DATA PRIVACY NOTICE

Perth Cathedral, St Ninian’s

Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”)1.

Who are we?

The treasurer, administrator, vestry secretary and the clergy are each a data controller (contact details below). This means that they each decide how your personal data is processed and for what purposes.

How do we process your personal data?

The treasurer, administrator, vestry secretary and the clergy comply with their obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical and organisational measures are in place to protect personal data.

We use your personal data for the following purposes: -

  • For members of the clergy - To provide pastoral care to the congregation and to administer records such as the congregational roll.
  • For the treasurer, administrator and vestry secretary -
    • To administer membership records;
    • To fundraise and promote the interests of the charity;
    • To process gift aid applications;
    • To manage our employees and volunteers;
    • To maintain our own accounts and records;
    • To enable us to provide a voluntary service for the benefit of the public;
  • To inform individuals of news, events, activities or services running at Perth Cathedral, St Ninian’s.

What is the legal basis for processing your personal data?

Article 6 processing

Consent of the data subject; *
This is so that we can keep you informed about news, events, activities, services and other events throughout the Scottish Episcopal Church via email telephone and text.

Processing is necessary for our legitimate interests. This means that we can process your personal data if (i) we have a genuine and legitimate reason; and (ii) are not harming any of your rights and interests. Our legitimate interests include: processing for the purposes of church administration; processing your gift aid donations and fundraising.

Article 9 Processing

Explicit consent of the data subject.

☒ Processing is carried out by a not-for-profit body with a political, philosophical, religious or trade union aim provided: -

  • the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes); and
  • there is no disclosure to a third party without consent.

☒ Processing is necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement.

☒ Processing relates to personal data manifestly made public by the data subject.

Sharing your personal data

Your personal data will be treated as strictly confidential, and will be shared only with members of the vestry and clergy and staff of the congregation, the diocesan office and, if you are appointed to a role within the congregation or diocese, with the General Synod Office.

If you serve on any committee or take on any duty, rota or role within the congregation, your personal data may be shared with other members of the congregation. You will be informed if your personal data will be shared more widely.

We may also share your information or disclose it to third parties where required to comply with any court order or other legal obligation or when data is requested by government or law enforcement authorities, to enforce any agreements, or to protect the rights, property or safety of us, members of the congregation or others.

How long do we keep your personal data?

We keep data in accordance with the guidance provided by the Scottish Episcopal Church. We retain congregational roll data while it is still current and historic records are held in our archive for 6 years; gift aid declarations and associated paperwork for up to 7 years after the tax year to which they relate; and church registers [baptisms, marriages, funerals] permanently.

Your rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: -

  • The right to request a copy of your personal data which the clergy, treasurer, administrator and vestry secretary of Perth Cathedral hold about you;
  • The right to request that the clergy, treasurer, administrator and vestry secretary of Perth Cathedral correct any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for the clergy ,treasurer, administrator and vestry secretary of Perth Cathedral to retain such data;
  • The right to withdraw your consent to the processing at any time.
  • The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable) [Only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means].
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data, (where applicable) [Only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics]
  • The right to lodge a complaint with the Information Commissioners Office.

Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

Photography at Perth Cathedral, St Ninian’s

Photographs are taken at Perth Cathedral for the purposes of documenting and promoting the life of the Church.

As photographs including identifiable natural persons constitute personal data, the Vestry use your personal data to promote the interests of the charity and to enable us to provide a voluntary service for the benefit of the public.

The legal basis for processing photographic data is both explicit consent and in the legitimate interests of the charity.

Portrait photographs consisting of a small group of people are processed with explicit consent.

Processing of wide-angle views of the congregation and larger groups are deemed legitimate interests of the charity.

Our legitimate interests include keeping members informed of church activities through our Website and social media (Facebook page).

Sharing Photographs

Photographs made may be shared on our website and social media (Facebook page).

The Vestry shares copyright with the photographer. Photographs will be assigned the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC-nc-nd-4.0) copyright licence by default, which in summary permits reuse as long as that reuse attributes the source of the images, without alteration, for non-commercial use.

As such, photographs of notable events may be shared with the Diocese and General Synod Office for use on the Diocesan and Provincial websites also.

Contact Details

To exercise all relevant rights, queries or complaints please contact the Vestry Secretary / Church Administrator or the Provost at Cathedral Office, North Methven Street, Perth PH! 5PP.

Tel 01738 632057, email This email address is being protected from spambots. You need JavaScript enabled to view it.

*A consent form for Perth Cathedral is available from the vestry secretary/ administrator at the above address.

You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

1At the time of going to press the new Data Protection Bill, which incorporates the GDPR into national law, is on its journey through parliament. The final form of this legislation is not yet known, we have therefore referred to the GDPR as the relevant legislation