The Parochial Church Council (PCC) of Godalming Minster is committed to respecting your privacy and to complying with applicable data protection and privacy laws. We have provided this Data Privacy Policy to help you understand how we collect, use and protect your personal data when you provide it to us. Our use of any personal data is governed by the General Data Protection Regulation 2016/679 (GDPR) and the Data Protection Act 2018.
We are the Ecclesiastical Parish of Godalming Minster and our PCC is the Data Controller of any personal data we hold. This means that it decides, within the regulations, how your personal data is processed and for what purposes.
“Personal data” is any information about a living individual which allows them to be identified from that data alone or in conjunction with any other information. We currently collect the following information:
Names, titles and photographs
Contact details including telephone numbers, postal and email addresses
Date of birth, gender, marital status and family groupings
Financial and bank account details
Health information
Information necessary to process a DBS check, including details of criminal offences
Religious belief may be inferred from the fact that we hold your data
We comply with our legal obligations by keeping personal data up to date; by storing it securely and destroying it when no longer required; by not collecting or retaining excessive amounts of data; by keeping personal data secure; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate physical and technical measures are in place to protect personal data.
We may use your personal data for the following purposes:
To deliver the Godalming Minster’s mission of following Jesus, loving people and renewing faith;
To enable us to meet all legal and statutory obligations (which include maintaining and publishing our electoral roll in accordance with the Church Representation Rules);
To comply with safeguarding procedures with the aim of ensuring that all children and vulnerable adults are provided with safe environments;
To minister to you and provide you with pastoral and spiritual care (such as visiting you when you are gravely ill or bereaved) and to organise and perform ecclesiastical services for you, such as baptisms, confirmations, weddings and funerals;
To inform you of news, events, activities and services running across the Minster, and to send you other communications which may be of interest to you. These may include information about campaigns, appeals and other fundraising activities;
To seek your views or comments;
To operate the Godalming Minster website. We use cookies on our website to improve its functional performance; you can manage these cookies by activating the setting on your Internet browser that allows you to refuse the setting of all or some cookies;
To include your details on rotas and generally in connection with any role you may perform within the Minster;
To publish selected details (with your consent) in our notices, parish magazines or on our website;
To maintain our own accounts and to process donations, including Gift Aid applications;
To administer our records, including storing your information on our database. We may also publish your contact details in our online Church Directory, but only ever with your explicit consent;
To manage our employees and volunteers, and to process applications for such roles;
To fundraise and promote the interests of the Godalming Minster;
To collect data on attendance for pastoral care and to assist with our future planning by monitoring trends;
To operate church online via our YouTube channel, Zoom or other platforms;
To process your booking to visit our churches and associated buildings, including our services or other events;
To respond to and keep a record of any of your enquiries, requests for information or other communications from you;
Any other processing for which you have given your consent.
Our processing also includes the use of CCTV systems for the prevention and prosecution of crime.
Some of your data is processed because it is necessary for our legitimate interests, or the legitimate interests of a third party (such as another organisation in the Church of England). Our legitimate interests will normally be the administration of the Minster or pastoral care. We will always take into account your interests, rights and freedoms.
Some of our processing is necessary for compliance with a legal obligation. For example, we are required by the Church Representation Rules to administer and publish the electoral roll, and under Canon Law to announce forthcoming weddings by means of the publication of banns.
We may also process data if it is necessary for the performance of a contract with you, or to take steps to enter into a contract. An example of this would be processing your data in connection with the hire of church facilities, or under a contract of employment.
Religious organisations are also permitted to process information about your religious beliefs to administer membership or contact details, provided this information is not passed to a third party without your consent.
In all other cases, the legal basis is your consent, which we will obtain prior to using your personal data.
Your personal data will be treated as strictly confidential. It will only be shared with third parties where it is necessary for the performance of our tasks or else where you give us your prior consent. It is likely that we will need to share your data with some or all of the following (but only where necessary):
We keep data in accordance with the guidance provided by the Church of England. We will keep some records permanently if we are legally required to do so, such as parish registers (baptisms, marriages, funerals). We may keep some other records for an extended period of time. For example, we will keep financial records for a minimum period of 7 years to support HMRC audits. In general, we will endeavour to keep data only for as long as we need it. This means that we may delete it when it is no longer needed or if you ask us to remove your information.
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
When exercising any of the rights listed above, in order to process your request we may need to verify your identity for your security. In such cases, we will need you to respond with proof of your identity before you can exercise these rights.
Any electronic personal data transferred to IT systems outside the United Kingdom will only be placed on systems which provide the equivalent protection of personal rights as required in the United Kingdom. Our website is also accessible from overseas so on occasion some personal data (for example in a newsletter) may be accessed from abroad.
If we wish to use your personal data for a new purpose, not covered by this Privacy Policy, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
We keep this Privacy Policy under regular review and will place any updates on this web page. This notice was last updated on 23rd January 2024.
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Cookies
If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
– Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
– Who we share your data with
If you request a password reset, your IP address will be included in the reset email.
– How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
– What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
– Where your data is sent
Visitor comments may be checked through an automated spam detection service.