Old Saint Paul’s Episcopal Church (OSP) is committed to protecting and respecting your privacy.
Please read this Privacy Notice, together with any other privacy notice that we may provide to you, as it contains important information about how we collect, manage, use and protect your personal data.
By accessing www.osp.org.uk (the “website”) or otherwise providing information to us, you agree to our privacy practices as set out in this Privacy Notice.
We may change this Privacy Notice from time to time. Please check this policy frequently to ensure you are aware of the most recent version and the date that it was last updated.
This policy was last updated in July 2018.
If you have any questions regarding this policy or about our privacy practices, please contact us at email@example.com or by writing to us at Old Saint Paul’s Episcopal Church, 39 Jeffrey Street, Edinburgh, EH1 1DH, and marking your query for the attention of the Church Officer.
Who are we?
When we say ‘OSP’, ‘we’ or ‘us’ in this policy, we are referring to Old Saint Paul’s Episcopal Church which is a registered charity in Scotland (Scottish Charity No. SC017399) with its principal office at 39 Jeffrey Street, Edinburgh EH1 1DH.
OSP is a “data controller” of the personal data that you provide to us. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.
What information do we collect?
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you. What information we collect will depend on your interactions with us.
However, we have grouped together the types of information that we may collect from you as follows:
- Identity Data including name, date of birth, marital status, family members, occupation, biography, nationality, term of membership, photographs, disciplinary information (for employees of OSP);
- Contact Data including home address, business address, email address, phone numbers;
- Financial Data including bank account, payment card details, national insurance information;
- Technical Data including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- Usage Data including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call us;
- Communications Data including your preferences in receiving communications from us.
We may also collect, store and use the following special categories of personal data:
- Health information, including any medical conditions or disabilities;
- Religious information, including your status as a communicant; and
- Information about criminal convictions and offences, including those disclosed as part of the PVG Scheme.
How do we collect your information?
Information you give us
- You may give us such information directly by completing forms (including membership forms), corresponding or speaking with us by phone, email, letter or otherwise, submitting a query, providing us with feedback, visiting our website, requesting that we provide you with services / communications, when you apply for a vacancy with us, when you volunteer or when we appoint you as a service provider.
Information we collect about you
- When you visit our website and receive e-mails from us we may automatically collect technical information about your equipment, browsing actions and patterns. We collect this by using cookies.
Information provided by cookies
- Cookies are small files saved to the user’s hard drive that track, save and store information about the user’s interactions and usage of the website. This allows our website, through its server, to provide users with a tailored experience.
- If you wish to prevent the use and saving of cookies from this website on to your computer’s hard drive you should take necessary steps within web browser’s security settings to block all cookies from our website.
- Other cookies may be stored on your hard drive by external vendors when our website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer.
- If you would like further information about cookies and how they are used, you can visit https://www.allaboutcookies.org/.
- When we e-mail you, such e-mails may contain tracking facilities. Such tracked activity may include but is not restricted to: delivery and read receipts, the opening of emails, the clicking of links within the email content, times, dates and frequency of activity.
Information we receive about you from other sources
- We may receive information about you if you use any of the services that we provide. In this case we will have informed you when we collected that data that it may be shared internally and combined with data collected on this site.
- We also work with third parties (including, for example, dioceses, the General Synod of the Scottish Episcopal Church, clergy, sub-contractors in technical, payment and delivery services, analytics providers, search information providers) and may receive information about you from them.
- We may receive information if you have provided permission to other organisations to share it with us, for example, when we receive a PVG Scheme record. Before providing permission to such third party organisations to share your personal data, you should check their privacy notices carefully.
- We may take information from publicly available sources (where possible) to keep your information up to date, for example, from the Post Office’s National Change of Address Database.
- We may receive information about you if you apply for a vacancy at the Church.
How we might use your information
We use information held about you in the following ways:
- Information you give to us. We will use this information:
- To process any donations that you have made to us, to carry out our obligations arising from any contracts entered into between you and us, and to provide you with the information and services that you request from us
- To manage and administer our relationship with you
- To respond to your requests
- To fundraise and promote our interests
- To provide you with information about our news, events, activities and appeals, including our newsletters
- To maintain our own accounts and records (including the processing of gift aid applications and the maintenance of the congregational register and Annual Report and Accounts)
- To notify you about changes to our services
- To consider your application for employment
- To process and administer your request for any form of grant
- To enable us to provide a voluntary service for the benefit of the public
- For the purposes of the establishment, exercise or defence of legal claims
- For disciplinary purposes
- To ensure that content from our site is presented in the most effective manner for you and for your computer
- To understand our donor demographic.
- Information we collect about you. We will use this information:
- To administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
- To improve our site to ensure that content is presented in the most effective manner for you and for your computer
- Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
Communications with you
We may, with your consent, text or e-mail you to provide you with l information about our activities and appeals or provide you with our e-mail newsletter, which is used to inform you about news, events and activities taking place within OSP and the wider church, as well as issues relevant to Christian belief and practice. You can unsubscribe at any time through an automated system. This process is detailed at the footer of each email. If an automated un-subscription system is unavailable clear instructions on how to unsubscribe will be detailed instead.
We may occasionally, with your consent, call you to provide you with information about our activities and appeals or provide you with information about services provided by us. You may unsubscribe to calls by instructing the person calling you or by contacting us at any time.
