You are viewing this site in staging mode. Click in this bar to return to normal site.

Privacy Notice

What is personal data?

Personal data allows a living individual to be identified from that data.  Identification can be by the information alone or alongside any other information that the data controller possesses or likely to possess in future. The processing of personal data is governed by the General Data Protection Regulation (GDPR).

What is the role of the PCC?

The Parochial Church Council of Church St Helens is the data controller.  This means we decide how your personal data is processed and for what purposes.

How do we process your personal data?

We comply with our obligations under GDPR by keeping personal data up to date, by storing and destroying it securely, by not collecting or retaining excessive amounts of data, by protecting personal data from loss, misuse, unauthorised access and disclosure, and by ensuring that appropriate technical measures are in place to protect it.

We use your personal data for the following purposes:

  • To enable us to provide a service for the benefit of the public in our local area, which includes baptisms, weddings and funerals as well as other events.
  • To administer membership records.
  • To manage our employees and volunteers.
  • To maintain accounts and records in compliance with our obligations as a Church of England parish.
  • To raise funds and promote the interests of Church St Helens.
  • To inform you about news, events, activities and services running in the parish and the local area.

Where you may have substantial contact with children, young people and/or vulnerable adults through a position within the church, we use your data for the following purposes:

  • Appointing individuals to positions that have substantial contact with children, young people and/or vulnerable adults.
  • For the Lead Recruiter to conduct a risk assessment where you disclose information on the self-declaration form.
  • To collect information about members of your household aged 16 and over  if your role is deemed “home-based” as defined by the DBS.
  • To undertake criminal records checks both in the United Kingdom and in non-UK countries where applicable.

What is the legal basis for processing your personal data?

The GDPR legislation provides different legal bases for processing personal data.  We use the following:

  • Legitimate interest, where we need the data to fulfil your request for a service or to make it easier to fulfil future requests.
  • Legal obligation and public task, where processing is necessary for carrying out legal obligations in relation to Gift Aid or under employment, social security or social protection law, or Church of England record keeping regulations. 
  • For safeguarding, we are required by law to undertake the confidential declaration process in accordance with:
    • Section 5A(3) and (4) of the Safeguarding and Clergy Discipline Measure 2016 as inserted by:
    • Safeguarding (Code of Practice) Measure 2021 (also see Safer Recruitment and People Management Guidance – Section 5 – Confidential Declarations - Requirements).
  • Your consent where we wish to keep you informed about news, events, activities and services or where you want us to share your contact details with other people.

Who do we collect data from

We primarily collect data from you (or from a family member on your behalf).  For safeguarding purposes (where applicable or relevant), we may also collect data from:

  • Police
  • Social Services in Local Authorities
  • Current and previous employer/voluntary organisation
  • Disclosure & Barring Service (UK)
  • Criminal records organisations (non-UK)

Sharing your personal data

Your personal data will be treated in strict confidence and will only be shared with other members of the parish so we can carry out the purposes above.

Some data may occasionally be visible to third parties in strictly controlled circumstances:

  • Software support teams when they are requested to fix technical issues in applications that store personal data.
  • The Diocese of Liverpool for oversight of financial and safeguarding processes, and to assist with setting up processes and systems.  This includes (where appropriate) the Diocesan Safeguarding Adviser.

All of these parties have their own privacy and security policies and are restricted in their use of data by contracts with Church St Helens.

Your data may also be shared outside the Church for the prevention or detection of an unlawful act; to protect members of the public from harm or safeguarding purposes with:

  • Police
  • Social Services in Local Authorities
  • Statutory or regulatory agencies in the UK and in other countries (e.g. the Disclosure & Barring Service)

If we wish to share your data with third parties other than these, we will request your consent.

Countries outside of the UK

Where you are in a position relating to children and/or vulnerable adults and you have lived abroad, your data may be transferred out of the UK in order for us to undertake overseas criminal records checks where the recipient organisation is located in a third country or territory where applicable.  This transfer is protected by UK adequacy arrangements, or, where necessary, your consent.

How long do we keep your personal data?

We keep data in accordance with the guidance set out in the guide "Keep or Bin: Care of Your Parish Records" which is available from the Church of England website.

Specifically, we retain electoral roll data while it is still current; Gift Aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate; and parish registers (baptisms, marriages, funerals) permanently.  If you apply for a role which is subject to safer recruitment procedures and are not successful, your data will be held for 6 months after the recruitment process ends.

Your rights and your personal data 

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

  • You can request a copy of all the personal data which we hold about you.
  • You can request that we correct any personal data if it is inaccurate or out of date.
  • You can request that we erase your personal data where it is no longer necessary for us to retain such data.
  • Where there is a dispute in relation to the accuracy or processing of your personal data, you can request a restriction is placed on further processing.
  • You can withdraw your consent at any time (this only affects data processed under the basis of consent).
  • You can lodge a complaint with us or with the Information Commissioner's Office.

Further processing

If we wish to use your personal data for a new purpose that is not covered by this Data Privacy Policy, we will publish a new policy explaining this new use before starting the processing to explain the relevant purposes and processing conditions. Wherever necessary, we will seek your prior consent to the new processing.

Contact Details

If you have any queries or a complaint, please contact the Data Protection Officer at dataprotection@churchsthelens.org.

You can also contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.