a problem with our Site, making a complaint, making an enquiry or contacting us for any other reason. If you contact us, we may keep a record of that correspondence;
2.1.3 details of your visits to our Site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise, and the resources that you access; and
2.1.4 whenever you disclose your information to us, or we collect information from you in any other way, through our Site.
2.2 We may use your personal data for our legitimate interests in order to:
2.2.1 provide you with information or services that you requested from us;
2.2.2 allow you to participate in interactive features of our Site, when you choose to do so;
2.2.3 ensure that content from our Site is presented in the most effective manner for you and for your device;
2.2.4 improve our Site and services; and
2.2.5 process and deal with any complaints or enquiries made by you.
Our Site may, from time to time, contain links to and from the websites of third parties. Please note that if you follow a link to any of these websites, such websites will apply different terms to the collection and privacy of your personal data and we do not accept any responsibility or liability for these policies. When you leave our Site, we encourage you to read the privacy notice/policy of every website you visit.
3. OTHER PERSONAL DATA WE COLLECT
3.1 We also collect personal data in relation to:
3.1.1 volunteers; (including CDBF or Parish; Committee Members, Synod Members; Safeguarding and trustees)
3.1.1 suppliers; (including contractors; surveyors; letting Agents; architects)
3.1.4 members of Diocesan Advisory Committee
3.1.5 individuals who sign up to our e-bulletin or indicate they would like to receive other marketing information from us;
3.1.7 parish officers and contacts;
3.1.9 members of the public involved in diocese activities; and
The personal data we collect will include information such as names, contact details, bank details (where we need to pay you), and where relevant employment related records, and information such as gender, age, date of birth, marital status nationality, religious affiliation, health, sexual orientation, racial and ethnic origin, financial status, criminal record and disability. GDPR Classification: Confidential
4. HOW WE WILL USE PERSONAL DATA
4.1 We will collect personal data via email, in person, via our Site or by hard copy forms. Personal data collected will be used for the following reasons:
4.1.1 so we can contact you;
4.1.2 to enable us to provide a voluntary service for the benefit of the public within the Diocese of Coventry;
4.1.3 to support the recruitment process for clergy;
4.1.4 to support the recruitment and selection process of candidates for ordained ministry and other accredited ministry including Readers;
4.1.5 to administer records of clergy, other accredited ministers including Readers, candidates for ordained ministry, candidates for accredited ministry including Reader candidates, youth, children and family workers, DCC & PCC officers and various diocesan committees (including records of mandatory training with regard to safeguarding and any other records required to be kept by law);
4.1.6 to carry out safeguarding procedures in accordance with best practice with the aim of ensuring that all children and adults-at-risk are provided with safe environments (please refer to our Safeguarding Privacy Notice);
4.1.7 to process a grant or application for a role;
4.1.8 to fundraise and promote the interests of the diocese;
4.1.9 to manage our employees and volunteers;
4.1.10 to maintain our own accounts and records including our CMS system;
4.1.11 to pay for goods and/or services provided to the diocese;
4.1.12 to enable a better understanding and reporting. For example for the purposes of equal opportunities monitoring or for offering figures for national statistics.
4.1.13 to inform you of news, events, activities and services running within the diocese and elsewhere
4.1.14 for the purpose of administering meetings and events and keeping internal records;
4.1.15 to keep you informed of diocesan information that we believe is relevant to your role or your involvement in the diocese.
5.1 In addition to the uses described elsewhere in this policy, we may use your personal data for our legitimate interests in order to provide you with details about our services, notices and information about forthcoming events which we think may be of interest.
5.2 You have the right to opt-out of receiving the information detailed in section 5.1 at any time. To
opt-out of receiving such information you can:
5.2.1 click the unsubscribe button contained in any such communication received;
5.2.2 email us at email@example.com or call 02476 521346 providing us with your name and contact details; or
5.2.3 where you have signed up to receive out e-bulletin, complete the online form to amend your ebulletin settings on our Site at http://www.dioceseofcoventry.org/ebulletin/change_settings.
6. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
6.1 Your personal data will be treated as strictly confidential and will only be shared within the Diocese of Coventry and to third parties for our legitimate interests as follows:
6.1.1 to our affiliated entities, such as the Bishop’s Office, to support internal administration;
6.1.2 National Church Institutions to undertake their arrangements under the National Institutions Measure 1998 for legal and administrative purposes;
6.1.3 Crockford’s Clerical Directory to ensure the database of Anglican Clergy is up to date for administration purposes; GDPR Classification: Confidential
6.1.4 Theological Education Institutions (TEIs) and other theological training providers.
6.1.5 IT software providers that host our Site and store data on our behalf;
6.1.6 Worthers Contact Management System database for the purpose of furthering the mission and ministry of the Church of England;
6.1.7 Marketing organisations that assist us in the distribution of marketing correspondence (including the publisher of the Diocesan Directory and Year Book);
6.1.8 Appointed advisers including clergy counsellors, therapists, occupational health, coaches and mentors;
6.1.9 Contractors, surveyors, letting agents, glebe agents and architects for service provision, legal and contractual purposes;
6.1.10 professional advisers including consultants, lawyers, bankers and insurers who provide us with consultancy, banking, legal, insurance, payroll bureaus and accounting services; and
6.1.1 HM Revenue and Customs, regulators and other authorities who require reporting of processing activities in certain circumstances.
6.2 We may disclose personal data to the police, regulatory bodies, legal advisors or similar third parties where we are under a legal duty to disclose or share personal data in order to comply with any legal obligation, or in order to enforce or apply our Site terms and conditions and other agreements, for safeguarding reasons, or to protect our rights, property, or safety of those involved with the Diocese, or others.
6.3 We will not sell or distribute personal data to other organisations without your approval.
7. LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
7.1 We will only use your personal data where the law allows us to. Most commonly, we will use your personal data in the following circumstances:
7.1.1 with your consent;
7.1.2 for performance of a contract we enter into with you;
7.1.3 where necessary for compliance with a legal or regulatory obligation we are subject to;
7.1.4 to protect the vital interests of others;
7.1.5 in the course of our legitimate activities as a not-for-profit body with a religious aim; and
7.1.6 for our legitimate interests or for the legitimate interests of a third party (such as another organisation in the Church of England), where your interests and fundamental rights do not override these interests as described in this policy.
8. CROSS-BORDER DATA TRANSFERS
We may share your personal data with third parties who process your data in the U.S. These organisations have signed up to the EU-US Privacy Shield to ensure the security of your personal data.
9. DATA SECURITY
9.1 Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
9.2 Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted to our Site; any transmission is at your own risk.
9.3 Information you provide to us is shared on our secure servers. We have implemented appropriate physical, technical and organisational measures designed to secure your information against accidental loss and unauthorised access, use, alteration or disclosure. In addition, we limit access to GDPR Classification: Confidential personal data to those employees, agents, contractors and other third parties that have a legitimate business need for such access.
10. RETENTION OF PERSONAL DATA
10.1 We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements
10.2 To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
10.3 Details of retention periods for different aspects of your personal data are available upon
request by contacting us on firstname.lastname@example.org.
11. ACCESS TO, UPDATING, DELETING AND RESTRICTING USE OF PERSONAL DATA
11.1 It is important that the personal data we hold about you is accurate and current. Please keep us
informed if the personal data we hold about you changes.
11.2 Data protection legislation gives you the right to object to the processing of your personal data in certain circumstances or withdraw your consent to the processing of your personal data where this has been provided. You also have the right to access information held about you and for this to be provided in an intelligible form. If you would like a copy of some or all of your personal information, please send an email to our Data Protection Officer on the contact details below. In certain circumstances we reserve the right to charge a reasonable fee to comply with your request.
11.3 You can also ask us to undertake the following:
11.3.1 update or amend your personal data if you feel this is inaccurate;
11.3.2 remove your personal data from our database entirely;
11.3.3 send you copies of your personal data in a commonly used format and transfer your information to another entity; or
11.3.4 restrict the use of your personal data.
11.4 We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal data that we hold about you or make your requested changes. Data protection legislation may allow or require us to refuse to provide you with access to some or all the personal data that we hold about you or to comply with any requests made in accordance with your rights referred to above. If we cannot provide you with access to your personal data, or process any other request we receive, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
11.5 Please send any requests relating to the above to our Data Protection Officer whose details are set out below specifying your name and the action you would like us to undertake.
12. RIGHT TO WITHDRAW CONSENT
Where you have provided your consent to the collection, processing and transfer of your personal data, you have the legal right to withdraw your consent under certain circumstances. To withdraw your consent, please contact our Data Protection Officer whose details are set out below. GDPR Classification: Confidential
14. CONTACT US
Diocese of Coventry
Cathedral and Diocesan Office
1 Hill Top, Coventry
This is in addition to your right to contact the Information Commissioners Office if you are unsatisfied
with our response to any issues you raise at https://ico.org.uk/global/contact-us/
Last updated: January 2020.