PRIVACY POLICY
Privacy Notice
Yester, Bolton and Saltoun Church, Scottish Charity No. SC015414 (the “Congregation”)
Purpose of this Notice
This Privacy Notice outlines the way in which the Congregation will use personal information provided to us. Personal information includes any information that identifies you personally, such as your name, address, email address or telephone number.
The Congregation recognises the importance of your privacy and personal information and we have therefore outlined below how we use, disclose and protect this information. The Congregation, jointly with the Presbytery of Lothian is the data controller, because we decide how your data are processed and for what purpose. Contact details for us are provided below.
How we use information
We use the information you give to us:
Disclosure of information
The Congregation will only share your personal information where this is necessary for the purposes set out above. Information will not be shared with any third party outwith the Church of Scotland without your consent unless we are obliged or permitted to do so by law.
Basis for processing personal information
The Congregation processes your information in the course of its legitimate activities, with appropriate safeguards in place, as a not-for-profit body with a religious aim and on the basis that our processing relates solely to members, former members or people who have regular contact with us, and that this information is not disclosed to any third party without your consent.
We also process information where this is necessary for compliance with our legal obligations; where processing is necessary for the purposes of our legitimate interests and such interests are not overridden by your interests or fundamental rights and freedoms; and where you have given consent to the processing of your information for a particular purpose.
Storage and security of personal information
The Congregation will strive to ensure that personal information is accurate and held in a secure and confidential environment. We will keep your personal information for as long as you are a member or adherent or have regular contact with us or so long as we are obliged to keep it by law or may need it in order to respond to any questions or complaints or to show that we treated you fairly. We may also keep it for statistical purposes but if so we will only use it for that purpose. When the information is no longer needed it will be securely destroyed or permanently rendered anonymous. A copy of our data retention policy is below.
Getting a copy of your personal information
You can request details of the personal information which the Congregation holds about you by contacting us using the contact details given below.
Inaccuracies and Objections
If you believe that any information the Congregation holds about you is incorrect or incomplete or if you do not wish your personal information to be held or used by us please let us know. Any information found to be incorrect will be corrected as quickly as possible.
You have the right to object to our use of your personal information, or to ask us to remove or stop using your personal information if there is no need for us to keep it. There may be legal or other reasons why we need to keep or use your data, but please tell us if you think that we should not be using it.
If we are processing your data on the basis of your explicit consent, you can withdraw your consent at any time. Please contact us if you want to do so.
Contact us
You can contact us by getting in touch with Wendy Ferguson, at [email protected] and 07538 787066.
How to complain
You have the right to complain to the Information Commissioner’s Office about anything relating to the processing of your personal information by the Congregation. You can contact the ICO via its website at www.ico.org.uk or at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
DATA RETENTION POLICY
1. Introduction
1.1. Church of Scotland congregations gather personal information from individuals and external organisations as well as generating a wide range of personal data, all of which is recorded in documents and records, both in hard copy and electronic form.
1.2. Examples of the types of information accumulated and generated are set out in Appendix 1 of this policy and include but are not limited to minutes of Kirk Session meetings; membership rolls; baptismal information; employment records; newsletters and other communications such as letters and emails.
1.3. In certain circumstances it will be necessary to retain documents to meet legal requirements and for operational needs. Document retention is also required to evidence agreements or events and to preserve information.
1.4. It is, however, not practical or appropriate for congregations to retain all records. Additionally, data protection principles require information to be as up to date and accurate as possible. It is therefore important that congregations have in place systems for the timely and secure disposal of documents that are no longer required.
1.5. This Data Retention Policy was adopted by the Congregation on 29 May 2018 and will be implemented on a day-to-day basis.
2. Roles and Responsibilities
2.1 Congregational office bearers and those involved with safeguarding will adopt the retention and disposal guidance at Appendix 1 of this policy and strive to keep records up to date.
2.1 Advice will be obtained from the Law Department or Safeguarding Department of the Church Office at 121 George Street if there is uncertainty about retention periods.
3. Retention and Disposal Policy
3.1. Decisions relating to the retention and disposal of data should be guided by:
3.1.1. Appendix 1 – Document Retention Schedule – Guidance on the recommended and statutory minimum retention periods for specific types of documents and records.
