Data Protection Policy
The PCC is governed by the Church Representation Rules 2020 (“the Rules”). It is charged with carrying forward the whole mission of the church in the Parish.
This policy conforms to the General Data Protection Regulation 2018. GDPR covers personal data only.
1. Confidential data
The Incumbent, the Safeguarding Officer, the Parish Administrator, licensed and authorised Ministers and members of the Pastoral Team approved by the PCC hold personal data beyond contact details. Such data is held under lock and key or on computers where the machine and/or the files are password protected.
1a. Pastoral records will be made with the consent of those receiving pastoral visits or phone calls, or exceptionally without consent in order to help detect or prevent a crime or for safeguarding reasons to protect vulnerable people. Records are kept centrally in the Parish Office and should be deleted from local records within 6 months.
Except where there is a safeguarding concern, such data kept in the Parish Office should be held for 6 months after it is no longer needed, such as after a particular activity has ended, and then deleted. Where there is a safeguarding concern, data should be kept indefinitely, or until 6 months after the concern has been resolved and the data is held elsewhere, such as with the Diocesan Safeguarding team.
1b. Cash donations. The Treasurer and Assistant Treasurer have access to the amount of cash contribution, that attracts Gift Aid, paid by each individual (“data subject”). This data is protected as detailed above.
2. Other Personal Data
2a. Electoral Roll
This document lists those eligible to vote at general meetings of the church, and is available for inspection. The Rules do not require entry of any data other than names, and the inspection copy shows names only.
2b. Membership Lists
As an extension to the Roll, the Electoral Roll Officer also maintains membership details which add extra data for each entry:
Telephone Number; and
From the 2019 revision of the list only the names will be published. Members will be asked to provide address and telephone data; they will be asked for express consent to retention of email address.
All details will be available to:
• The Standing Committee
• The Electoral Roll Officer
• The Parish Administrator
Members will also be asked if each type of detail can be made available to:
• leaders of groups to which the member belongs (e.g. Servers, Ringers);
• other members of those groups
Leaders of groups must ensure that they keep all personal details secure, up to date and relevant.
2c. Messy Church
Those attending Messy Church are asked to provide contact details including email addresses each time they attend. Details not found on a register in the previous 18 months will be deleted, starting from 1 April 2020.
2d. Occasional Offices
From October 2018 marriage couples, baptism families and funeral families will be asked for express consent to the retention of data to allow them to be sent cards or invitations. Details will be deleted 3 years after the service.
Documentation required for legal identification purposes will be retained, under lock and key, for the minimum time required by law or regulations and then be destroyed.
3. Controller for St Andrews parish church
The data controller for parish administration is the Parochial Church Council.
The data controller for data processed in relation to pastoral care is the Incumbent.
As Chair of the PCC, in practice the Incumbent fulfils both roles.
4. Review of policy
This policy will be reviewed every two years.
Date Policy approved by PCC: 20.11.2018
Date of latest review by PCC: 04.05.2021
Date next review due: Nov 2022