We may also communicate with you by post when it is in our legitimate interests to do this and when these interests do not override your rights. Those legitimate interests include providing you with information on our appeals, membership, services, fundraising, newsletter requests, feedback, and other activities. You have the right to contact us at any time and opt-out of receiving such communications.
What is our legal basis for using your information?
There are a number of lawful reasons for us to process your personal data.
One of these is called ‘legitimate interest’ and means that we can process your personal data if (i) we have a genuine and legitimate reason; and (ii) are not harming any of your rights and interests.
We will use your personal data for the purposes of Church administration, fundraising, processing donations, and our other charitable activities, including the pastoral care of the congregation and others who worship with us.
Whenever we process your personal data for our legitimate interests, we will consider and balance any potential impact on you and your rights under data protection law.
Other legal bases that we will rely on include:
- If you enter into a contract with us, we may process your personal data in order to fulfil our contract with you.
- If we are providing you with other e-mail communications, we will only do so with your consent. If you have given us your consent, you can withdraw your consent at any time by using the details below in the ‘Contact Us’
- Where we are required to comply with our legal obligations, to establish and defend our legal rights, or to prevent and detect crimes such as fraud.
Where we use special categories of personal data, for example, information about your health or religious information, we may ask for your consent to such use.
Sometimes your personal data may be used for statistical purposes but only in a form that no longer identifies you.
How long we will hold your information for
We will hold your personal data on our systems for as long as is necessary to fulfil the purposes that we collected it for, including for the purposes of satisfying any legal, accounting or other reporting requirements.
By law, we are required to retain certain information for a prescribed period of time. For example, we will keep a record of donations subject to gift aid for at least seven years to comply with HMRC rules. In circumstances where there are no such legal requirements, to determine the appropriate retention period, we will consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we are processing your personal data and whether we can achieve those purposes through other means.
Therefore, some information may be kept for more or less time depending on how long we reasonably feel it is required for.
We review our retention periods for personal data on a regular basis.
In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
If you ask us to delete your information in accordance with your rights set out below, we will retain basic information on a suppression list to record your request and to avoid sending you unwanted materials in the future.
Who we might share your information with
Our Annual Report and Accounts are published annually and are made available to the public. Other than to the extent that your information may be contained within the Annual Report and Accounts or General Synod Papers if you hold an office within a congregation, Diocese or the General Synod, we will NOT sell your personal data to any third parties.
We may share your personal information within the Scottish Episcopal Church, including with dioceses, vestries and members where appropriate.
We may share your information with selected third parties including:
- When we use other companies to provide services on our behalf, e.g. processing, mailing or delivering orders, providing information about our faith, worship, liturgy and other charitable activities, sending mail and emails, assessment and profiling, when using auditors/advisors or processing credit/debit card payments.
- Suppliers and sub-contractors for the performance of any contract we enter into with them or you.
- The Scottish Episcopal Church Pension Fund if you are member or prospective member of the Fund.
- Analytics and search engine providers that assist us in the improvement and optimisation of our site.
- If we run an event in partnership with other named organisations your details may need to be shared. We will be very clear what will happen to your data when you register.
- If we merge with another organisation or form a new entity, your personal data may be transferred to that new entity.
We may disclose your personal information to third parties to:
- Comply with any court order or other legal obligation or when data is requested by government or law enforcement authorities;
- Protect the rights, property, or safety of us, our employees, volunteers or others. This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
International transfers of personal data
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”) for the purposes described in this policy. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing.
You have a number of rights. If you would like to exercise any of these rights, please contact us using the details set out below in the ‘Contact Us’ section. If you exercise any of these rights we may ask for proof of identity and sufficient information about your interactions with us so that we can locate your personal information. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge except in exceptional circumstances.
If you wish to raise a complaint in relation to our processing of your personal data, you can contact us at firstname.lastname@example.org or by writing to us at Old Saint Paul’s Episcopal Church, 39 Jeffrey Street, Edinburgh, EH1 1DH and marking your query for the attention of the Church Officer. If you are not satisfied with our response or believe that we are not processing your personal data in accordance with the law you also have the right to lodge a complaint with the data protection regulator, the Information Commissioner’s Office. You can contact the Information Commissioner’s Office at: https://ico.org.uk/global/contact-us/.
Your rights include:
- A right to transparency over how we use your data and to make a subject access request (right of access);
- A right to have your personal data updated and corrected (right of correction/rectification);
- A right to ask us to delete your information (right to be forgotten);
- A right to ask us to stop processing your information (right to restriction);
- A right to object to (i) processing of your information based on our legitimate interests; (ii) processing of your information for direct marketing purposes; and (iii) automated decision making and profiling (right to object);
- A right to receive a copy of your information, or have this sent to a third party (right to data portability); and
- A right to claim compensation for material or non-material damage caused if we breach the data protection rules (right to compensation).
If you would like to find out more about your rights, you can visit the Information Commissioner’s Office website (https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr).
How you can access and update your information
We strive to maintain accurate, complete, and relevant personal information for the purposes identified in this privacy statement. If any of the personal information we hold about you is inaccurate or out of date, you may ask us to correct it. It is important that the personal information we hold about you is accurate and current.
Security precautions in place to protect against the loss, misuse or alteration of your information
We have implemented reasonable measures designed to secure your personal information from accidental loss and from unauthorised access, use, alteration and disclosure. Details of these measures can be obtained on request.
Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Our security measures are regularly reviewed.
If you have any questions regarding this policy or about our privacy practices, wish to exercise any of your rights or which to make a complaint, please contact the church office, marking your query for the attention of the Church Officer.