Privacy Notice

Privacy Notice for the Parochial Church Council (PCC) of Christ Our Hope Liverpool

Please see Section 13 onwards for a supplementary Privacy Notice relating to data which is collected if you make a Confidential Declaration as part of an application for an employed or volunteer role.

Last amended 8th April 2024 (v1.1).

1. What is personal data?

Personal data allows a living individual to be identified from that data. Identification can be by the information alone or alongside any other information that the data controller possesses or likely to possess in future. The processing of personal data is governed by the General Data Protection Regulation (GDPR).

2. What is the role of the PCC?

The Parochial Church Council (PCC) of Christ Our Hope Liverpool is the data controller. This means we are legally responsible for deciding how your personal data is processed and for what purposes.

3. How do we process your personal data?

We comply with our obligations under GDPR by keeping personal data up to date, by storing and destroying it securely, by not collecting or retaining excessive amounts of data, by protecting personal data from loss, misuse, unauthorised access and disclosure, and by ensuring that appropriate technical measures are in place to protect it.

4. Why do we process your personal data?

We use your personal data for the following purposes:

· To enable us to provide a service for the benefit of the public in our local area, which includes baptisms, weddings and funerals as well as other events.

· To administer membership records.

· To manage our employees and volunteers.

· To maintain accounts and records in compliance with our obligations as a Church of England parish.

· To raise funds and promote the interests of Christ Our Hope Liverpool.

· To inform you about news, events, activities and services running in the parish and the local area.

· To share your contact details with the Diocese of Liverpool so they can comply with their legal obligations and to keep you informed about news in the diocese and events, activities and services that will be occurring in the diocese and in which you may be interested.

· Some services and events may be recorded or livestreamed, to enable other people to participate remotely. You will be informed at the time if this is the case, so you will be aware if you may be being filmed or recorded.

· Some church premises may have CCTV or surveillance systems to help maintain safety for staff, visitors and other people, and to protect against vandalism or

other crimes. Any CCTV or surveillance systems will be clearly signposted in each location, with contact details in case of questions.

5. What is the lawful basis for processing your personal data?

The GDPR legislation provides different legal bases for processing personal data. We use the following:

· Legitimate interest, where we need the data to fulfil your request for a service or to make it easier to fulfil future requests.

· Legal obligation and public task, where processing is necessary for carrying out legal obligations in relation to Gift Aid or under employment, social security or social protection law, or Church of England record keeping regulations.

· Your consent where we wish to keep you informed about news, events, activities and services or where you want us to share your contact details with other people.

6. Special Category data

The data we collect may reveal your religious beliefs, for instance through records of your attendance at church activities or an application for baptism. It may also reveal health status or disabilities, for instance through notifying group leaders of

accessibility requirements or children’s allergies, or via requests for prayer.

7. Who do we collect data from

We primarily collect data from you (or from a family member on your behalf).

8. Sharing your personal data

Your personal data will be treated in strict confidence and will only be shared with other members of the parish so we can carry out the purposes above.

The only data shared with the general public is your name, if you are on the church electoral roll. It is an automatic legal consequence as stated in the CRR, (Part I Formation of the Roll 1(8) and Revision of Roll and Preparation of New Roll 2(1), 2(3) and 2(7)) that your name will be published, and by submitting your application form you are making that data public.

Some data may occasionally be visible to third parties in strictly controlled circumstances:

· Software support teams when they are requested to fix technical issues in applications that store personal data.

· The Diocese of Liverpool for oversight of financial, regulatory, legal and safeguarding processes, to assist with setting up processes and systems, and for wider communications and correspondence.

All of these parties have their own privacy and security policies. Data will not be shared outside of the UK/EAA without safeguards in place.

Data may be shared with other parties for safeguarding purposes if you apply for a role that requires a Confidential Declaration – please see Section 13 onwards for more details.

If we wish to share your data with third parties other than these, we will request your consent.

9. How long do we keep your personal data?

We keep data in accordance with the guidance set out in the guide “Keep or Bin: Care of Your Parish Records” which is available from the Church of England website.

10. Your legal rights and complaints

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

· You can request a copy of all the personal data which we hold about you.

· You can request that we correct any personal data if it is inaccurate or out of date.

· You can request that we erase your personal data where it is no longer necessary for us to retain such data.

· Where there is a dispute in relation to the accuracy or processing of your personal data, you can request a restriction is placed on further processing.

· You can withdraw your consent at any time (this only affects data processed under the basis of consent).

· You can lodge a complaint with us or with the Information Commissioner’s Office.

11. Further processing

If we wish to use your personal data for a new purpose that is not covered by this Data Privacy Policy, we will publish a new policy explaining this new use before starting the processing to explain the relevant purposes and processing conditions. Wherever necessary, we will seek your prior consent to the new processing.

12. Contact Details

If you wish to exercise your legal rights, or raise a query or complaint, please contact the Data Protection Lead at dataprotection@cohl.org.uk.