3.1.2. Appendix 2 – Quick Guide to document retention.
3.2. In circumstances where the retention period for a specific document or category of documents has expired, a review should be carried out prior to disposal and consideration should be given to the method of disposal.
4. Disposal
4.1. Documents containing confidential or personal information should be disposed of either by shredding or by using confidential waste bins or sacks. Such documentation is likely to include financial details, contact lists with names and addresses and pastoral information.
4.2. Documents other than those containing confidential or personal information may be disposed of by recycling or binning.
4.3. Electronic communications including email, Facebook pages, twitter accounts etc. and all information stored digitally should also be reviewed and if no longer required, closed and/or deleted so as to be put beyond use. This should not be done simply by archiving, which is not the same as deletion. It will often be sufficient simply to delete the information, with no intention of ever using or accessing it again, despite the fact that it may still exist in the electronic ether. Information will be deemed to be put beyond use if the Congregation is not able, or will not attempt, to use it to inform any decision in respect of any individual or in a manner that affects the individual in any way and does not give any other organisation access to it.
4.4. Deletion can also be effected by using one of the following methods of disposal:
Yester, Bolton and Saltoun Church, Scottish Charity No. SC015414 (the “Congregation”)
Purpose of this Notice
This Privacy Notice outlines the way in which the Congregation will use personal information provided to us. Personal information includes any information that identifies you personally, such as your name, address, email address or telephone number.
The Congregation recognises the importance of your privacy and personal information and we have therefore outlined below how we use, disclose and protect this information. The Congregation, jointly with the Presbytery of Lothian is the data controller, because we decide how your data are processed and for what purpose. Contact details for us are provided below.
How we use information
We use the information you give to us:
- to administer membership records, including a Communion Roll and Supplementary Roll;
- for pastoral care purposes;
- in relation to participation in Congregational activities ;
- to provide you with information about news, events, and activities within the Congregation or the wider Church of Scotland;
- to provide the services of a parish church to the local community;
- to fulfill contractual or other legal obligations;
- to manage our employees;
- to further our charitable aims, for example through fundraising activities;
- to maintain our accounts and records (including the processing of Gift Aid applications);
- if CCTV is in place we have this for the prevention and detection of crime.
Disclosure of information
The Congregation will only share your personal information where this is necessary for the purposes set out above. Information will not be shared with any third party outwith the Church of Scotland without your consent unless we are obliged or permitted to do so by law.
Basis for processing personal information
The Congregation processes your information in the course of its legitimate activities, with appropriate safeguards in place, as a not-for-profit body with a religious aim and on the basis that our processing relates solely to members, former members or people who have regular contact with us, and that this information is not disclosed to any third party without your consent.
We also process information where this is necessary for compliance with our legal obligations; where processing is necessary for the purposes of our legitimate interests and such interests are not overridden by your interests or fundamental rights and freedoms; and where you have given consent to the processing of your information for a particular purpose.
Storage and security of personal information
The Congregation will strive to ensure that personal information is accurate and held in a secure and confidential environment. We will keep your personal information for as long as you are a member or adherent or have regular contact with us or so long as we are obliged to keep it by law or may need it in order to respond to any questions or complaints or to show that we treated you fairly. We may also keep it for statistical purposes but if so we will only use it for that purpose. When the information is no longer needed it will be securely destroyed or permanently rendered anonymous. A copy of our data retention policy is below.
Getting a copy of your personal information
You can request details of the personal information which the Congregation holds about you by contacting us using the contact details given below.
Inaccuracies and Objections
If you believe that any information the Congregation holds about you is incorrect or incomplete or if you do not wish your personal information to be held or used by us please let us know. Any information found to be incorrect will be corrected as quickly as possible.
You have the right to object to our use of your personal information, or to ask us to remove or stop using your personal information if there is no need for us to keep it. There may be legal or other reasons why we need to keep or use your data, but please tell us if you think that we should not be using it.
If we are processing your data on the basis of your explicit consent, you can withdraw your consent at any time. Please contact us if you want to do so.
