Who is responsible for your personal data?
Holyrood Evangelical Church (the “Church”) is responsible for your personal data, including special category data. The Church is a Scottish Charitable Incorporated Organisation (Charity Number SC044820), 121 Montgomery Street, Edinburgh.
Which personal data do we collect?
The personal data that we collect includes any information that identifies you personally, such as your name, address, email address or telephone number. It might also include details of religious beliefs, dietary requirements, health requirements or bank account details.
The trustees recognise the importance of your privacy and personal information and we have therefore outlined below how the Church collects, uses, discloses, and protects this information. We are not registered with the Information Commissioner as we are exempt from compulsory registration, but we strive to comply fully with data protection law and the UK General Data Protection Regulation.
How we collect personal data
The Church receives and stores personal information provided by members, employees, volunteers, donors and other associates. This information can be supplied to us:
- in writing or via email, by telephone conversation or on our website (e.g. when an individual is becoming a member); or
- by otherwise associating with the Church or its organisations, (e.g. by enquiring about our work, activities, employment and volunteering opportunities); or
- when donating money to the Church or its organisations.
We may also receive information about you from third parties.
For which purposes will we use your personal data?
We may use the information we collect:
- For pastoral care purposes;
- To manage our trustees, employees, volunteers and members;
- To organise services of worship and other meetings;
- To provide news and information about events, activities and services of the Church;
- To deliver services that individuals have requested;
- To enable the Church to provide voluntary services for public benefit in our community;
- To administer membership records (including ChurchSuite);
- To fundraise and promote the interests of the Church;
- To maintain our financial accounts and records (including processing of gift aid claims);
- To operate the Church website;
- To exercise statutory, governmental or other public functions, e.g. in relation to safeguarding vulnerable people or the registering of marriages.
When will we disclose your personal data?
The Church may require to share personal information held for a number of reasons including to provide pastoral or other assistance, process donations, request prayer support, or to carry out any (other) contractual obligations. This data may be disclosed to:
- relevant agents and third parties;
- employees and/or volunteers including the charity trustees/ office bearers.
The Church does not permit these parties to use such information for any other purpose than the foregoing.
The Church may also need to disclose your information if required to do so by law.
What is the legal basis for using your personal data?
Your personal data is processed firstly under the legal term ‘Legitimate Interest’. This means we believe you wish to receive the communications we send because you are a member or adherent of the Church, or have shown an interest in our work, and have given us your permission to store personal data in order to allow the Church to carry out its function as a Christian church seeking to serve God and our members through worship, discipling, pastoral care and outreach.
Secondly, apart from your name and contact details, this data may also include special category data, such as your religious background or dietary requirements etc. As a registered charity in Scotland, the Church is a “not-for-profit body”, which allows it to hold and process special category data provided data subjects have given specific consent to do so. Processing is carried out by a not-for-profit body with a political, philosophical, religious or trade union aim provided:
- the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes); and
- there is no disclosure to a third party without consent.
All such data is only held when you have given it to us and there is sufficient direct contact by us as faith-based Christian charity to make such use appropriate. We will never pass on your personal data to a third party without your consent.
For how long do we retain your personal data?
Your personal data will be deleted when it is no longer reasonably required for the purposes listed above or you withdraw your consent (where applicable) and we are not legally required or otherwise permitted to continue storing such data. We aim to review our databases at least very two years for the purpose of ensuring that it remains necessary to retain your personal data.
Subject to certain legal conditions, you have the right to request a copy of the personal data about you which we hold, to have any inaccurate personal data corrected and to object to or restrict our using your personal data. You may also make a complaint if you have a concern about our handling of your personal data.
If you wish to do any of the above please send an email to firstname.lastname@example.org. We may request that you prove your identity by providing us with a copy of a valid means of identification in order for us to comply with our security obligations and to prevent unauthorised disclosure of data.
We will consider any requests or complaints which we receive and provide you with a response in a timely manner. If you are not satisfied with our response, you have the right to lodge a complaint regarding the processing of your personal data with the Information Commissioner: https://ico.org.uk/
Storage and Security of Personal Information
The Church, via its trustees, employees and volunteers will use all reasonable endeavours to ensure that personal information is held in a secure and confidential environment and when the information is no longer needed it will be destroyed or permanently rendered anonymous.