{"id":4740,"date":"2018-06-10T17:55:41","date_gmt":"2018-06-10T16:55:41","guid":{"rendered":"http:\/\/burnheadchurch.ddns.net\/?page_id=4740"},"modified":"2018-06-10T17:55:41","modified_gmt":"2018-06-10T16:55:41","slug":"data-protection-policy","status":"publish","type":"page","link":"https:\/\/burnheadchurch.com\/?page_id=4740","title":{"rendered":"Data Protection Policy"},"content":{"rendered":"

UDDINGSTON BURNHEAD PARISH CHURCH <\/b><\/span><\/span><\/p>\n

Data Protection Policy <\/b><\/span><\/p>\n

\n

CONTENTS<\/b><\/span><\/span><\/p>\n

1. Overview<\/b><\/span><\/span><\/p>\n

2. Data Protection Principles<\/b><\/span><\/span><\/p>\n

3. Personal Data<\/b><\/span><\/span><\/p>\n

4. Special Category Data<\/b><\/span><\/span><\/p>\n

5. Processing<\/b><\/span><\/span><\/p>\n

6. How personal data should be processed<\/b><\/span><\/span><\/p>\n

7. Privacy Notice<\/b><\/span><\/span><\/p>\n

8. Consent<\/b><\/span><\/span><\/p>\n

9. Security<\/b><\/span><\/span><\/p>\n

10. Sharing personal data<\/b><\/span><\/span><\/p>\n

11. Data security breaches<\/b><\/span><\/span><\/p>\n

12. Subject access requests<\/b><\/span><\/span><\/p>\n

13. Data subject rights<\/b><\/span><\/span><\/p>\n

14. Contracts<\/b><\/span><\/span><\/p>\n

15. Review<\/b><\/span><\/span><\/p>\n

\n

Data Protection Policy
\n<\/b><\/u><\/span><\/span><\/p>\n

    \n
  1. \n

    Overview <\/b><\/span><\/span><\/p>\n<\/li>\n<\/ol>\n

      \n
    1. \n
        \n
      1. \n

        The congregation takes the security and privacy of personal information seriously. As part of our activities we need to gather and use personal information about a variety of people including members, former members, adherents, employees, office-holders and generally people who are in contact with us. The<\/span><\/span> <\/b>Data Protection Act 2018 (the \u201c2018 Act\u201d) and the EU General Data Protection Regulation (\u201cGDPR\u201d) <\/span><\/span>regulate the way in which personal information about living individuals is collected, processed, stored or transferred.<\/span><\/span><\/p>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n

          \n
        1. \n
            \n
          1. \n

            This policy explains the provisions that we will adhere to when any personal data belonging to or provided by data subjects, is collected, processed, stored or transferred on behalf of the congregation. We expect everyone processing personal data on behalf of the congregation (see paragraph 5 for a definition of \u201cprocessing\u201d) to comply with this policy in all respects.<\/span><\/span><\/p>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n

              \n
            1. \n
                \n
              1. \n

                The congregation has a separate Privacy Notice which outlines the way in which we use personal information provided to us. A copy can be obtained from David Combe, our Congregational Data Protection Co-Ordinator. <\/span><\/span><\/p>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n

                  \n
                1. \n
                    \n
                  1. \n

                    All personal data must be held in accordance with the congregation\u2019s Data Retention Policy, which must be read alongside this policy. A copy of the Data Retention Policy can be obtained from David Combe, our Congregational Data Protection Co-ordinator. Data should only be held for as long as necessary for the purposes for which it is collected. <\/span><\/span><\/p>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n

                      \n
                    1. \n
                        \n
                      1. \n

                        This policy does not form part of any contract of employment (or contract for services if relevant) and can be amended by the congregation at any time. It is intended that this policy is fully compliant with the 2018 Act and the GDPR. If any conflict arises between those laws and this policy, the congregation intends to comply with the 2018 Act and the GDPR.<\/span><\/span><\/p>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n

                          \n
                        1. \n
                            \n
                          1. \n

                            Any deliberate or negligent breach of this policy by an employee of the congregation may result in disciplinary action being taken in accordance with our disciplinary procedure. It is a criminal offence to conceal or destroy personal data which is part of a subject access request (see Paragraph 12 below) and such conduct by an employee would amount to gross misconduct which could result in dismissal.<\/span><\/span><\/p>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n

                              \n
                            1. \n

                              Data Protection Principles<\/b><\/span><\/span><\/p>\n<\/li>\n<\/ol>\n

                                \n
                              1. \n
                                  \n
                                1. \n

                                  Personal data will be processed in accordance with the six \u2018<\/span><\/span>Data Protection Principles<\/b><\/span><\/span>.\u2019 It must:<\/span><\/span><\/p>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n

                                    \n
                                  1. \n
                                      \n
                                    1. \n