The processing of personal data (including use) is governed by the General Data Protection Regulation (the “GDPR”. This is an EU Regulation soon to be replaced in the UK by a new Data Protection Act (DPA). Personal data relates to a living individual who can be identified from it (the ‘data subject’.)
Consent and legitimate interests
The Society considers it has legitimate interests in holding the personal data of present and former members, Sunday school pupils and their parent/guardians, members, former members of the Sunday school, volunteers, suppliers, customers and employees and self-employed contractors, so consent is not required from these individuals. We share members’ contact details with all other members for administrative use.
It is our policy that consent should be sought from non-members whose personal data is held by the Society in order to keep them informed about activities such as Lectures, services, meetings and Reading Room activities.
Use of personal data
Personal data is used:
- to administer membership records;
- to manage the Society’s activities, suppliers, customers, and volunteers;
- to maintain financial records (including the processing of gift aid applications);
- to inform people in the community of events and activities of the Society and of related activities in the Christian Science movement and to respond to inquirers;
- generally, to promote the interests of the Society.
The Society complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure; and by ensuring that appropriate technical measures are in place to protect personal data.
All personal data will be treated as strictly confidential and will only be shared with other members of the Society in order to carry out a service to other members or for purposes connected with its activities. It will not be shared with third parties except with the data subject’s consent; it will not be sold.
Membership information, Sunday School records, and information related to Safeguarding will be retained for at least 50 years. Non-members’ data held with consent will be retained while it is still current or until consent is withdrawn. Consent will be confirmed every 5 years. Gift aid declarations and associated paperwork will be retained for 7 years after the tax year to which they relate. Other financial records will be retained for 6 years after the year end in which the transaction took place.
Data subjects’ rights
Data subjects have the right:
- to request a copy of any personal data which the Society holds about them;
- to request the Society to correct any personal data that is inaccurate or out of date;
- to request that personal data be erased if it is no longer necessary for the Society to retain it;
- to withdraw consent to the processing at any time;
- to request the data controller to provide them with their personal data and, if they wish, send it to another data controller;
- if there is a dispute about the accuracy or processing of personal data, to request a restriction be placed on further processing;
- to object to the processing of personal data;
- to lodge a complaint with the Information Commissioner’s Office; see the website at www.ico.org.uk .
The Data Controller is the Clerk.
This policy will be reviewed every 2 years and any change adopted as required.
Adopted by the membership on 26th July 2018