You can also contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

13. Confidential Declaration Privacy Notice for the Parochial Church Council (PCC) of Christ Our Hope Liverpool

This Privacy Notice supplements the main Privacy Notice above. It explains how the information you supply in your Safer Recruitment Confidential Declaration is used and your rights with respect to that data as required by the UK GDPR and the Data Protection Act 2018, (the “DPA 2018”).

Last amended 8th April 2024.

14. Why we collect and use your personal data

The overall purpose of the Confidential Declaration Form is to ensure that we take all reasonable steps to prevent those who might harm children, young people and/or

vulnerable adults from taking up positions where they have substantial contact with children, young people and/or vulnerable adults in accordance with the Safer Recruitment and People Management Guidance (2021).

We use your data for the following purposes:

· Appointing individuals to positions that have substantial contact with children, young people and/or vulnerable adults.

· For the Diocesan Safeguarding Adviser to conduct a risk assessment where an applicant discloses information on the form.

· To collect information about members of your household aged 16 and over (cf. Qs.6 & 7) if your role is deemed “home-based” as defined by the DBS1.

· To undertake criminal records checks both in the United Kingdom and in non- UK countries where applicable.

15. The categories of personal data we collect

The information we process for these purposes is:

1 https://www.gov.uk/government/publications/dbs-home-based-positions-guide/home-based- position-definition-and-guidance

16. The lawful basis for using your information

We collect and use personal data under the following lawful bases:

Personal data

· Consent (Article 6(1)(a)). You have consented to the transfer of your data to a non-UK country when applicable in order for us to undertake an overseas criminal records check.

· Legal obligation (Article 6(1)(c)). We are required by law to undertake the confidential declaration process in accordance with:

o Section 5A(3) and (4) of the Safeguarding and Clergy Discipline Measure 2016 as inserted by:

o Safeguarding (Code of Practice) Measure 2021 (also see Safer Recruitment and People Management Guidance – Section 5 – Confidential Declarations – Requirements).

Special categories and criminal information

· Explicit Consent (Article 9(2)(a)). You have consented to the transfer of your data to a non-UK country when applicable in order for us to undertake an overseas criminal records check.

· Substantial public interest (Article 9(2)(g) and Schedule 1, Part 2, paragraphs 10, 11 and 18 of the DPA 2018). It is necessary for reasons of substantial public interest in order to prevent or detect unlawful acts and protect members of the public from harm, including dishonesty, malpractice and other seriously improper conduct or for the purposes of safeguarding children, young people and vulnerable adults.

17. Who we collect from or share your information with:

We collect your information from (where applicable or relevant):

· You

· Police

· Social Services in Local Authorities

· Current and previous employer/voluntary organisation

· Disclosure and Barring Service (UK)

· Criminal records organisations (non-UK)

Your personal data will be treated as strictly confidential and will only be shared with those involved in the recruitment/appointment process and, where appropriate, the Diocesan Safeguarding Adviser.

It may be shared outside the Church for the prevention or detection of an unlawful act; to protect members of the public from harm or safeguarding purposes with:

· Police

· Social Services in Local Authorities

· Statutory or regulatory agencies in the UK and in other countries (e.g. the Disclosure and Barring Service)

18. Your personal data may be sent to countries outside the UK

Your data may be transferred out of the UK in order for us to undertake overseas criminal records checks where the recipient organisation is located in a third country or territory where applicable. This transfer is protected by UK adequacy arrangements, or, where necessary, your consent.

19. How long do we keep your information?

We keep your personal data, if your application is successful, for no longer than reasonably necessary for the periods and purposes as set out in the retention table in the guide “Records Management Toolkit: Safeguarding Records Retention”, which is available from the Church of England website.

If your application is not successful, your data will be held for 6 months after the recruitment process ends, and then destroyed.

20. Your legal rights and complaints

Unless subject to an exemption under the GDPR or DPA 2018, you have the following rights with respect to your personal data:

· The right to be informed about any data we hold about you

· The right to request a copy of your personal data which we hold about you

· The right to request that we correct any personal data if it is found to be inaccurate or out of date

· The right to request your personal data is erased where it is no longer necessary for us to retain such data

· The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing

· The right to object to the processing of your personal data

21. Contact Details

If you wish to exercise your legal rights, or raise a query or complaint, please contact the Data Protection Lead at dataprotection@cohl.org.uk.

You can also contact the Diocesan Safeguarding Team, whose contact details can be found at https://www.liverpool.anglican.org/making-it-easier-parishes/safeguarding- matters/.

Cookies On Our Site

This site uses cookies to store information on your computer.

Some cookies on this site are essential, and the site won’t work as expected without them. These cookies are set when you submit a form, login or interact with the site by doing something that goes beyond clicking on simple links.

We also use some non-essential cookies to anonymously track visitors or enhance your experience of the site. If you’re not happy with this, we won’t set these cookies but some nice features of the site may be unavailable.