Contact us
You can contact us by getting in touch with Wendy Ferguson, at [email protected] and 07538 787066.
How to complain
You have the right to complain to the Information Commissioner’s Office about anything relating to the processing of your personal information by the Congregation. You can contact the ICO via its website at www.ico.org.uk or at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
DATA RETENTION POLICY
1. Introduction
1.1. Church of Scotland congregations gather personal information from individuals and external organisations as well as generating a wide range of personal data, all of which is recorded in documents and records, both in hard copy and electronic form.
1.2. Examples of the types of information accumulated and generated are set out in Appendix 1 of this policy and include but are not limited to minutes of Kirk Session meetings; membership rolls; baptismal information; employment records; newsletters and other communications such as letters and emails.
1.3. In certain circumstances it will be necessary to retain documents to meet legal requirements and for operational needs. Document retention is also required to evidence agreements or events and to preserve information.
1.4. It is, however, not practical or appropriate for congregations to retain all records. Additionally, data protection principles require information to be as up to date and accurate as possible. It is therefore important that congregations have in place systems for the timely and secure disposal of documents that are no longer required.
1.5. This Data Retention Policy was adopted by the Congregation on 29 May 2018 and will be implemented on a day-to-day basis.
2. Roles and Responsibilities
2.1 Congregational office bearers and those involved with safeguarding will adopt the retention and disposal guidance at Appendix 1 of this policy and strive to keep records up to date.
2.1 Advice will be obtained from the Law Department or Safeguarding Department of the Church Office at 121 George Street if there is uncertainty about retention periods.
3. Retention and Disposal Policy
3.1. Decisions relating to the retention and disposal of data should be guided by:
3.1.1. Appendix 1 – Document Retention Schedule – Guidance on the recommended and statutory minimum retention periods for specific types of documents and records.
3.1.2. Appendix 2 – Quick Guide to document retention.
3.2. In circumstances where the retention period for a specific document or category of documents has expired, a review should be carried out prior to disposal and consideration should be given to the method of disposal.
4. Disposal
4.1. Documents containing confidential or personal information should be disposed of either by shredding or by using confidential waste bins or sacks. Such documentation is likely to include financial details, contact lists with names and addresses and pastoral information.
4.2. Documents other than those containing confidential or personal information may be disposed of by recycling or binning.
4.3. Electronic communications including email, Facebook pages, twitter accounts etc. and all information stored digitally should also be reviewed and if no longer required, closed and/or deleted so as to be put beyond use. This should not be done simply by archiving, which is not the same as deletion. It will often be sufficient simply to delete the information, with no intention of ever using or accessing it again, despite the fact that it may still exist in the electronic ether. Information will be deemed to be put beyond use if the Congregation is not able, or will not attempt, to use it to inform any decision in respect of any individual or in a manner that affects the individual in any way and does not give any other organisation access to it.
4.4. Deletion can also be effected by using one of the following methods of disposal:
- Using secure deletion software which can overwrite data;
- Using the function of “restore to factory settings” (where information is not stored in a removable format);
- Sending the device to a specialist who will securely delete the data.
Appendix 1 Data Retention Schedule
(Safeguarding records are held by Yester, Bolton and Saltoun congregation).
Record and Retention Period
Minutes of Meetings – 6 years
Kirk Session Minutes – 50 years - permanent. After 50 years pass the minutes to the principal clerk’s office, who then liaise with the National Records of Scotland for archiving.
