SUMMARY PRIVACY STATEMENT – Read full statement >>

FOR THE ROMAN CATHOLIC ARCHDIOCESE OF SOUTHWARK

1                  INTRODUCTION

  • The Roman  Catholic  Archdiocese  of  Southwark  (the  “Diocese”)  is  a  charity  registered  with  the  Charity

Commission in England and Wales. The Diocese is the Data Controller.

  • When you provide us with Personal Data in order to engage with us and/or benefit from our activities, we will keep  a  record  of  the  data  you  give  to  us  in  order  to  enable  us  to  comply  with  our  statutory obligations.
  • Everyone has rights with regard to how their Personal Data is handled by organisations. This Statement applies to information about living identifiable individuals only.

2                  WHAT PERSONAL DATA DO WE HOLD ABOUT YOU?

We may hold a range of different types of personal data about you including some/all of the following:

  • Name, contact details, gender, age, date of birth, marital status, nationality and information about your family and any dependants and your education/work history, training and professional qualifications;
  • Information about your current involvement in Diocese activities and events;
  • Financial information (e.g. bank details) and details of any donations you have made to us in the past;
  • Information obtained as a result of any background checks on clergy, employees and volunteers;
  • CCTV recordings and photographs;
  • Information we collect through your use of our website(s), such as IP addresses;
  • Special category personal data;
  • Any other information which you choose to provide to us.

We  may  also  receive  Personal  Data  about  you  from  third  parties,  for  example,  your  family  members,  other parishioners,  other  dioceses,  medical  professionals,  local  authorities,  government  departments,  schools,  the police and other law enforcement bodies.

3                  HOW AND WHY DO WE PROCESS YOUR PERSONAL DATA?

The Personal Data which we hold about you may be processed in a number of ways, for example:

  • to communicate with you in relation to news about or activities and events taking place in the Diocese or in any diocesan parish, including seeking feedback and informing you of any changes to our activities;
  • to improve  our  activities  and  the  way  we  communicate  with  you  including  our  website  or  the  website  of  any parish;
  • to carry out our activities, from weddings and funerals to general pastoral and spiritual care;
  • to process  donations  that  you  may  make  to  us  or  other  payments  where,  for  example,  you  hire  facilities belonging to the Diocese;
  • to administer, support, improve and develop the administration of the Diocese’s work and to keep records up-to- date;
  • to process applications from you, including grant applications and applications for a role within the Diocese;
  • to identify potential additional sources of fundraising;
  • for audit and statistical purposes;
  • to ensure we comply with our legal obligations;
  • in the case of CCTV recordings, to prevent or detect crime, and to help create a safer environment for our staff, parishioners and visitors;
  • to deliver training and education;
  • to ensure other volunteers in your group/rota can contact you

4                  ON WHAT GROUNDS DO WE PROCESS YOUR PERSONAL DATA?

We must have a lawful basis for processing your information; this will vary according to the circumstances of how and why we have your information but typical examples include:

  • the activities are within our legitimate interests in advancing and maintaining the Roman Catholic religion;
  • you have given consent for us to process your information;
  • we are carrying out necessary steps in relation to a contract to which you are party or prior to you entering into a contract;
  • the processing is necessary for compliance with a legal obligation;
  • the processing is necessary for carrying out a task in the public interest; or
  • to protect your vital interests;
  • If we process any Special Categories of Personal Data we must have a further lawful basis for the processing –

please see the full Privacy Statement.

We will only use your Personal Data within the Diocese for the purposes for which it was obtained, unless you have  explicitly  agreed  that  we  may  share  your  Personal  Data  with  another  organisation  or  unless  we  are otherwise  permitted  or  required  to  under  the  Data  Protection  Rules  or  order  of  a  Court  or  other  competent regulatory body or as set out in this Statement.

We may share your information with government bodies for tax purposes or law enforcement agencies for the prevention and detection of crime.  Sometimes the Diocese contracts with third parties whom we ask to process Personal Data on our behalf and we require these third parties to comply strictly with our instructions and with the  GDPR.  We  have  in  place  administrative,  technical  and  physical  measures  designed  to  guard  against  and minimise the risk of loss, misuse or unauthorised processing or disclosure of the Personal Data that we hold.

5                  HOW LONG WILL WE KEEP YOUR INFORMATION FOR?

Your information will be kept in accordance with our Retention & Disposal of Records Policy and/or as required by law. In any event, we will endeavour to only keep Personal Data for as long as is necessary and to delete it when it is no longer so.

6                  YOUR RIGHTS

You  have  rights  in  respect  of  the  Personal  Data  you  provide  to  us.   However,  please  note  that  some  of  these rights below may be limited in some situations:

  • To make a subject access request (SAR).
  • To withdraw your consent;
  • the right to ask that any inaccuracies in your Personal Data are corrected;
  • the right to have us restrict the processing of all or part of your Personal Data;
  • the right to ask that we delete your Personal  Data  where  there is no compelling  reason  for us to continue  to process it;
  • the right to object to us processing your Personal Data for direct marketing purposes; and
  • the right  not  to  be  subject  to  legal  or  other  significant  decisions  being  taken  about  you  on  the  basis  of  an automated process.

7                  CONTACT DETAILS

If you have any questions, require further information about how we protect your Personal Data, if you wish to exercise any of the above rights or if you would like to provide feedback or make a complaint about the use of your information, please contact the Diocesan Data Protection Officer (DPO):

Sarah Williams

Roman Catholic Archdiocese of Southwark

Finance Office

59 Westminster Bridge Road

London

SE1 7JE

Tel: 020 7960 2500

Email: dpo@finance-rcdsouthwark.org