The Church’s Charity Trustees (Elders Meeting) are the Data Controller for the purposes of the Data Protection Act and personal data relating to church members and regular attenders may be processed for general church purposes.
Clitheroe United Reformed Church recognises and accepts its responsibilities under the Data Protection Act 1998. It will handle all personal data in accordance with the principles required by the Act:
- Personal data will be processed fairly and lawfully
- Personal Data will only be obtained for one or more specified and lawful purposes and not processed in any manner incompatible with that purpose or purposes.
- Personal data will be adequate, relevant and not excessive in relation to the purpose or purposes to which they are processed.
- Personal data will be accurate and where necessary kept up to date.
- Personal data processed for any purpose or purposes will not be kept for longer than is necessary for that purpose or those purposes.
- Personal data will be processed in accordance with the rights of data subjects under the Act.
- Appropriate technical and organisational measures must be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction or damage to personal data.
- Personal data will not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection.
The Elders Meeting is the Data Controller for the purposes of the Act and personal data may be processed for general church purposes.
Clitheroe United Reformed Church enjoys the exemption provided by paragraph 5 of the schedule to The Data Protection (Notification and Notification Fees) Regulations – Statutory Instrument 188 of 2000. These exemption provisions as applied to Churches are because the processing:
- is carried out by the church, that is under the direction of the Elders Meeting or others appointed by the church (the Data Controller)
- is for the purposes of establishing or maintaining membership of the church or for support of the church, or for administering activities for individuals who are either members of the church or have regular contact with it; (this is the exempt purpose)
- is of personal data in respect of which the data subject is:
(i) a past, existing or prospective member of the church or its associated organisations;
(ii) any person who has regular contact with the church or its associated organisations in connection with the purposes: or
(iii) any person the processing of whose personal data is necessary for the exempt purposes
- is of personal data consisting of the name, address and other identifiers of the data subject or information as to:
(i) eligibility for membership of the church or its associated organisations;
(ii) other matters the processing of which is necessary for the exempt purposes;
- does not involve disclosure of the personal data to any third party other than:
(i) with the consent of the data subject; or
(ii) where it is necessary to make such disclosure for the exempt purposes: and
- does not involve keeping the personal data after the relationship between the data controller and the data subject ends, unless and for so long as it is necessary to do so for the exempt purposes.
Appendix 1
THE PROVISIONS GIVING AN EXEMPTION FOR CHURCHES FROM THE NEED TO NOTIFY THE DATA PROTECTION REGISTRAR
The processing
- is carried out by the church, that is under the direction of the Charity Trustees (Elders) or others appointed by the Church Members‟ Meeting (the Data Controller)
- is for the purposes of establishing or maintaining membership of the church or for support of the church, or for administering activities for individuals who are either members of the church or have regular contact with it; (this is the exempt purpose)
- is of personal data in respect of which the data subject is:
(i) a past, existing or prospective member of the church or its associated organisations;
(ii) any person who has regular contact with the church or its associated organisations in connection with the purposes: or
(iii) any person the processing of whose personal data is necessary for the exempt purposes
- is of personal data consisting of the name, address and other identifiers of the data subject or information as to:
(i) eligibility for membership of the church or its associated organisations;
(ii) other matters the processing of which is necessary for the exempt purposes;
- does not involve disclosure of the personal data to any third party other than:
(i) with the consent of the data subject; or
(ii) where it is necessary to make such disclosure for the exempt purposes: and
- (f) does not involve keeping the personal data after the relationship between the data controller and the data subject ends, unless and for so long as it is necessary to do so for the exempt purposes.
Note: If personal data relating to pastoral counselling or other exempt activities is processed, advice should be sought as to whether there should be notification by the data controller which in the circumstances might not be the Charity Trustees.