GENERAL PRIVACY NOTICE OF THE LDF
Introduction to the Privacy Notice
The London Diocesan Fund (LDF) needs to use information to support the mission and growth of the Church in London. We use the personal data which you have given us, or which we’ve collected, usually from our Bishops’ offices or our parishes..
Why do we need a Privacy Notice?
Data Protection regulation in the UK requires all organisations to inform individuals about the personal data they hold and use, and the reasons for this. This Privacy Notice is intended to make it easier for you to find out how we use and protect your information.
Who does this Notice apply to?
This Privacy Notice is for all those whose personal information is dealt with in any way by the LDF including lay officers, clergy, employees, volunteers, contractors, suppliers, tenants and clients, but there may be others. So, you may be a church warden in the diocese, a representative of your parish on a diocesan body, a church treasurer, an employee, a person contracted to carry out work or a tenant, for instance.
How this Privacy Notice relates to you
We want to be open and transparent about how we use your personal data. We are a charity, a limited company, and subject to ecclesiastical law and we have a surprisingly broad array of tasks and responsibilities. So we have a long list of the different types of data that we might use. Hence we’ve set out a range of scenarios to cover why we might process your data. Even if the examples don’t all apply to you, we think it is more straightforward to have a single document that covers as many eventualities as possible.
We are not changing the ways we use your personal data. Our Privacy Notice has in it what the new Data Protection regulation, requires us to include, and it covers:
Your personal data – what is it?
Who are we?
What is the lawful basis for processing your personal data?
How does the LDF process your personal data, and for what purposes?
Sharing your personal data
How long do we keep your personal data?
Your rights and your personal data
Transfer of data abroad
- Changes to this Notice
The LDF holds a range of data. Do you hold all of this information about me?
No we don’t; only a limited amount of examples in the Notice will apply to you. This will generally be data you have given us, and relevant information collected mostly from parishes to enable you to carry out your role. As the Notice is for everyone, the list under section 4 about the purposes for which we use personal data is long.
1. Your personal data – what is it?
“Personal data” is any information about a living individual which allows them to be identified from that data (for example a name, photographs, videos, email address, or address). Identification can be by the information alone or in conjunction with any other information. The processing of personal data is governed by the Data Protection Act 2018 the General Data Protection Regulation 2016/679 (the “GDPR”) and other legislation relating to personal data and rights such as the Human Rights Act 1998.
2. Who are we? This Privacy Notice is provided to you by the London Diocese Fund (LDF) who is the data controller for your data, which we hold and use. This means that we, the LDF, are responsible to you for how we process your data.
3. What is the lawful basis for processing your personal data?
The GDPR requires specification in the Privacy Notice of the lawful basis for processing personal data. Below are the lawful bases which are relevant for our processing activities.
- legitimate interests, or the legitimate interests of a third party (such as another organisation in the Church of England)
- compliance with a legal obligation
- performance of a contract, or to take steps to enter into a contract
- to protect a person’s vital interests
- where consent has been obtained
Religious organisations are also permitted to process information which reveal a person’s religious beliefs, to administer membership or contact details.
4. How does the LDF process personal data?
The LDF will comply with its legal obligation to keep personal data up to date; to store and destroy it securely; not to collect or retain excessive amounts of data; to keep personal data secure, and to protect personal data from loss, misuse, unauthorised access and disclosure and to ensure that appropriate technical measures are in place to protect personal data.
We use your personal data for purposes included amongst the following:
a. To enable us to meet all legal and statutory obligations.
b. To deliver the Church’s mission to our community, and to carry out any other voluntary or charitable activities for the benefit of the public as provided for in our constitution and our statutory framework
c. To promote and assist the mission and growth of the Church of England in the Diocese of London whatever for the time being shall be the area of the Diocese called “the Diocese of London”, and in particular to organise and provide funds for departments of the Church’s work as noted in the LDF’s Memorandum and Articles of Association.
d. To carry out comprehensive safeguarding procedures (including due diligence and complaints handling) in accordance with best safeguarding practice from time to time with the aim of ensuring that all children and adults-at-risk of abuse or neglect are provided with safe environments.
In carrying out our overall purposes
e. To administer the necessary parish, deanery, archdeaconry and diocesan membership records, events and activities,
e.g. re: Clergy and lay people – for those involved in governance bodies at Diocesan and Area levels, we use the information you have provided on the lawful basis of legal obligation to support the work of the statutory bodies, such as the Synod and Trustee body; and for our legitimate interests, to take forward significant work relating to the sub-committees and groups, which enable you to carry out your roles effectively.
e.g. re: Lay people - church officers, such as churchwardens, PCC Secretaries, treasurers, Deanery Synod members, and those with other key roles in the church, similar to above we use your contact details and other relevant data, usually collected by the parishes, to support you in your various roles. Without such information it would not be possible for you to function effectively in your role for your church.
