Privacy Statement

In our five churches and in the parish office we use personal data about individuals for the purpose of general church administration and communication.  We recognise the importance of the correct and lawful treatment of personal data.  All personal data, whether it is held on paper, on computer or other media, will be subject to the appropriate legal safeguards as specified in the Data Protection Act 2018.  Our current practice is in line with GDPR.

Our commitments

Personal data about individuals will be:

• Processed fairly and lawfully
• Obtained for and used only for specified lawful purposes
• Relevant to the need and not excessive
• Kept only for as long as necessary
• Be accurate and kept up to date (as far as it lies within our power)
• Processed in accordance with the rights of the individual
• Kept secure
• Never shared with, or transferred to, other organisations 

Scope of the data

Records covered by this policy include:

• Recruitment and employment records
• Membership og groups (including lists of specific groups such as homegroups, Junior Church, etc.)
• Gift aid and financial information
• DBS (Disclosure and Barring Scheme) records

Photographic images

We will seek to obtain individual consent of both still and moving images of individuals, but cannot guarantee the same level of security for crowd shots.  All images will be used only for our own marketing and creative purposes, and will not be passed on to a third party without obtaining consent.  Please let the parish administrator know if you would prefer images of yourself not to be used in this way. 

Data access and retention

Data will be stored both in paper form and electronically.  Sensitive papers are kept secure and destroyed when no longer needed.  Electronic data is kept on secure, password protected systems and is destroyed when no longer needed. 

Personal data may only be accessed by authorised individual as following:

• Employment records — Rector, Administrator and Financial team
• Gift aid and financial information — Parish treasurers, anyone employed to help with finances, auditors.
• DBS records — Rector and Parish Safeguarding Officer
• Group memberships (including names, addresses and phone numbers) — There will be a copy in the parish office and a copy of the church membership list at each local church.  Members of the Staff Team may hold a copy. In addition group leaders will hold copies of the relevant names (home groups, pastoral teams, music groups, Junior Church, etc.)
• Electoral roll — Electoral Roll Officer

Personal data will always be managed and transferred in a responsible and considered way. 

Data sharing

Members of the parish electoral roll who need to contact another member may obtain the details by asking the administrator.  Those who wish to opt out of their details being given out in this way should inform the administrator.

No names, addresses or phone numbers, or email addresses, will be given to anybody who is not a member of one of the five churches. Any data provided may only be used for direct communication with other church members and may not under no circumstances be shared with third parties.

Right of access

Anyone who wishes to see what information is held about them has the right to access the personal data held.  Any person wishing to exercise this right should make the request in writing to the Parish Administrator, St Luke’s Church Centre, 61 Rigbourne Hill, Beccles, NR34 9JQ using the standard letter which is available online at www.ico.org.uk. 

We reserve the right to charge a maximum fee of £10.  All requests for access to personal information will be dealt with as quickly as possible and within 40 days of receipt unless there is a good reason for delay, in which case this will be explained in writing.