This Privacy Notice is sent to you by St Clement’s Bournemouth.

St Clement’s, Bournemouth recognises and is committed to its responsibilities under the Data Protection Act 1998 in relation to its handling of personal data.

Your personal data — what is it?

“Personal data” is any information about a living individual which allows them to be identified from that data (for example, a name, photographs, videos, email address, or address). Identification can be by the information alone or in conjunction with any other information.

The processing of personal data is governed by the Data Protection Act 2018, and other legislation relating to personal data and rights such as the Human Rights Act 1998.

Who are we?

The Parochial Church Council (PCC) of St Clement’s, Bournemouth is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.

When we say St Clement’s in this document, we refer to the Leadership of St Clement’s, Boscombe, governed by the PCC and may be referred to as “we” in this document.

St Clement’s works together with the PCC and the Bishops of the Diocese of Winchester;

The legal entity governing our church is the St Clement’s Bournemouth PCC. The legal entity is accountable for the finances of the church, our safeguarding and other legal matters.

What data does the controller listed above process?

We will process some or all of the following where necessary in the operation and mission of the church:

• Names, titles and aliases, photographs, video content, CCTV imagery;
• Contact details such as telephone numbers, addresses, and email addresses;

Where they are relevant to our mission, or where you provide them to us, we may process demographic information such as gender, age, date of birth, marital status, nationality, education/work histories, academic/professional qualifications, hobbies, family composition and dependents.

Where you make donations or pay for activities such as weekends away, financial identifiers such as bank account numbers, payment card numbers, payment/transaction identifiers, policy numbers, and claim numbers.

How do we process your personal data?

The controller will comply with their legal obligations to keep personal data up to date; to store and destroy it securely; to not collect or retain excessive amounts of personal data; to keep personal data secure, and to protect personal data from loss, misuse, unauthorised access and disclosure and to ensure that appropriate technical and organisational measures are in place to protect personal data.

We use your personal data for some or all of the following purposes:

• to enable us to meet all legal and statutory obligations (which include maintaining and publishing our electoral roll in accordance with the Church Representation Rules)
• to carry out comprehensive Safeguarding procedures, including due diligence and complaints handling in accordance with best safeguarding practice from time to time.
• to minister to you and provide you with pastoral and spiritual care (such as visiting you when you are gravely ill or bereaved) and to organise and perform ecclesiastical services for you, such as baptisms, weddings and funerals
• to deliver the Church’s mission to our community, and to carry out any other voluntary or charitable activities including events, courses and groups.
• to administer the parish, deanery, archdeaconry and diocesan membership records
• to perform various administrative tasks as part of executing our church mission. These include, but not exclusive to, fundraising, grant applications, maintain our accounts and records and if appropriate employment recruitment and records
• to process a donation that you have made (including Gift Aid information)
• to seek your views or comments
• to notify you of changes to our services, events and role holders
• to send you communications which you have requested and that may be of interest to you. These may include information about campaigns, events, appeals, other fundraising activities
• to protect and secure our facilities for the purposes of crime prevention

What is the legal basis for processing your personal data?

Most of our data is processed because it is necessary for our legitimate interests, or the legitimate interests of a third party (such as another organisation in the Church of England).

Examples include:

• Safeguarding work to protect children and adults at risk. We will always take into account your interests, rights and freedom.
• Compliance with a legal obligation like HMRC, Church Representation Rules to administer and publish the electoral roll
• Contract of employment or church facility hire

Religious organisations are also permitted to process information about your religious beliefs to administer membership or contact details.

Sharing your personal data

Your personal data will be treated as strictly confidential and will only be shared with other members of the church in order to carry out a service to other church members or for purposes connected with the church. We will only share your data with third parties outside of the parish with your consent.

It is likely that we will need to share your personal data with some or all of the following (but only where necessary or lawfully required):

• The appropriate bodies of the Church of England including the other data controllers
• Our agents, servants and contractors. For example, we may ask a commercial provider to maintain our database software e.g. ChurchSuite
• Other clergy or lay persons nominated or licensed by the Bishops of the Diocese of Winchester to support the mission of the church in our parish
• Crime prevention authorities. For example, Dorset Police.

How long do we keep your personal data?

In general, we will endeavour to keep personal data only for as long as we need it. This means that we may delete it when it is no longer needed.

We will retain some records according to certain regulatory and statutory responsibilities. We may keep some other records for an extended period of time. For example, it is current best practice to keep financial records for a minimum period of 7 years after the date of the transaction to support HMRC audits.

Your rights and your personal data

You have the following rights with respect to your personal data:

When exercising any of the rights listed below, in order to process your request, we may need to verify your identity for your security. In such cases, we will need you to respond with proof of your identity before you can exercise these rights:

• the right to request a copy of your personal data which St Clement’s holds about you
• the right to update any personal data if it is found to be inaccurate or out of date
• the right to request your personal data is erased where it is no longer necessary for St Clement’s to retain such data.

When we receive your request, we will confirm whether the data has been deleted or the reason why it cannot be deleted (for example, because we need it for our legitimate interests or regulatory purpose(s)).

• the right to withdraw your consent to the processing at any time
• you have the right to request that we transfer some of your personal data to another controller in certain circumstances (known as right to data portability). We will comply with your request, where it is feasible to do so, within one (1) month of receiving your request
• the right to opt out of any communication at any time between St Clement’s and yourself
• the right to stop further processing, where there is a dispute in relation to the accuracy or processing of your personal data
• the right to withdraw your consent to the further processing at any time of personal data to which consent was sought. Upon receiving the request, we will contact you and let you know if we are able to comply or if we have legitimate grounds to continue to process your personal data

Even after you exercise your right to object, we may continue to hold your personal data to comply with your other rights or to bring or defend legal claims.

• the right to lodge a complaint with the Information Commissioners Office.

Further processing

We will contact you in advance if any of the following occurs:

• If we wish to use your personal data for a new purpose, not covered by this Notice.
• Any changes to this notice. As a result of regular review, the latest policy will be on our website. If we make a significant change, we will notify you.

This notice was last updated in January, 2025.

Contact details

Please contact us if you have any questions about this Privacy Notice or the information we hold about you or to exercise all relevant rights, queries or complaints.

Email: heXXX XXXllo@stclems.church