Privacy Notices – Management of DATA within the Diocese of Plymouth
General Data Protection Regulation (GDPR) ( EU Article 29) and DATA Protection Act (DPA) 2018.
INTRODUCTION
This notice is issued as part of our requirement under the GDPR. Historically we have managed personal data by consent and in most case this will continue to be our lawful reason for doing so. We also hold information for purposes such as Gift Aid, Health and Safety or Safeguarding where there is a legal obligation on us to do so.
This notice sets out our legal basis for managing and retaining your personal data and is provided as an introduction to DATA privacy within the Diocese of Plymouth. For more detailed information you should refer to Diocesan Policy which is accessible via the Data Protection Manager dpm@prcdtr.org.uk
WHAT WE DO
The Diocese of Plymouth ( Plymouth Diocesan Trust ) is a registered charity (Charity number 213227) whose aim is the advancement and maintenance of the Roman Catholic religion in the Diocese of Plymouth, the provision of religious services, the education and training of priests, the provision and maintenance of churches, presbyteries and schools, the maintenance and support of priests, the poor and others.
In most circumstances the information we hold will have been provided by yourself and by consent. We do not share data for the purpose of third party marketing. We do however share data where there is a legal requirement for us to do so. This would include organisations such as Her Majesty’s Revenue and Customs, the Health and Safety Executive and with statutory organisations for the purposes of safeguarding. We may also share data with other organisations where there is a requirement to protect the young and vulnerable or where required to do so as part of a canonical process.
HOW WE PROCESS YOUR DATA
Your DATA may be held in either paper or electronic form, in all cases it will be kept securely and used only for the purpose for which it was provided. This may include keeping you updated on parish and diocesan activities, gift aid and managing attendance at events. If you apply for ministry in what is deemed to be regulated activity then you may be required to complete a disclosure and barring service check( DBS). If you have any query as to how your DATA would be managed in a particular circumstance then please do not hesitate to contact us.
RIGHTS
Under the GDPR you have a number of rights: these include a right of access to the information we hold on you, a right to rectify any errors in the DATA we hold, a right to have your DATA removed, a right to restrict processing and a right to data portability.
You have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the GDPR or Data Protection Act with regard to your personal data.
WHO TO CONTACT IF YOU HAVE ANY CONCERNS
Should you have any concerns or wish to discuss any aspect of Data Protection Management in the Diocese, then, in the first instance, please contact dpm@prcdtr.org.uk