©Lasswade & Rosewell Church 2017 (v2)
Lasswade & Rosewell Parish Church (Church of Scotland) Scottish Charity number SC015878
Data Protection and Privacy Policies
Lasswade & Rosewell
Parish Church
The Churches of Lasswade and Rosewell.
Data Protection Policy.
We will process data in accordance with the GDPR and good data protection practice and will only use personal data for the purpose/s it was intended for.
We will store personal data in a safe and secure manner and only people who require that information for the smooth administration of the church will have access to it.
We will keep personal data up to date. Where a data subject reports an inaccuracy in the personal data we hold, if pertinent “we” will correct it and will inform any recipients of that personal data of the amendments.
We will process personal data securely by insuring confidentiality and integrity.
Individuals are entitled to make a request to us for a copy of the personal data that we hold about them. Requests should describe the information sought.
We will not send personal data to a third party or organisations unless the data subject has given us their authority to do so or otherwise permitted by law.
In the course of normal operations we will collect and process various personal data about various individuals, for example employees, members, parents, etc.
Training.
Personal data will be retained by us (for specifics on appropriate data retention please refer to Law Department or Safeguarding Department of the Church Office 121 George Street ), as long as we need to process it or for as long as the law requires us to keep it, in accordance with good data protection.
If there is a data breach (i.e. a breach of security which leads to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to, personal data transmitted, stored or otherwise processed). In the event of a data breach designated trained personnel will deal with the breach and resolve any issues arising from it.
Documents containing confidential or personal information should be disposed of either by shredding or by using confidential waste bins or sacks. With regards to electronic communications and other relevant information they should be disposed of by closing them and/or deleting them. This is not the same as archiving which is NOT the same as deletion. Deletion will refer to where there is no intention of ever using or accessing it again, despite the fact that is may still exist in the “electronic ether”. Information will be deemed to be put beyond use if the Congregation is not able or will not attempt to use it to inform any decision in respect of any individual or in a manner that affects the individual in any way and does not give any other organisation access to it.
We reserve the right to change this policy at any time where it is appropriate for us to do so. Notifications of these changes will be notified to the appropriate individuals.
PRIVACY POLICY
Church: Lasswade and Rosewell.
The General Data Protection Regulation (G.D.P.R.), is a new E.U. digital privacy regulation that came into effect on the 25th May 2018. This is a new set of laws designed to safeguard personal data.
Our organisation will only retain basic personal data for the purposes of well planned and structured administration.
It is emphasised that the churches of Lasswade and Rosewell does collect and/or store personal data of its membership or any other pertinent individual/s or groups for no reason other than for church purposes, and does not share any information with third parties.
As our churches are “a not for profit organisation” we are bound by the guidelines of the Information Commissioners Office.