f. To fundraise and promote the interests of the church and charity. e.g. information supplied by donors to use in supporting our work.
g. To maintain our own accounts and records. e.g. re: Contractors, suppliers and tenants – for putting agreements in place, invoicing and making payments. Personal data held in this regard forms part of our contractual arrangements with you.
h. To seek your views or comments
i. To notify you of changes to our services, events and role holders. e.g. those who sign up to receive newsletters.
j. To send you communications which you have requested, or that may be of interest to you. These may include information about campaigns, appeals, or other fundraising activities. e.g. those who make donations to the LDF
k. To process a grant or application
l. To enable the clergy to undertake pastoral care duties as appropriate
m. To manage our employees, volunteers and contractors. We will process data about individuals for legal, HR, administrative and management purposes and to enable us to meet our legal obligations. e.g. re: Employees – to pay you, according to our contract with you; to monitor your performance, which we have a legitimate interest to do in taking forward the LDF’s aims and objectives; and to confer benefits, such as sick pay, which we have a legal obligation to do. During the course of your employment information you have given us may be shared with other LDF officers and our external agents (e.g. our payroll processors) to enable us to manage your employment and comply with our policies and procedures, e.g. prevention of illegal working, disciplinary, grievance, and performance management policies. Your information will be held securely in compliance with our retention/data deletion policy and where relevant, individual polices which reflect these arrangements
n. We may process special categories of personal data relating to individuals including, for example as appropriate:
- information about a physical or mental health condition in order to monitor sick leave and take decisions as to the individual’s fitness for work;
- the individual’s racial or ethnic origin or religious or similar diversity data in order to monitor compliance with equal opportunities legislation;
- in order to comply with legal requirements and obligations to third parties.
o. Our processing may include the taking of photographs, filming and live streaming of particular events for use in promotional or training events, and which may appear in promotional material and/or on our intranet and website. Our website is also accessible from overseas. e.g. re: Employees and office holders’ photographic ID passes. The LDF has a legitimate interest in providing these for the safety of diocesan officers and staff
p. Our processing also includes the use of CCTV systems for the prevention and prosecution of crime.
5. Sharing your personal data
Your personal data will be treated as strictly confidential. It will only be shared with third parties including other data controllers where it is necessary for the performance of the LDF’s tasks or where you first give us your prior consent. Where relevant, it is possible that we will need to share your data with:
- The Bishops of the Diocese of London;
- PCCs and incumbents of parishes in the Diocese;
- Other ordained or lay persons nominated or licensed by the bishops of the Diocese of London to support the mission of the Church in the diocese;
- The appropriate bodies of the Church of England;
- Our agents, advisers and contractors. For example, we may ask a commercial provider to send out newsletters on our behalf; to maintain our database software; or other commercial service providers (e.g. pension, payroll);
- Other persons or organisations operating within the Diocese of London including, where relevant, the London Diocesan Board for Schools and Subsidiary Bodies.
6. How long do we keep your personal data?
In general, we will endeavour to keep data only for as long as we need it. This means that we may delete it when it is no longer needed, in line with our approach to data retention. We will keep some records permanently if we are legally required to do so. We may keep some other records for an extended period of time. For example, it is current best practice to keep financial records for a minimum period of 6 years to support audits from external bodies.
7. Your rights and your personal data
You have the following rights with respect to your personal data:
To access information we hold on you – you can contact us in writing at any time (see 10. Contact Details)
To correct and update the information we hold on you - we will make relevant changes
To have your information erased - you can request deletion
To restrict the processing of your data – you can object to your data being used
To moving your data (data portability) – you can request data transfer
To withdraw your consent, where consent was sought – this can be at any time
To object to the processing of personal data where applicable.
- To lodge a complaint with the Information Commissioners Office.
When exercising any of the rights listed above, in order to process your request, we may need to verify your identity for your security. In such cases we will need you to respond with proof of your identity before you can exercise these rights.
8. Transfer of Data Abroad
In general we do not transfer personal data abroad. However, where this does occur, any electronic personal data transferred to countries or territories outside the EU will only be placed on systems complying with measures giving broadly equivalent protection of personal rights either through international agreements or contracts approved by the European Union.
9. Further processing
If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where applicable and whenever necessary, we will seek your prior consent to the new processing.
10. Contact Details
Please contact us if you have any questions about this Notice or the information we hold about you or to exercise all relevant rights, queries or complaints at:
Address: Data Protection Officer, The London Diocesan Fund, 36 Causton Street, London SW1P 4AU
Email: GDPR@london.anglican.org Tel: 020 7932 1100.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
11. Changes to this notice
We keep this Privacy Notice under regular review and we will place any updates on this web page: **www.london.anglican.org/GDPR**. This Notice was updated in September 2020.
Company Registration Number 150856 Charity Registration Number 241083 www.london.anglican.org