1. Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the United Kingdom General Data Protection Regulation (the “UK-GDPR”) and Data Protection Act 2018.
2. Who are we?
The Diocese of Derby is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
3. How do we process your personal data?
The DDBF complies with its obligations under the “UK-GDPR” by: -
- · keeping personal data up to date
- · by storing and destroying it securely
- · by not collecting or retaining excessive amounts of data
- · by protecting personal data from loss, misuse, unauthorised access and disclosure and
- · by ensuring that appropriate technical measures are in place to protect personal data
We use your personal data for the following purposes: -
- To enable us to provide a voluntary service for the benefit of the public within the Diocese of Derby;
- To administer records of:
- Pastoral Assistants
- Youth workers
- DCC & PCC Officers
- General, Diocesan & Deanery Synod members
- DBF Committees
- To fundraise and promote the interests of the Diocese
- To manage our employees and volunteers
- To compile the (printed) Diocesan directory
- To maintain our own accounts and records (including processing gift aid applications)
- To inform you of news, events, activities and services running either within The Diocese of Derby or further afield through: -
- Mailings (email or hardcopy)
- Sharing your contact details with the Diocesan office
4. What is the legal basis for processing your personal data?
- The processing is in accordance with the legitimate interest of DDBF in supporting and promoting the work of the Church of England in the Diocese of Derby;
- Processing is necessary for carrying out obligations under employment, social security or social protection law, or other contractual matters;
- Consent of the data subject so that we can keep you informed about news, events, activities and services and process your gift aid donations and keep you informed about diocesan events;
- The processing is necessary to protect the individual’s “vital interests”.
- Processing is necessary for carrying out obligations under Ecclesiastical law or other similar legal obligations;
- Processing is carried out by a not-for-profit body with a political, philosophical, religious or trade union aim provided: -
- the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes); and there is no disclosure to a third party without consent except as set out set out in 5 below
5. Sharing your personal data
As has been the case for many years, contact details for certain official roles within parishes may be shared widely, including with the general public. Where this is the case we will clearly indicate this, and people will be given the opportunity to provide alternative contact details or restrict public access to certain information. Examples of this data being made widely available include the publishing of the diocesan directory or an enquiry to Church House asking how to contact a parish official.
Otherwise, your personal data will be treated as strictly confidential and will only be shared within the Diocese of Derby, in order to carry out a service to other church members or for purposes connected with the Diocese, and certain third parties outside of the parish as set out in Annexe 1.
6. How long do we keep your personal data?
We keep data in accordance with the guidance set out in the guide “Save or Delete: Care of Your Diocesan Records” which is available from the Church of England website [see footnote for link]. Specifically, we retain electoral roll data while it is still current; gift aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate; and parish registers (baptisms, marriages, funerals) permanently.
7. Your rights and your personal data
Unless subject to an exemption under the UK-GDPR, you have the following rights with respect to your personal data: -
- The right to request a copy of your personal data which the Diocese of Derby holds, about you.
- The right to request that the Diocese of Derby corrects any personal data if it is found to be inaccurate or out of date.
- The right to request your personal data is erased where it is no longer necessary for the Diocese of Derby to retain such data.
- The right to withdraw your consent to the processing at any time.
- The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability).
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.
- The right to object to the processing of personal data, (where applicable)
- The right to lodge a complaint with the Information Commissioners Office.
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
9. Contact Details
To exercise all relevant rights, queries or complaints please in the first instance contact the Derby Diocese Office Manager at Church House, Full Street, Derby or call 01332 388650 or email firstname.lastname@example.org
Contact the Commissioner’s Office on 0303 123 1113 or email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioners Office, Wycliffe house, Water Lane, Wilmslow, Cheshire. SK9 5AF.
Parties with whom data may be shared: -
- The Bishops of the Diocese of Derby
- The Archdeacons of Derby and Chesterfield
- Derby Diocesan Board of Finance
- Derby Diocesan Board of Education
- Derby Diocesan Academies Trust
- Transforming Faith
- The Chancellor for the Diocese of Derby
- The Diocesan Registrar
- Derby Cathedral
- Diocesan Clergy and Licensed lay ministers
- Parochial Church Councils and Bishop’s Mission Orders within the Diocese
- Diocesan Deanery Synods
- Other Diocesan bodies under Diocesan Synod that may be established from time to time and will be added to this list.
- Other Dioceses in the Church of England
- The National Church of England Institutions
- Other official Church of England organisations
- Employees, office holders, volunteers, other recognised roles and contractors of the above offices and organisations.
The contact details of Petitioners and/or applicants on individual applications may be shared, through the Contact Management System (CMS): -
- The Archdeacon of Derby
- The Archdeacon of Chesterfield
- The Chancellor and Deputy Chancellor for the Diocese of Derby
- The office of the Diocesan Registrar
- Statutory Consultees (The Church Buildings Council, Historic England, national Amenity Societies and local authorities)
- to facilitate the consideration of applications for either a Faculty or a Matter not requiring a Faculty under the Faculty Jurisdiction Rules
In addition to the above Clergy details will also be provided: -
- Periodically to Crockford’s Clerical Directory
- When necessary, by the Diocesan Property department to its representatives for undertaking works of repair Diocesan clergy housing and the letting of Diocesan properties
- To the relevant local authority (in respect of Council Tax) and utility companies (in respect of supplies of energy to the property)
- To the relevant Church of England National Institutions in processing stipends, pensions and other national services.
- In compliance with our legal responsibilities
To make this site work properly, we sometimes place small data files called cookies on your device. Most big websites do this too.
What are cookies?
A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another.
How to control cookies
You can control and/or delete cookies as you wish – for details, see aboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.
Some personal data is collected through the site when you voluntarily choose to provide us with personal data.
The Contact Form – The information collected via the form simply allows us to reply to you/answer any questions, etc.
Leaving a Comment – If you leave a comment on the site, we ask for your name, email (which is not displayed on the site) and website (if you’ve got one). This information is used so other visitors will know who left the comment and to help us stop spammers.
Sharing and usage on collected information
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
Notification of changes
We are not responsible for the availability or content of external sites that may be linked to, from the site. If you find a broken link or if you have any questions or concerns about a link, please contact us.