DATA PRIVACY NOTICE – HOW WE USE YOUR PERSONAL INFORMATION
EDINBURGH CHURCHES FOR SANCTUARY
This privacy notice explains the way in which Edinburgh Churches for Sanctuary uses, or “processes” personal data. Personal data is any information, held either in paper records or electronically, relating to a living individual, who can be identified from that data. Examples of personal information are name, address, email address, telephone number, IP address, photographs or video images. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”). “Processing” is anything that is done with personal information, from collection onwards.
Edinburgh Churches for Sanctuary is the “data controller” (see contact details below). This means we decide how personal data is processed and for what purposes. We comply with our obligations under the GDPR by keeping personal data up-to-date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure; and, by ensuring that appropriate technical measures are in place to protect personal data.
We use personal data for the following purposes:
- To provide information about Edinburgh Churches for Sanctuary news, events, and activities.
- To provide a voluntary service for the benefit of refugees and asylum seekers, residing in Edinburgh and the surrounding areas.
- To manage employees and volunteers.
- For payroll administration.
- To maintain accounts and records, including Gift Aid administration.
- In relation to individuals participating in church events and activities, including children and young people.
- To fulfill contractual and other legal obligations.
- To fundraise and promote the interests of the charity.
Sharing of information
Personal data will be treated as strictly confidential. Only individuals appointed to specific roles within Edinburgh Churches for Sanctuary can access the data. We will not share data outside Edinburgh Churches for Sanctuary without your consent, properly obtained, unless we are permitted or obliged to do so by law.
Legal bases for processing personal information
We are required by the GDPR to identify an appropriate legal basis, or appropriate legal bases, before we can process personal data. We will only process personal data for the purpose or purposes it was collected for.
Our legal bases for processing data are:
- Where explicit consent of an individual has been given to the processing for one or more specific purposes. The individual is entitled to withdraw such consent at any time, using the contact details provided below.
- Where the processing is necessary for the purposes of our legitimate interests, and such interests are not overridden by the interests or fundamental rights and freedoms of the individual it relates to.
- Where the processing is necessary for the performance of a contract with the data subject.
- Where the processing is necessary for compliance with one or more legal obligations.
Further, where we process personal information which is more sensitive than other types and is classed by law as “special category data” we will, in addition to meeting a minimum of one of the above legal bases, ensure that one or more of the following applies:
- Processing is carried out in the course of our legitimate activities with appropriate safeguards by us as a not-for-profit body with a religious aim and on condition that the processing relates solely to our members, or to former members, or to people who have regular contact with us in connection with our purposes and that the personal information is not disclosed outside Edinburgh Churches for Sanctuary without your consent.
Security and retention of personal information
We are committed to ensuring that personal information is held and retained securely, only for as long as necessary for the purposes for which the personal data are processed, and in accordance with data protection principles. More specifically, we keep data in accordance with the guidance set out in our Data Retention Policy, a copy of which is available from the Programme Coordinator of Edinburgh Churches for Sanctuary.
Rights to make certain requests in relation to personal data, as follows:
- You can request copies of the personal data which we hold about you, using the contact details provided below.
- If you believe that any information we hold about you is inaccurate, please let us know so that we can have this rectified.
- You can request that we erase your data if there is no longer any need for us to keep it, although we may still need to retain it if the reasons why it was obtained still exist. If the only legal basis on which we hold the data is your consent, and you withdraw that consent, then we will erase the data on request.
- You can restrict or suppress processing to your personal data in certain circumstances (e.g. where there is a dispute in relation to data accuracy or processing).
- You can withdraw consent to processing at any time.
- You can request that we transmit your personal data to another data controller in a safe and secure way based on explicit consent.
- You can object to processing of your personal data (e.g. where processing is based on legitimate interests or direct marketing).
- You have rights related to automatic individual decision making and profiling based on explicit consent.
If you would like more information on your rights or wish to exercise them, please contact the Programme Coordinator of Edinburgh Churches for Sanctuary (see our contact details below).
Our contact details
You can contact us by emailing email@example.com
The Information Commissioner’s Office
You have the right to contact the Information Commissioner’s Office on 0303 123 1113 or via its website at www.ico.org.uk or at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
Cookies are very small text files that are stored on your computer when you visit some websites.
You can disable and delete any cookies already stored on your computer using your browser settings. However if you do, you won’t be able to share pages with social networks and we won’t be able to use your anonymous, non-personal information (for instance, what type of browser you use and what country you are in) in our website usage statistics.