DATA PROTECTION POLICY
1. POLICY
St George’s Venice and its Chaplaincy Council (CC) recognises its responsibility and is committed to a policy of protecting and preserving the confidentiality of personal data as required by European data protection legislation.
We retain and process information including personal data about congregation members, electoral roll members, and other regular users, supporters and contacts of the church in order to carry out the duties, functions and activities of the church. In line with legal requirements, personal data is collected and used fairly and lawfully, stored safely and securely, and is not disclosed to any third person except as provided for by law.
All personal data protected by law is covered by this Policy, irrespective of whether it is recorded in a paper file or on a computer. Personal data are all data that identify or can identify an individual directly or indirectly.
The lawful and correct treatment of personal data is regarded as very important to the successful operation of all St George’s Venice activities and to maintaining confidence with all individuals and organisations with whom the Church has contact. St George’s Venice fully endorses and adheres to applicable data protection legislation.
Specifically, legislation requires that personal data:
St George’s Venice will therefore, through appropriate management, strict application of criteria and controls:
2. RESPONSIBILITIES
All employees and volunteers processing personal data are appropriately informed to ensure that they are aware of their obligations. All enquiries about the handling of personal data will be dealt with promptly and courteously.
Staff members are responsible for ensuring that any personal data supplied to St George’s Venice is accurate and up to date. The Church Office should be informed in a timely manner of any changes to the personal data which individuals have provided, including where keeping personal data is no longer necessary.
3. DATA SECURITY
Personal data supplied to St George’s Venice is used by the clergy, employed staff and ministry teams in order to facilitate the administration and day-to-day ministry of the church. It is not accessed by nor disclosed to anyone that does not have a genuine need for access.
Personal data will not be sold, given or otherwise disclosed to any other person, company, church or organisation, apart from in exceptional circumstances as provided by law, such as:
All employed staff are required to sign a confidentiality clause written into their contract of employment and all clergy, staff and volunteers who have access to personal data are required to adhere to this Policy. The Church Office operates appropriate security procedures approved by the CC to ensure that personal data is stored safely and securely.
4. USE OF PERSONAL DATA
St George’s Venice uses personal data for the following purposes:
5. NOTIFICATION
St George’s Venice informs individuals whose personal data are processed about this Policy through publication of the Policy on the church website. In addition, when individuals supply personal data to St George’s Venice by completing a form, that form notifies individuals that their personal data is processed in accordance with this Policy. Individual consent is requested for the inclusion of personal data in contact lists and for the use of photographs as set out above.
6. DATA SUBJECT REQUESTS
Data protection law provides an individual with the right to access personal data relating to him or her which is held by St George’s Venice. Individuals also have the right to object to processing in certain circumstances, as well as the right to rectification, erasure or blocking of data that is incomplete or inaccurate. Any individual who wishes to exercise these rights should make their request in writing to the Church Office.
The Church Office will respond upon receipt of a clear and precise written request supported by proof of identity and an administration fee of €15. St George’s Venice aims to comply with such requests as quickly as possible, and as far as possible to ensure that a response is provided within 45 calendar days of receipt of a request, unless there is a sufficient reason for delay.
Certain information (for example confidential references given by a third party or information including personal data relating to another person) will not be disclosed without obtaining the third party's consent to disclose the information.
7. STATUS OF POLICY
The CC of St George’s Venice has approved this policy. Any person who considers that this policy has not been adhered to with respect to their own personal data should raise the matter with the Chaplain or a Church Warden.
This Policy was approved by the CC in August 2019.
Date of next review: Autumn 2023
St George’s Venice and its Chaplaincy Council (CC) recognises its responsibility and is committed to a policy of protecting and preserving the confidentiality of personal data as required by European data protection legislation.
We retain and process information including personal data about congregation members, electoral roll members, and other regular users, supporters and contacts of the church in order to carry out the duties, functions and activities of the church. In line with legal requirements, personal data is collected and used fairly and lawfully, stored safely and securely, and is not disclosed to any third person except as provided for by law.
All personal data protected by law is covered by this Policy, irrespective of whether it is recorded in a paper file or on a computer. Personal data are all data that identify or can identify an individual directly or indirectly.
The lawful and correct treatment of personal data is regarded as very important to the successful operation of all St George’s Venice activities and to maintaining confidence with all individuals and organisations with whom the Church has contact. St George’s Venice fully endorses and adheres to applicable data protection legislation.
