Data Protection

DATA PRIVACY POLICY

First Church of Christ, Scientist, Richmond

35 Sheen Road, Richmond upon Thames, London  TW9 1AD


Reviewed and adopted by the Board, the Data Controller, annually.  

Last reviewed May 2021.

The processing of personal data (including use) is governed by the General Data Protection Regulation (the “GDPR”. This is an EU Regulation soon to be replaced in the UK by a new Data Protection Act (DPA). Personal data relates to a living individual who can be identified from it (the ‘data subject’.)

Consent and legitimate interests

The church considers it has legitimate interests in holding the personal data of present and former members, Sunday school pupils and their parent/guardians, volunteers, regular visitors, suppliers, customers, employees and contractors, so consent is not required from these individuals. 

It is our policy that consent should be sought from non-members whose personal data is held by the church in order to keep them informed about activities such as lectures, services, meetings and Reading Room activities.

Use of personal data

Personal data is used:

• to administer membership records;

• to manage the church’s activities, suppliers, customers, contractors and volunteers;

• to maintain financial records (including the processing of gift aid applications);

• to inform people in the community of events and activities of the church and of related activities in the Christian Science movement and to respond to inquirers;

• generally, to promote the interests of the church.

If the church wishes to use personal data for a purpose not covered by this Data privacy policy, a new notice will be issued explaining the use and setting out the purposes and processing conditions and seeking the data subject’s consent.

Data protection

The church complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure; and by ensuring that appropriate technical measures are in place to protect personal data. 

All personal data is treated as strictly confidential and is only shared with other members of the church (or its volunteers, regular visitors or suppliers) in order to carry out a service to other members (or its volunteers, regular visitors or suppliers) or for purposes connected with its activities. It will not be shared with third parties except with the data subject’s consent; it will not be sold.

Data retention

Membership information, Sunday School records, and information related to Safeguarding will be retained for at least 50 years. Non-members’ data held with consent will be retained while it is still current or until consent is withdrawn. Consent will be confirmed every 5 years. Gift aid declarations and associated paperwork will be retained for 7 years after the tax year to which they relate. Other financial records will be retained for 6 years after the transaction they relate to.

Data subjects’ rights

Data subjects have the right:

• to request a copy of any personal data which the church holds about them; 

• to request the church to correct any personal data that is inaccurate or out of date;  

• to request that personal data be erased if it is no longer necessary for the church to retain it;

• to withdraw consent to the processing at any time;

• to request the data controller to provide them with their personal data and, if they wish, send it to another data controller;

• if there is a dispute about the accuracy or processing of personal data, to request a restriction be placed on further processing;

• to object to the processing of personal data;

• to lodge a complaint with the Information Commissioner’s Office; see the website at www.ico.org.uk .