Data Privacy Notice of The General Conference of the New Church
Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”).
Who are we and how do we process your personal data?
The Council of the General Conference of the New Church is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
The Council of the General Conference of the New Church complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We may use your personal data for the following purposes:-
1) To operate the General Conference of the New Church web sites and deliver the services requested.
2) To inform individuals of news, events, activities or services being run under the control of the New Church.
3) To process gift aid applications.
4) To fundraise and promote the interests of the charity;
5) To administer membership records;
6) To manage our employees and volunteers;
7) To maintain our own accounts and records.
What is the legal basis for processing your personal data?
1) Consent of the data subject.
2) Processing is carried out by a not-for-profit body with a religious or trade union aim provided the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes) and there is no disclosure to a third party without consent. (This clause allows us to collect and process data without consent)
Sharing your personal data
Your personal data will be treated as strictly confidential and will not be shared without consent except with officers, trustees, managers, groups and societies within The General Conference of the New Church or those with whom we have regular contact in order to pursue or aims.
How long do we keep your personal data?
An entry may not be removed from the register of members until 10 years from the date membership ceased.
Employee records will be retained for six years from the cessation of employment. Data for other purposes will be retained for a maximum of 18 months from the time it ceased to be current unless there is a legal requirement to hold it for longer, except where it is included on a Roll or in a Yearbook, when it will be retained indefinitely.
Your rights to control your own data
You have the right
a) to request a copy of your personal data which the General Conference of the New Church holds about you;
b) to request that Conference corrects any personal data if it is found to be inaccurate or out of date;
c) to request your personal data is erased where it is no longer necessary for Conference to retain such data;
d) to withdraw your consent to the processing at any time;
e) where there is a dispute in relation to the accuracy or processing of your personal data, to request that a restriction is placed on further processing;
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
To exercise all relevant rights, queries or complaints please contact the Data Protection Manager at firstname.lastname@example.org.
The Conference Council, 8 March 2018