OUR DATA PRIVACY PRINCIPLES
- We will respect your personal data
- We will store it securely.
- We will process the minimum data about you in order to:
- support you appropriately in your work
- enable us to work with you in providing a voluntary service as specified in our charitable constitution.
- inform you of relevant news, events, training or services run by us or other similar organisations.
- create and maintain anonymised numbers and stories of our work for learning, monitoring, promotion and fundraising that may be shared via a website and social media.
- use your image, name and stories about you in publicity and reports, if you give your consen
- We will only share your data with people outside of ourselves where:
- This is needed to prevent harm to yourself or others (e.g. the Police, Social Services, NHS services)
- Enquirers are making a reasonable enquiry about specific workplace chaplaincy provision – normally this will only happen with your specific permission
- We will delete/rectify/restrict processing it when you ask us to, unless we need to retain information for safeguarding/legal purpose
- In order to process your data legally we may need to ask you to complete a consent form, and return it to us.
- You can request us to stop processing your data at any time but there are some circumstances when this will not be possible (i.e. for safeguarding/legal reasons
- Personal data
Personal data is information that relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by The General Data Protection Regulation 2016/679 (the “GDPR”).
- Data Controller
CIGB is a Data Controller: we decide what data to process and for what purposes. Data processing is the handling of any data: this includes storing, sharing, viewing, deleting, changing, manipulating that data.
- Special Category Data
Data that relates to certain characteristics – like faith, race, political opinions, medical information – requires specific conditions for processing
WHAT DATA DO WE PROCESS, SHARE, HOW AND WHY?
- We may process within ourselves the following data about you:
Your name and contact details (address, phone, email etc)
- Your date of birth
- Your church / faith affiliation
- Your ethnic background
- Your photograph and photographs, videos, recordings including you
- Health issues that you declare to us
- Your DBS status, and any results following a DBS check
- Your next of kin
- Minutes of meetings, phonecalls and email conversations involving you
- Pastoral notes about your situation
- We will keep personal data up to date; store and destroy it securely; protect personal data from loss, misuse, unauthorised access and disclosure, and ensure that appropriate technical measures are in place to protect personal data. We will not collect or retain excessive amounts of data.
- We will carefully process personal data in order to:
- enable us to provide a voluntary service for the benefit of our members and the general public as specified in our charitable constitution.
- support people appropriately in their work, places of education and their homes
- administer records, organise events, meetings and training
- fundraise and promote the interests of the charity
- manage our staff and volunteers
- maintain financial records and provide insurance covers
- inform individuals about news, events, activities and services
- create and maintain anonymised numbers and stories of our work for learning, monitoring, promotion and fundraising that may be shared via a website and social media. Personal data will not be revealed outside of CIGB through this.
- We will treat personal data as strictly confidential. We will only share personal data with other workplace chaplaincy organisations and churches, and normally with your consent. We will share data when there is a perceived need to prevent serious harm to yourself or others, with other agencies – eg police, health practitioners, social services etc.
- We will retain data for no longer than necessary. In normal circumstances most data will be safely destroyed two years after last contact with a data subject. In the case of an employee or former volunteer, most data will destroyed seven years after last engagement with that individual. If there has been a safeguarding concern or enquiry about an individual, We may be required to keep relevant data for seventy-five years. Notes of committee meetings may be archived indefinitely for future reference.
- We may process data in this way on the following legal grounds
- By consent – when data subjects have completed a Consent Form.
- In the case of employees acting on behalf of ourselves, processing of certain data is necessary for the performance of a contract
- In order to responding to requests from relevant authorities (eg Police, Safeguarding, Insurance), processing is necessary for compliance with a legal obligation
- In responding to first enquiries to ourselves or in providing pastoral support for members of the public, processing is necessary for the legitimate interests of our purposes (except where such interests are overridden by the interests, rights or freedoms of the data subject).
- In order to process membership records processing may be carried out by ourselves (“as a not-for-profit body with a political, philosophical, religious or trade union aims”) provided that the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes); and there is no disclosure to a third party without consent.
- Right to access your personal data
You have a right to see the data we hold for you. You can request this by a ‘Data Subject Access Request’. We will respond to your request within 30 calendar days. There will be no charge to you for this.
- Right to rectification
You have the right for inaccurate or incomplete data to be corrected within one month, although this can be extended to two months if the request is extremely complicated. If the data has been shared with third parties, we will inform them of the rectification.
- Right to withdraw consent to process data
You are able to request a withdrawal of consent to process your data at any time. To do this, please contact us in writing. Since we may process some data on legal grounds other than consent (eg safeguarding, charity membership), we may continue to process such data under these grounds.
- The right to request your personal data is erased where it is no longer necessary for us retain such data
You can ask us to erase your data when it is no longer necessary for us to retain it. Our retention policy for data is also controlled by other legal obligations – such as employment, financial, charity laws and safeguarding guidance.
- The right to restrict processing.
You can ask us to do no further processing of your data, where there is a dispute in relation to the accuracy or processing of your personal data. If processing is restricted, we can still store the data but cannot otherwise use the data.
- The right to object to the processing of personal data
Where we use your data to contact you to promote events, etc or when we take legitimate pastoral notes of our encounters with you in furtherance of our charitable objectives, you can ask us to stop doing so.
- In wanting to exercise your rights above, please contact us in writing: CIGB, 1 Colmore Row, Birmingham B3 2BJ
- You also have the right to lodge a complaint with the Information Commissioners Office if you think we have unfairly infringed your rights, have already made a complaint to ourselves and you are not satisfied with the response: You can contact the Information Commissioners Office at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF (0303 123 1113; www.ico.org.uk)