Summary Privacy Statement
FOR THE ROMAN CATHOLIC ARCHDIOCESE OF SOUTHWARK
- The Roman Catholic Archdiocese of Southwark (the “Diocese”) is a charity registered with the Charity
Commission in England and Wales. The Diocese is the Data Controller.
- When you provide us with Personal Data in order to engage with us and/or benefit from our activities, we will keep a record of the data you give to us in order to enable us to comply with our statutory obligations.
- Everyone has rights with regard to how their Personal Data is handled by organisations. This Statement applies to information about living identifiable individuals only.
2 WHAT PERSONAL DATA DO WE HOLD ABOUT YOU?
We may hold a range of different types of personal data about you including some/all of the following:
- Name, contact details, gender, age, date of birth, marital status, nationality and information about your family and any dependants and your education/work history, training and professional qualifications;
- Information about your current involvement in Diocese activities and events;
- Financial information (e.g. bank details) and details of any donations you have made to us in the past;
- Information obtained as a result of any background checks on clergy, employees and volunteers;
- CCTV recordings and photographs;
- Information we collect through your use of our website(s), such as IP addresses;
- Special category personal data;
- Any other information which you choose to provide to us.
We may also receive Personal Data about you from third parties, for example, your family members, other parishioners, other dioceses, medical professionals, local authorities, government departments, schools, the police and other law enforcement bodies.
3 HOW AND WHY DO WE PROCESS YOUR PERSONAL DATA?
The Personal Data which we hold about you may be processed in a number of ways, for example:
- to communicate with you in relation to news about or activities and events taking place in the Diocese or in any diocesan parish, including seeking feedback and informing you of any changes to our activities;
- to improve our activities and the way we communicate with you including our website or the website of any parish;
- to carry out our activities, from weddings and funerals to general pastoral and spiritual care;
- to process donations that you may make to us or other payments where, for example, you hire facilities belonging to the Diocese;
- to administer, support, improve and develop the administration of the Diocese’s work and to keep records up-to- date;
- to process applications from you, including grant applications and applications for a role within the Diocese;
- to identify potential additional sources of fundraising;
- for audit and statistical purposes;
- to ensure we comply with our legal obligations;
- in the case of CCTV recordings, to prevent or detect crime, and to help create a safer environment for our staff, parishioners and visitors;
- to deliver training and education;
- to ensure other volunteers in your group/rota can contact you
4 ON WHAT GROUNDS DO WE PROCESS YOUR PERSONAL DATA?
We must have a lawful basis for processing your information; this will vary according to the circumstances of how and why we have your information but typical examples include:
- the activities are within our legitimate interests in advancing and maintaining the Roman Catholic religion;
- you have given consent for us to process your information;
- we are carrying out necessary steps in relation to a contract to which you are party or prior to you entering into a contract;
- the processing is necessary for compliance with a legal obligation;
- the processing is necessary for carrying out a task in the public interest; or
- to protect your vital interests;
- If we process any Special Categories of Personal Data we must have a further lawful basis for the processing –
please see the full Privacy Statement.
We will only use your Personal Data within the Diocese for the purposes for which it was obtained, unless you have explicitly agreed that we may share your Personal Data with another organisation or unless we are otherwise permitted or required to under the Data Protection Rules or order of a Court or other competent regulatory body or as set out in this Statement.
We may share your information with government bodies for tax purposes or law enforcement agencies for the prevention and detection of crime. Sometimes the Diocese contracts with third parties whom we ask to process Personal Data on our behalf and we require these third parties to comply strictly with our instructions and with the GDPR. We have in place administrative, technical and physical measures designed to guard against and minimise the risk of loss, misuse or unauthorised processing or disclosure of the Personal Data that we hold.
5 HOW LONG WILL WE KEEP YOUR INFORMATION FOR?
Your information will be kept in accordance with our Retention & Disposal of Records Policy and/or as required by law. In any event, we will endeavour to only keep Personal Data for as long as is necessary and to delete it when it is no longer so.
6 YOUR RIGHTS
You have rights in respect of the Personal Data you provide to us. However, please note that some of these rights below may be limited in some situations:
- To make a subject access request (SAR).
- To withdraw your consent;
- the right to ask that any inaccuracies in your Personal Data are corrected;
- the right to have us restrict the processing of all or part of your Personal Data;
- the right to ask that we delete your Personal Data where there is no compelling reason for us to continue to process it;
- the right to object to us processing your Personal Data for direct marketing purposes; and
- the right not to be subject to legal or other significant decisions being taken about you on the basis of an automated process.
7 CONTACT DETAILS
If you have any questions, require further information about how we protect your Personal Data, if you wish to exercise any of the above rights or if you would like to provide feedback or make a complaint about the use of your information, please contact the Diocesan Data Protection Officer (DPO):
Roman Catholic Archdiocese of Southwark
59 Westminster Bridge Road
Tel: 020 7960 2500