Pre-employment enquiries, applications, letters, references – 6 months after completion of recruitment, unless data to be retained for future similar opportunity, in which case 1 year
Congregational Roll – 100 years
Certificates of Transference/Lines – 100 years
Employee/appointments records including: contracts, time records etc - Duration of employment plus 7 years
Volunteer records – Duration of placement plus 7 years
Databases for mailing lists, distribution – Reviewed annually and out-of-date information deleted
Miscellaneous contact information – Delete when there is no longer a requirement for the information
Documents relating to litigation or potential litigation – Until matter is concluded plus 7 years
Hazardous material exposures – 30 years
Injury and illness incident reports (RIDDOR) – 5 years
Pension plans and retirement records – Permanent
Salary schedules, ranges for each job description – 2 years
Payroll records – Minimum 7 years, no maximum
Contracts – 7 years following expiration
Construction documents – Permanent
Fixed asset records – Permanent
Application for charitable and/or tax exempt status – Permanent
Sales and purchase records – 5 years
Resolutions – Permanent
Audit and review work papers – 5 years from the end of the period in which the audit or review was concluded
OSCR filings – 5 years from date of filing
Records of financial donations – 7 years
Accounts Payable and Receivables ledgers and schedules – 7 years
Annual audit reports and financial statements – Permanent
Annual plans and budgets – 2 years
Bank statements, cancelled cheques, deposit slips – Minimum of 7 years
Business expense records – 7 years
Cash/ cheque receipts – 7 years
Electronic fund transfer documents – 7 years
Employee expense reports – 7 years
General ledgers – Permanent
Journal entries – 7 years
Invoices – 7 years
Petty cash vouchers – 7 years
Tax records – Minimum 7 years
Filings of fees paid to professionals – 7 years
Environmental studies – Permanent
Insurance claims/applications – Permanent
Insurance contracts and policies (Directors and Officers, General Liability, Property, Workers' Compensation) – Permanent
Leases – 7 years after expiration
Property/buildings documentation (including loan and mortgage contracts, title deeds) – Permanent
Warranties – Duration of warranty plus 7 years
Records relating to potential or actual legal proceedings – Conclusion of any tribunal or litigation proceedings plus 7 years
(Safeguarding records are held by Yester, Bolton and Saltoun congregation).
Record and Retention Period
Minutes of Meetings – 6 years
Kirk Session Minutes – 50 years - permanent. After 50 years pass the minutes to the principal clerk’s office, who then liaise with the National Records of Scotland for archiving.
Pre-employment enquiries, applications, letters, references – 6 months after completion of recruitment, unless data to be retained for future similar opportunity, in which case 1 year
Congregational Roll – 100 years
Certificates of Transference/Lines – 100 years
Employee/appointments records including: contracts, time records etc - Duration of employment plus 7 years
Volunteer records – Duration of placement plus 7 years
Databases for mailing lists, distribution – Reviewed annually and out-of-date information deleted
Miscellaneous contact information – Delete when there is no longer a requirement for the information
Documents relating to litigation or potential litigation – Until matter is concluded plus 7 years
Hazardous material exposures – 30 years
Injury and illness incident reports (RIDDOR) – 5 years
Pension plans and retirement records – Permanent
Salary schedules, ranges for each job description – 2 years
Payroll records – Minimum 7 years, no maximum
Contracts – 7 years following expiration
Construction documents – Permanent
Fixed asset records – Permanent
Application for charitable and/or tax exempt status – Permanent
Sales and purchase records – 5 years
Resolutions – Permanent
Audit and review work papers – 5 years from the end of the period in which the audit or review was concluded
OSCR filings – 5 years from date of filing
Records of financial donations – 7 years
Accounts Payable and Receivables ledgers and schedules – 7 years
Annual audit reports and financial statements – Permanent
Annual plans and budgets – 2 years
Bank statements, cancelled cheques, deposit slips – Minimum of 7 years
Business expense records – 7 years
Cash/ cheque receipts – 7 years
Electronic fund transfer documents – 7 years
Employee expense reports – 7 years
General ledgers – Permanent
Journal entries – 7 years
Invoices – 7 years
Petty cash vouchers – 7 years
Tax records – Minimum 7 years
Filings of fees paid to professionals – 7 years
Environmental studies – Permanent
Insurance claims/applications – Permanent
Insurance contracts and policies (Directors and Officers, General Liability, Property, Workers' Compensation) – Permanent
Leases – 7 years after expiration
Property/buildings documentation (including loan and mortgage contracts, title deeds) – Permanent
Warranties – Duration of warranty plus 7 years
Records relating to potential or actual legal proceedings – Conclusion of any tribunal or litigation proceedings plus 7 years
Appendix 2 General guidance for documents NOT included in the retention schedule.
On-going business use is subjective, but generally refers to documents still required for on-going projects, or documents that may still need to be referred to for on-going activities.