DATA PRIVACY NOTICE
Data Protection Policy
- St Colman's Church of Ireland Kilroot
See Below for Details
We, St Colmans Parish Kilroot, are committed to protecting the privacy rights of individuals in relation to the processing of their personal data and confer rights on individuals as well as responsibilities on those processing personal data. This policy outlines our approach to compliance with the General Data Protection Regulation (GDPR) and all other relevant data protection legislation. This policy is effective as and from 30th Nov 2019
This policy applies to all personal data created or received in the course of our work in all formats, across all time periods. This may be in paper, physical and electronic formats or communicated verbally in conversation or over the telephone. It applies to all locations where personal data is held by the parish and its data processors.
The parish is a data controller. The parish commits to acting in a transparent manner and is responsible for determining the purposes and means of all data processing undertaken by and on behalf of:
The Vestry is responsible for answering questions in relation to this data protection policy and the parish’s approach to privacy. For any questions about this policy, including any request to exercise legal rights, please contact: firstname.lastname@example.org
Personal data is any information that can identify an individual either directly or indirectly in conjunction with other information. This includes a name, location data or a postal address, online browsing history, images or anything relating to the physical, physiological, genetic, mental, economic, cultural or social identity of a person.
Special categories of data can only be processed under specific circumstances and appropriate safeguards must be in place to protect this data. Special categories include: racial or ethnic origin, political opinion, religious or philosophical beliefs, sexual orientation or information concerning a person’s sexual nature and information about children.
The parish may collect, use, store and transfer different kinds of personal information and use it for a variety of different purposes. This personal information may include:
The parish is responsible for complying with the following principles. Personal data should be:
The parish collects and uses personal information for a number of purposes and relies on a number of different legal bases to do this.
The parish uses personal information to carry out our obligations arising from any contracts entered into between two parties or to take the necessary steps prior to entering into a contract including:
The parish is required to process personal information to comply with certain legal obligations which they are subject to including:
4.3 For legitimate business interests
Where the parish processes personal information for our legitimate interests, the parish will ensure that there is a fair balance between their legitimate interest and the data subject’s fundamental rights and freedoms.
4.4 For the establishment, exercise or defence of legal claims
The parish occasionally processes personal information, including sensitive personal information, such as information concerning health, religious or philosophical beliefs, political opinion and criminal convictions / offences where it is necessary for the establishment, exercise or defence of legal claims.
4.6 Vital Interest
The parish may, in certain circumstances, use personal data where the processing is necessary to protect someone’s life.
4.7 Public Interest
Data subjects have a number of rights under data protection law in relation to how the parish use their personal information. They have the right, free of charge, to:
These rights are, in some circumstances, limited by data protection legislation. If a data subject wishes to exercise any of these rights please contact Click here to enter text – include the name of the person as outlined in Section 1.3 of this policy . The parish will take measures to verify the identity of the data subject, which will be by reference to copies of acceptable identification documentation. The parish will endeavour to respond to the request within a month. If the parish is unable to deal with the request within a month we may extend this period by a further period of two months and we will provide an explanation for this.
The parish is responsible for implementing appropriate technical and organisational measures to demonstrate that processing is performed in accordance with GDPR. Click here to enter text – include the name any IT policies the parish has developed. They may include IT Password Security; Acceptable Usage, Social Media Usage
The parish will retain personal information for as long as needed to fulfil the purposes for which it was collected. The parish will retain and use personal information for no longer than is necessary to comply with accounting, reporting or legal obligations. How long certain information is stored depends on the nature of the information we hold and the purpose for which it is processed , If you have any queries or want a copy of this please contact email@example.com
A personal data security breach is any event that has the potential to affect the confidentiality, integrity or availability of personal data held by us in any format. The parish is required to report serious data breaches to the Data Protection Commissioner within 72 hours of becoming aware of the data breach.
Where it is determined that the breach is unlikely to result in a risk to the rights and freedoms of natural persons, then the supervisory authority will not be notified. Unless it is determined that there is a high risk to the rights and freedoms of natural persons then the data subject(s) may not be notified.
The parish will keep an internal record of the details, the means for deciding there was no risk, who decided there was no risk and the risk rating that was recorded. The parish will respond promptly and appropriately to data security breaches, including all relevant reporting obligations.
The parish may share personal data between the Church of Ireland’s joint data controllers and their respective data processors. The four data controllers are: Representative Church Body & General Synod, Diocesan Council, the Bishops and the parish.
9.1 With third parties
The parish may share personal information with third party providers that perform services and functions at their direction and on our behalf, such as accountants, auditors, IT providers, printers, solicitors and providers of security and administrative services. The parish does not sell any personal information and will only share it with third parties who are facilitating the delivery or fulfilment of a service or who are working on behalf of the parish. The parish will contractually require that all suppliers protect such information from unauthorised access, use and disclosure.
The parish may transfer personal data outside the European Economic Area (EEA). However, these countries do not always afford an equivalent level of privacy protection and in such circumstances the parish will take specific steps, in accordance with data protection law, to protect personal information.
A strong data protection culture is essential to advance the mission and ministry of the Church of Ireland. The parish commit to:
This Policy was approved by the Select Vestry in November 2019 and is based on the recomendations of the RCB
With Our New Rector Rev Nigel Kirkpatrick in place from September we hope to develop this site further - Watch this space
We would love to know how you feel about our website, please browse all sections and if you have any suggestions or just thoughts on the site please email (under development)