DATA PRIVACY NOTICE
The Parochial Church Council (PCC) of All Saints’ Church, Milton. Updated March 2025
Please note the Electoral Roll is a public legal document, which has its own separate privacy policy, which can be read here.
The original policy document is linked here in pdf form
1. Your personal data – what is it and where did we get it from?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
Some services are recorded & live-streamed and made available for those unable to attend in person or wish to participate in our services remotely. Identifiable images may be recorded, and these are normally limited to the main stage area and those actively taking part and participating in the service from the front.
All Saints Milton might also receive your personal data from third party sources such as Crockford's Clerical Directory, social media, A Church Near You, parish websites and other publicly accessible sources such as Google.
2. Who are we?
The PCC of All Saints, Milton is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
3. How do we process your personal data?
The PCC of All Saints, Milton complies with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
Please see the appendix for the purpose and legal basis for processing.
4. Sharing your personal data
Your personal data will be treated as strictly confidential and will only be shared with other members of the church in order to carry out a service to other church members or for purposes connected with the church. We will only share your data with third parties outside of the parish with your consent.
It is possible to opt-in to sharing information with other church members independently via ChurchSuite.
We will be sharing the recorded or live-streamed services images and audio with the general public, by uploading it to social media and the All Saints Milton YouTube channel. The basis for processing this personal data arising from live streaming public services is that participants have chosen to make their religious affiliation public by attending public worship. We do not need to seek the consent of each person attending the services of public worship, but we will ensure that everyone has the opportunity not to be filmed, if that is their wish. Otherwise assent maybe assumed.
5. How long do we keep your personal data?
We keep data in accordance with the guidance set out in the guide “Keep or Bin: Care of Your Parish Records” which is available from the Church of England website.
Specifically, we retain electoral roll data while it is still current; gift aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate; and parish registers (baptisms, marriages, funerals) permanently.
6. Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: -
- The right to request a copy of your personal data which the PCC of All Saints, Milton, holds about you;
- The right to request that the PCC of All Saints, Milton corrects any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary for the PCC of All Saints, Milton to retain such data;
- The right to withdraw your consent to the processing at any time;
- The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable) [Only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means].
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data, (where applicable) [Only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics]
- The right to lodge a complaint with the Information Commissioners Office.
7. External Third Parties
We will share your data with third parties:
- The Diocese of Ely and central institutions of the Church of England in accordance with our obligations under Ecclesiastical law and in relation to safeguarding.
- Service providers acting as processors based in the UK who provide IT and system administration services.
- Professional advisers including lawyers, bankers, auditors, pension advisors and insurers based in the United Kingdom who provide consultancy, banking, legal, insurance and accounting services.
- HM Revenue & Customs, regulators and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.
Online services:
Microsoft Office365: https://www.microsoft.com/en-gb/privacy/privacystatement
Parish Giving Scheme: https://www.parishgiving.org.uk/privacy-policy/
ChurchSuite: https://www.churchsuite.com/privacy-notice/
Eventbrite: https://www.eventbrite.co.uk/help/en-gb/articles/460838/eventbrite-privacy-policy
Krystal Hosting: https://krystal.io/legal/privacy-policy
RotaCentral: https://www.rotacentral.com/privacy-policy/
BrightPay: https://brightsg.com/privacy-notice/
YouTube: https://www.youtube.com/intl/ALL_uk/howyoutubeworks/our-commitments/protecting-user-data/
Note that these third parties may in turn also use their own partners to provide some components of their services.
8. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
9. Contact Details
To exercise all relevant rights, queries or complaints please in the first instance contact the Parish Administrator / PCC Secretary at
Appendix – purpose and legal basis for processing
|
Purpose of processing |
Examples of processing activity |
Categories of personal data involved |
Lawful basis of processing |
Legitimate interests (if applicable) |
|
Ministry and mission support |
Support and engagement (inclusive of vocational support) of lay members and other officers, including chaplaincy, curacies, ordinands, advisors and specialist support workers such as youth workers, and children and family support workers. Admin and organisation in relation to overseas mission trips. Publication of news letters. |
Name and Contact details; Identification Details; Preferences; Religious Beliefs and Associated Information; Financial Information; Qualification and Training Records |
Consent, for example in connection with the issue of engagement newsletters Legitimate interest, such as to determine the suitability of candidates for relevant positions as well as appropriate vocational supports for personnel. |
Conduct of normal business |
|
Event management |
Administration and Management of church events, including social events and conferences |
Name and Contact Details; Photographs and recordings taken for potential online and print promotion. (notices issued at the event and exemption processes in place at the time of event) Dietary preferences and allergy information Health Information to ensure access to the premises can be assured. |
Contractual Performance, Legitimate Interest, for example to enable social events to be organised to support community engagement activities. |
Conduct of normal business |
|
Financial operations |
Payroll operations, payment of expenses, invoicing, procurement, tax etc. |
Name and Contact Details Financial Information Qualification and Training Records |
Contractual Performance, for example to enable the payment of invoices and expenses Legal Obligation, for example to ensure payment of payroll Legitimate Interest, for example to ensure personnel with financial responsibilities are suitably trained to complete their duties effectively |
Management of operational funding Keeping treasurer informed. |
|
Church Representation Rules |
Contact with PCC members, parish and office holders |
Name and Contact Details |
Legal Obligation, for example to discharge the requirements of Church Representation Rules. |
Normal conduct of business |
|
Advice and legal obligations relating to church buildings, their development and maintenance. Including the rectory and other properties. |
Receipt of advice, guidance and delivery of legal obligations relating to the management and care of church buildings |
Name and Contact Details |
Legal Obligation, for example to discharge the requirements of Church Representation Rules. Legitimate interest, for example to ensuring that the parish is supported in its legal obligations relating to the care of church buildings |
Conduct of normal business |
|
Support of safeguarding activities. Including provision of safeguarding training and advice. |
Training and advice where needed in relation to safeguarding issues or other matters involving minors or vulnerable persons. Execution of safeguarding processes. |
Name and Contact Details DBS Check Information |
Legal Obligation, for example to ensure that all applicable legal obligations related to safeguarding responsibilities are complied with as required on a recurring basis and to maintain accurate records. Legitimate Interest, for example, to maintain capacity to provide suitably qualified safeguarders to meet requirements. |
As per the obligations and to keep an accurate record of safeguarding training undertaken and to send certificates; to inform safeguarding officers of upcoming courses to keep their training up to date. As per obligations to raise and track concerns with proper authorities. |
|
Monitoring of IT and telecommunications systems to maintain the integrity of the systems and prevent misuse |
Provide technical support to staff, and users of IT systems, email, mobile devices and telephones |
Identification Data Contact Data Technical Data |
Legitimate Interest, for example to maintain the security and safety of company data. |
Conduct of normal business |
|
Monitoring website |
Use of minimum website cookies required to facilitate core website function and any analytics service. |
Core data in relation to basic website traffic monitoring through Google analytics, including IP address and any other such personal information that might be submitted manually by the user via the website. |
Legitimate Interest, for example to improve technical performance and website visitors’ browsing experience |
Conduct of normal business to maintain service |
|
Educational work in church schools, academies and beyond |
Oversee work with schools. |
Name and Contact Details Sensitive school information including: school performance data, staffing, welfare, safeguarding etc. |
Legitimate interest, for example to assess performance records Contractual Performance, for example to enable recruitment and people management |
Conduct of normal business |
|
Consultation with key office holders (such as clergy, PCC Secretary, PCC Treasurer and Churchwardens) |
Communication and consultation with key personnel on matters affecting the parish such as church finances, statistics for mission data or procedural changes. |
Contact and Identification Details |
Legal Obligation, such as notification of a rule or guidance change to church business. Legitimate Interest, such as a notification on deadlines for the submission of parish statistics data. |
Normal conduct of business |
|
Visitor / attendee management |
Manage staff and visitor sign in to events. |
Name, contact information |
Legal Obligation, such as knowing who is onsite for fire safety requirements. Legitimate interest, to ensure visitors are known to the diocese and where required a record is available |
Normal conduct of business |
|
Using video and audio recordings from church meetings, including live streaming for worshippers who cannot attend. |
Video and audio used for recording and streaming church meetings |
Static and moving video images of individuals. Audio recordings of individuals. |
Implied consent. See section 4 above.
|
Normal conduct of business |
All Saints Church, Church Lane, Milton, Cambridge. CB24 6AB - Registered charity number: 1142388.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.