Specifically, legislation requires that personal data:
- is processed fairly and lawfully;
- is collected for specified, explicit and legitimate purposes, taking into account all relevant factors, especially the reasonable expectations of the data subject and the applicable legal and regulatory provisions, and is not further processed in a way incompatible with those purposes;
- is adequate, relevant and not excessive in relation to the purposes for which it is collected or further processed;
- is accurate and, where necessary, kept up-to-date; every reasonable step must be taken to ensure that data which is inaccurate or incomplete with respect to the purposes for which it is collected, or for which it is further processed, is erased or rectified;
- is kept in a form that allows for the identification of data subjects for no longer than necessary with a view to the purposes for which the data is collected or further processed.
St George’s Venice will therefore, through appropriate management, strict application of criteria and controls:
- fully observe the conditions regarding fair and lawful collection, use and storage of personal data;
- collect and process personal data only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements;
- ensure that individuals are able to exercise their rights concerning personal data provided for in legislation. These include the right to be informed that processing is being undertaken, the right of access to one’s own personal data, the right to object to processing in certain circumstances, and the right to rectification, erasure or blocking of data that is incomplete or inaccurate;
- take appropriate technical and organisational measures to safeguard personal data;
- ensure that personal data is not transferred to third parties except as provided by law, nor transferred abroad without appropriate safeguards.
2. RESPONSIBILITIES
All employees and volunteers processing personal data are appropriately informed to ensure that they are aware of their obligations. All enquiries about the handling of personal data will be dealt with promptly and courteously.
Staff members are responsible for ensuring that any personal data supplied to St George’s Venice is accurate and up to date. The Church Office should be informed in a timely manner of any changes to the personal data which individuals have provided, including where keeping personal data is no longer necessary.
3. DATA SECURITY
Personal data supplied to St George’s Venice is used by the clergy, employed staff and ministry teams in order to facilitate the administration and day-to-day ministry of the church. It is not accessed by nor disclosed to anyone that does not have a genuine need for access.
Personal data will not be sold, given or otherwise disclosed to any other person, company, church or organisation, apart from in exceptional circumstances as provided by law, such as:
- where we are legally compelled to do so
- where there is a duty to the public to disclose
- where disclosure is necessary to protect the vital interests of the data subject or those of another person
- where disclosure is made at the request of the data subject or with his/her consent
All employed staff are required to sign a confidentiality clause written into their contract of employment and all clergy, staff and volunteers who have access to personal data are required to adhere to this Policy. The Church Office operates appropriate security procedures approved by the CC to ensure that personal data is stored safely and securely.
4. USE OF PERSONAL DATA
St George’s Venice uses personal data for the following purposes:
- the day-to-day administration of St George’s Venice; calls, emails and visits; preparation of ministry rotas; maintaining financial / giving records for accounting, audit and tax purposes; prayer diary;
- contacting individuals to keep them informed of church news, activities and local or community events;
- statistical analysis to gain a better understanding of church demographics;
- compiling attendance records for children's and youth activities and ensuring compliance with Diocesan safeguarding and child protection policies;
- with individuals' specific permission, names, addresses, telephone numbers and email addresses may be used for the production of contact lists to be made available to other members of St George’s Venice for the purpose of church activities;
- with individuals' specific permission, St George’s Venice may use photographs or video featuring members of the church on its website, Facebook page or other social media, or in flyers or other promotional material.
5. NOTIFICATION
St George’s Venice informs individuals whose personal data are processed about this Policy through publication of the Policy on the church website. In addition, when individuals supply personal data to St George’s Venice by completing a form, that form notifies individuals that their personal data is processed in accordance with this Policy. Individual consent is requested for the inclusion of personal data in contact lists and for the use of photographs as set out above.
6. DATA SUBJECT REQUESTS
Data protection law provides an individual with the right to access personal data relating to him or her which is held by St George’s Venice. Individuals also have the right to object to processing in certain circumstances, as well as the right to rectification, erasure or blocking of data that is incomplete or inaccurate. Any individual who wishes to exercise these rights should make their request in writing to the Church Office.
The Church Office will respond upon receipt of a clear and precise written request supported by proof of identity and an administration fee of €15. St George’s Venice aims to comply with such requests as quickly as possible, and as far as possible to ensure that a response is provided within 45 calendar days of receipt of a request, unless there is a sufficient reason for delay.
Certain information (for example confidential references given by a third party or information including personal data relating to another person) will not be disclosed without obtaining the third party's consent to disclose the information.
7. STATUS OF POLICY
The CC of St George’s Venice has approved this policy. Any person who considers that this policy has not been adhered to with respect to their own personal data should raise the matter with the Chaplain or a Church Warden.
This Policy was approved by the CC in August 2019.
Date of next review: Autumn 2023