Website Privacy Notice

Under data protection law, individuals have a right to be informed about how the organisation uses any personal data that we hold about them. We comply with this right by providing ‘privacy notices’ (sometimes called ‘fair processing notices’) to individuals where we are processing their personal data.

This privacy notice explains how we collect, store and use personal data we receive via the website.

ST JAMES MUSWELL HILL, (the Organisation) is the ‘Data controller’ for the purposes of data protection law.

We have appointed the Operations Manager as our data protection officer (DPO) and the contact details of the responsible person can be found in ‘Our Team’ below.

The Personal Data we process.

• Your email address, phone number and enquiry preferences when you send us a message using a contact form.

• Information on how you use the site, using cookies and page tagging techniques.

The Lawful Basis for processing this Data:

• Data subject gives consent for one or more specific purposes.

• Processing is necessary to comply with the legal obligations of the controller.

• Processing is necessary for your legitimate interests or the legitimate interests of a third party.

This data can be viewed by authorised people on this website to:

• Improve the site by monitoring how you use it.

• Gather feedback to improve our services, for example our email alerts.

• Respond to any feedback you send us, if you’ve asked us to.

• Allow contact with users if requested through a form.

• Provide you with information about our services if you want it.

Where your data is stored

We store your data on secure servers held in the UK.

Keeping your data secure

Sending information over the internet is generally not completely secure, and we can’t guarantee the security of your data while it’s in transit.

Any data you send is at your own risk.

To protect your data, we have data protection policies and procedures in place, including strong organisational and technical measures, which are regularly reviewed. Further information can be found in our Church Privacy Policy or upon request.

Disclosing your information

In order for us to legally, effectively and efficiently function we are required to share data with appropriate third parties.

• The appropriate bodies of the Church of England including the other data controllers

• Suppliers and service providers – to enable them to provide the service we have contracted them for, such as operational support and IT services

• Your families and representatives- such as in the event of an emergency

• Our auditors to ensure compliance with our legal obligations

• Professional advisers and consultants - for us to develop our services and best provide our public service

• Police forces, courts, tribunals, security organisations- to create a secure workplace for all at the organisation.

• Other charities and voluntary organisations

We won’t share your information with any other organisations for marketing, market research or commercial purposes, and we don’t pass on your details to other websites.

Data Protection Rights

Individuals have a right to make a ‘subject access request’ to gain access to personal information that the organisation holds about them.

If you make a subject access request, and if we do hold information about you, we will:

• Give you a description of it

• Tell you why we are holding and processing it, and how long we will keep it for

• Explain where we got it from, if not from you

• Tell you who it has been, or will be, shared with

• Let you know whether any automated decision-making is being applied to the data, and any consequences of this

• NOT provide information where it compromises the privacy of others

• Give you a copy of the information in an intelligible form.

You may also have the right for your personal information to be transmitted electronically to another organisation in certain circumstances.

In most cases, we will respond to subject access requests within 1 month, as required under data protection legislation However, we are able to extend this period by up to 2 months for complex requests or exceptional circumstances.

Your Other Rights regarding your Data

You may:

• Withdraw your consent to processing at any time (This only relates to data for which the organisation relies on consent as a lawful basis for processing)

• Ask us to rectify, erase or restrict processing of your personal data, or object to the processing of it in certain circumstances and where sufficient supporting evidence is supplied

• Prevent the use of your personal data for direct marketing

• Challenge processing which has been justified on the basis of public interest, official authority or legitimate interests.

• Request a copy of agreements under which your personal data is transferred outside of the United Kingdom.

• Object to decisions based solely on automated decision making or profiling (decisions taken with no human involvement, that might negatively affect you)

• Request a cease to any processing that is likely to cause damage or distress

• Be notified of a data breach in certain circumstances

• Submit a complaint to the ICO

• Ask for your personal data to be transferred to a third party in a structured, commonly used and machine-readable format (in certain circumstances)

If you would like to exercise any of the rights or requests listed above, please contact the Data Protection Officer:

• Email: churchoffice@st-james.org.uk

• Phone: 0208 883 6277

• Post: St James Church, St James Lane, London N10 3DB

The Organisation will comply with the Data Protection legislation in regard to dealing with all data requests submitted in any format, although individuals are asked to preferably submit their request in written format to assist with comprehension.

We reserve the right to verify the requesters’ identity by asking for Photo ID. If this proves insufficient, then further ID may be required.

Article 22 of the UK GDPR has additional rules to protect individuals from decisions made solely for the purpose of automated decision-making and profiling. The organisation does not carry out any automated decision-making and/or profiling on website visitors.

Links to other websites

This Website contains links to other websites.

Following a link to this website from another website

If you come to this website from another website, we may receive information from the other website. We don’t use this data. You should read the privacy policy of the website you came from to find out more about this.

Complaints

We take any complaints about our collection and use of personal information very seriously.

If you think that our collection or use of personal information is unfair, misleading or inappropriate, or have any other concern about our data processing, please raise this with us in the first instance.

To make a complaint, please contact the Information Commissioner’s Office:

• Report a concern online at https://ico.org.uk/concerns/

• Call 0303 123 1113

• Or write to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Contact us

If you have any questions, concerns or would like more information about anything mentioned in this privacy notice, please contact our Data Protection Officer at churchoffice@st-james.org.uk

Changes to this Privacy Notice.

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.