ST ANDREWS, TAUNTON, PCC
Data Protection Policy
Adopted by the Parochial Church Council
on 20 November 2018
The PCC is governed by the Church Representation Rules (“the Rules”). It is charged with carrying forward the whole mission of the church in the Parish.
This policy conforms to the General Data Protection Regulation 2018. GDPR covers personal data only.
1. Confidential data
Only the Incumbent and the Safeguarding Officer hold personal data beyond contact details. Such data is held under lock and key or on computers where the machine and/or the files are password protected.
The Treasurer and Assistant Treasurer have access to the amount of Cash contributions paid by each individual (“data subject”), which attracts Gift Aid. This data is held under lock and key or on computers where the machine and/or the files are password protected.
2. Other Personal Data
2a. Electoral Roll
This document lists those eligible to vote at general meetings of the church, and is available for inspection. The Rules do not require entry of any data other than names.
2b. Membership Lists
As an extension to the list, the Electoral Roll Officer also maintains membership details which add extra data for each entry:
Telephone Number; and
From the 2019 revision of the list only the names will be published. Members will be asked to provide the address and telephone data. They will be asked to agree to retention of email address.
All details will be available to:
The Standing Committee
The Electoral Roll Officer
The Parish Administrator
Members will also be asked if each type of detail can be
made available to:
other members of those groups
Leaders of groups must ensure that they keep all personal details secure, up to date and relevant.
2c. Messy Church
Those attending Messy Church are asked to provide contact details including email addresses each time they attend. Details not found on a register in the previous 18 months will be deleted as from 1 April 2020.
2d. Occasional Offices
From October 2018 marriage couples, baptism families and funeral families will be asked for express consent to the retention of data to allow them to be sent cards or invitations. Details will be deleted 3 years after the service.
Documentation required for legal identification purposes will be retained, under lock and key, for the minimum time required by law or regulations and then be destroyed.
The controller for St Andrews parish church is the Parochial Church Council.
4. Review of policy
This policy will be reviewed in spring 2020, then every two years.