St Mark’s Church Privacy Notice
St Marks Church referred to as “St Marks”, “we” or “us” for the purpose of this notice we are the data controllers.
We are working hard to serve our community a little better every day. Looking after the personal data you share with us is a hugely important part of this. We want you to be confident that your data is safe and secure with us and understand how we use it to offer you a better service.
What this Notice covers:
We are committed to doing the right thing when it comes to how we collect, use and protect your personal data. That’s why we’ve developed this Privacy Notice, which:
- sets out the types of personal data that we collect.
- explains how and why we collect and use your personal data.
- explains when and why we will share personal data within St Marks and with other organisations, and
- explains the rights and choices you have when it comes to your personal data.
We offer a wide range services to our community and visitors, so we want you to be clear about what this Policy covers. This Policy applies to you if you use our services (referred to in this Policy as “our Services”). Using our Services means:
- using the website (“Website”) where this Policy is posted.
- If you contact us or we contact you about our Services.
- When you come to our church and fill in a form we provide you.
- When you book Christening, wedding, or funeral service at St Marks.
Personal data we collect:
This section tells you what personal data we may collect from you when you use our Services and what other personal data we may receive from other sources.
When you submit a form to we provide or a general enquiry, you may provide us with:
- Your personal details, including your name, postal addresses, email addresses, phone numbers and title.
When you contact us or we contact you about our Services, we may collect:
- Personal data you provide about yourself anytime you contact us about our Services (for example, your name and contact details), including contacting us by phone, email or post.
- Details of the emails and other digital communications we send to you that you open, including any links in them that you click on; and
- Your feedback and contributions to improve our services.
When you contact us to register an interest in booking a special service, you may provide us with:
- Your personal details, including your name, postal addresses, email addresses, phone number.
How and why we use personal data:
This section explains in detail how and why we use personal data. In order to collect and process personal data about you we need to have a lawful basis. The main Lawful bases we rely on includes ‘Consent’ where you have provided you consent for us to use your information for a specific purpose, for example providing you information about upcoming church events ‘Contract’, where processing is necessary for the performance of a contract; and our ‘legitimate Interest’ where processing is in the interest of St Marks and we believe you would have a reasonable expectation for us to do this. We also rely on our legal obligations in Law, for example to announce your marriage bands.
We use personal data to:
Contact you about our services and to provide you with the service you have requested from us
We want to serve you better as a user of the facilities of St Marks, so we use personal data to provide clarification or assistance in response to your communications with us.
In order to resolve legal claims or disputes involving you or us.
For example, if you have any accident or there is an incident at St Marks. We have an obligation to complete an accident / near miss form which may contain health information if you were injured or hospitalised.
Sharing personal data with third parties:
We may on occasions pass your Personal Information to third parties exclusively to process work on our behalf. St Marks requires these parties to agree to process this information based on our instructions and requirements consistent with this Privacy Notice.
We do not broker or pass on information gained from your engagement with us without your consent. However, we may disclose your Personal Information to meet legal obligations, regulations or valid governmental request. We may also use your personal data to detect, prevent or mitigate fraud.
How do we protect personal data?
We know how important it is to protect and manage your personal data. This section sets out some of the measures we have in place.
- We apply physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal data.
- We protect the security of your information while it is being transmitted by password protected documents or encrypting.
- We use computer safeguards such as firewalls and data encryption to keep this data safe.
- We only authorise access to employees and trusted partners who need it to carry out their responsibilities.
- We regularly monitor our systems for possible vulnerabilities and attacks.
- We will ask for proof of identity before we share your personal data with you.
The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by companies operating outside the EEA who work for us or for one of our service providers. If we do this, we ensure that your privacy rights are respected in line with this Policy.
How long do we use personal data for?
We will not keep your personal data longer than we need to, how long this is, depends on several factors, including:
- Why we collected it in the first place.
- Whether there is a legal/regulatory reason for us to keep it.
- Whether we need to archive the information for historical public interest, or
- Whether we need it to protect you or us.
You can ask us to provide you with the retention schedule relating to your own personal data. We will provide this information in accordance with our policy and procedure for Data Subject Access Requests.
Your rights as a data subject
At any point whilst we are in possession of, or processing your data, you have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you, we will respond to you as quickly as possible but certainly within 4 weeks.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete. If you believe we hold inaccurate or missing information, please let us know and we will correct it.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records. There are several situations when you can have us delete your personal data, this includes (but is not limited to):
- When we no longer need to keep your personal data.
- You have successfully made a general objection.
- You have withdrawn your consent to us using your personal data (and we do not have any other grounds to use it).
- Right to restriction of processing – where certain conditions apply you have a right to restrict the processing. There are several situations when you can restrict our use of your personal data, this includes (but is not limited to):
- you have successfully made a general objection.
- you are challenging the accuracy of the personal data we hold.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing. If on balance, your rights outweigh our interests in using your personal data, then we will at your request either restrict our use of it or delete it.
- Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.
In the event that we refuse your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge.
Subject Access Rights
You have the right to see the personal data we hold about you. This is called a Data Subject Access Request (DSAR).
If you would like a copy of the personal data, we hold about you can use the on-line Data Subject Access Request Form please write to:
Data Protection Officer
St Marks Church
St Marks Road
Jersey JE2 4LY
You can also email us at Office@stmarksjersey.com
To access what personal data is held, identification will be required
We will accept the following forms of ID when information on your personal data is requested: a copy of your national ID card, driving license or passport. A minimum of one piece of photographic ID listed above and a supporting document is required such as a utility bill not older than three months. If we are dissatisfied with the quality of ID provided, further information may be sought before personal data can be released.
All requests should be made to Office@stmarksjersey.com or in writing to us at the address above. We will respond to your request within a four-week period, once your identification has been verified.
If you have any questions or comments about our Privacy Notice or how we use your information, please contact our Data Protection Officer:
Paul Byrne, at:
De Carteret House
7 Castle Street
Jersey JE2 3BT
Telephone: 01534 488235 Email: DPO@Propelfwd.com
If you wish to make a compliant about how your personal data is being processed by us, you have the right to complain to our Data Protection Officer. If you do not get a response within 30 days or are dissatisfied with the response, you can complain to the Office of the Information Commissioner.
The details for each of these contacts are:
Office of the Information Commissioner – Jersey
2nd Floor, 5 Castle St, St Helier, Jersey JE2 3BT
Telephone +44 (0) 1534 716530 or Email: firstname.lastname@example.org