First Church of Christ, Scientist, Richmond
35 Sheen Road, Richmond upon Thames, London TW9 1AD
Reviewed and adopted by the Board, the Data Controller, annually.
Last reviewed August 2018.
The processing of personal data (including use) is governed by the General Data Protection Regulation (the “GDPR”. This is an EU Regulation soon to be replaced in the UK by a new Data Protection Act (DPA). Personal data relates to a living individual who can be identified from it (the ‘data subject’.)
Consent and legitimate interests
The church considers it has legitimate interests in holding the personal data of present and former members, Sunday school pupils and their parent/guardians, volunteers, regular visitors, suppliers, customers, employees and contractors, so consent is not required from these individuals.
It is our policy that consent should be sought from non-members whose personal data is held by the church in order to keep them informed about activities such as lectures, services, meetings and Reading Room activities.
Use of personal data
Personal data is used:
• to administer membership records;
• to manage the church’s activities, suppliers, customers, contractors and volunteers;
• to maintain financial records (including the processing of gift aid applications);
• to inform people in the community of events and activities of the church and of related activities in the Christian Science movement and to respond to inquirers;
• generally, to promote the interests of the church.
The church complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure; and by ensuring that appropriate technical measures are in place to protect personal data.
All personal data is treated as strictly confidential and is only shared with other members of the church (or its volunteers, regular visitors or suppliers) in order to carry out a service to other members (or its volunteers, regular visitors or suppliers) or for purposes connected with its activities. It will not be shared with third parties except with the data subject’s consent; it will not be sold.
Membership information, Sunday School records, and information related to Safeguarding will be retained for at least 50 years. Non-members’ data held with consent will be retained while it is still current or until consent is withdrawn. Consent will be confirmed every 5 years. Gift aid declarations and associated paperwork will be retained for 7 years after the tax year to which they relate. Other financial records will be retained for 6 years after the transaction they relate to.
Data subjects’ rights
Data subjects have the right:
• to request a copy of any personal data which the church holds about them;
• to request the church to correct any personal data that is inaccurate or out of date;
• to request that personal data be erased if it is no longer necessary for the church to retain it;
• to withdraw consent to the processing at any time;
• to request the data controller to provide them with their personal data and, if they wish, send it to another data controller;
• if there is a dispute about the accuracy or processing of personal data, to request a restriction be placed on further processing;
• to object to the processing of personal data;
• to lodge a complaint with the Information Commissioner’s Office; see the website at www.ico.org.uk .