Privacy and Data Protection

This page contains data protection and information security policies and privacy notices for Oxford Diocesan Board of Finance and for Diocesan Trustees (Oxford) Ltd. These documents describe the way we process personal data in different situations: the personal data we process, what we do with it, how we store it and what happens when we finish processing it.

The Data Protection Officer for the diocese is the Diocesan Secretary, who can be contacted via the Data Protection Co-ordinator, Tim Barnett. Contact the DPO by email. 

General ODBF privacy notice

General Privacy Notice for Oxford Diocesan Board of Finance (ODBF)

Download

This privacy notice explains how ODBF processes personal data in our general day-to-day work. It should be read in conjunction with additional privacy notices which explain our handling of personal data in specific circumstances (for specific activities or groups of people).

1. What is personal data?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in our possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”) and the Data Protection Act 2018, (the “DPA 2018”).
2. Who are we?
Oxford Diocesan Board of Finance (ODBF) is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
3. How do we process your personal data?
ODBF complies with its obligations under the GDPR and DPA 2018 by keeping personal data up to date, by storing and destroying it securely, by not collecting or retaining excessive amounts of data, by protecting personal data from loss, misuse, unauthorised access and disclosure, and by ensuring that appropriate technical measures are in place to protect personal data. We may use your contact data for the following purposes:
  • To support communications by letter, email and telephone;
  • To include as required in meeting minutes, reports, agendas, invitations and other documents;
  • To maintain a database of contacts, parishes and posts for the Diocese of Oxford;
  • Administration of training events, special services, conferences, consultations and other gatherings of diocesan post-holders;
  • Recording of attendance at training events, meetings, etc when there is a need to do so.
We may also process your personal data as a result of:
  • Identity checks required to complete DBS checks
  • CCTV (at Church House Oxford) for the prevention of crime
4. What is the legal basis for processing your personal data?
Processing is carried out under different legal bases depending on the circumstances:
  • Legal Obligation - where we are required to meet legal requirements, such as legislation for taxation, charity law, safeguarding, employment law, health and safety, or church representation/faculty law.
  • Legitimate Interest - to support the collaborative working between ODBF staff and members of our parishes, deaneries and the general public.
5. Sharing your personal data
Your personal data will be treated as confidential and will only be shared when necessary with bishops’ offices, Oxford Diocesan Board of Education, Oxford Cathedral, Diocesan Registry and National Church Institutions (such as the Church Commissioners) for purposes connected with the Diocese of Oxford.  If we wish to share your personal data outside the Church of England, then we will always seek your consent first.
6. How long do we keep your personal data?
We keep your personal data for no longer than reasonably necessary. This includes following Church of England guidelines in ‘Save or delete: the Care of Diocesan Records’ and ‘Personal Files Relating to Clergy’, see Church of England's records management guides. Our general policy for retention of personal data is:
  • Contact data held on personal devices (mobile phones, PCs, laptops, etc): reviewed and updated/deleted annually;
  • Contact/post database entries are changed to archive status when you no longer hold any post. Historic post data remains on archive for 25 years;
  • Training administration data: five years from the course date;
  • Training attendance data: six years after employment ceases;
  • Financial transaction data: six years from transaction date;
  • Logs of DBS checks are held indefinitely.
7. Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: -
  • The right to request a copy of your personal data which the ODBF holds about you;
  • The right to request that ODBF corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for the ODBF to retain such data;
  • The right to withdraw your consent to the processing at any time;
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to lodge a complaint with the Information Commissioners Office.
8. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
9. Contact Details
To exercise all relevant rights, queries or complaints, please in the first instance contact the data protection officer, Church House Oxford, Langford Locks, Kidlington, Oxford, OX5 1GF, tel: 01865 208 200, email: dpo@oxford.anglican.org. You can contact the Information Commissioners Office on 0303 123 1113, via email or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Privacy Notice May 2019
Privacy Notice for Clergy and LLMs

Privacy Notice for Clergy and LLMs

Download
1. Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in our possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR and the Data Protection Act 2018, (the “DPA 2018”).
2. How do we process your personal data?
The diocesan and area bishops comply with their obligations under the GDPR and DPA 2018 by keeping personal data up to date, by storing and destroying it securely, by not collecting or retaining excessive amounts of data, by protecting personal data from loss, misuse, unauthorised access and disclosure, and by ensuring that appropriate technical measures are in place to protect personal data. We use your personal data for the following purposes:
  • To exercise our legal and pastoral responsibilities as your diocesan and area bishops;
  • In addition to our general oversight of your ministry, we are responsible for assessing your qualifications and suitability for any particular office or ministry within the diocese, and for making appropriate arrangements for your ministerial development (including ministerial development review).
3. What is the legal basis for processing your personal data?
Processing of data in relation to personal files is a legitimate interest in accordance with my responsibilities under the Canons. These include our general responsibilities as chief pastors of the diocese, in order to be able to develop, support, administer, regulate and manage licensed ministers through their ministry. In so far as any personal data relates to “special categories of personal data” or criminal conviction or offence, the processing of data is also a legitimate activity; it is also needed in order to manage and administer internal functions with those with whom we have regular contact.  It is not shared externally outside the institutional bodies that comprise the Church of England without your consent. The exception to this is the provision of Episcopal References and Clergy Current Status Letters (“CCSL”). Episcopal References and CCSLs are processed on the basis that it is a legitimate interest as established by the Promoting a Safer Church House of Bishops Policy Statement (2017)[1].  However, in so far as the personal data contained within the Episcopal Reference and CCSL relates to “special categories of personal data” and criminal conviction and offence data, this will be processed on the basis that it is necessary for reasons of substantial public interest on the basis of UK law. The Episcopal Reference and CCSL will be disclosed both for posts within the Church of England and externally, where you have applied for a ministerial post in another diocese or a church outside the Church of England and is done so in order to protect members of the public from harm, including dishonesty, malpractice and other seriously improper conduct or safeguarding purposes as established by the Safer Recruitment: Practice Guidance (2016)[2].
4. Sharing your personal data
Your personal data will be treated as strictly confidential and will be shared only when necessary with institutional bodies that comprise the Church of England for the purposes of administrative functions in connection with your role. If we wish to share your personal data outside the Church of England, then we will always seek your consent first.
5. How long do we keep your personal data?
We keep your personal data for no longer than reasonably necessary for the periods and purposes as set out in the attached retention table. Although this table relates to clergy, files for lay ministers are held for the same periods of time. [see p21 here]
6. Your rights and your personal data
Unless subject to an exemption under the GDPR or DPA 2018, you have the following rights with respect to your personal data: -
  • The right to request a copy of your personal data which the bishop holds about you;
  • The right to request that the Bishop corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for the bishop to retain such data;
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data, (where applicable). The right to lodge a complaint with the Information Commissioners Office.
7. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
8. Contact Details
To exercise all relevant rights, queries or complaints please in the first instance contact the Data Protection Officer, Church House Oxford, Langford Locks, Kidlington, Oxford, OX5 1GF. Tel: 01865 208200. Email: dpo@oxford.anglican.org. You can contact the Information Commissioners Office on 0303 123 1113, via email or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Privacy notice November 2018 [1] https://www.churchofengland.org/sites/default/files/2017-12/PromotingSaferChurchWeb.pdf [2] https://www.churchofengland.org/sites/default/files/2017-11/safeguarding%20safer_recruitment_practice_guidance_2016.pdf
Parish Office Holders

Privacy Notice for Parish Office Holders (Churchwarden, PCC secretary, treasurer, Deanery Synod rep, safeguarding officer)

Download

We are grateful for the support of all those who serve the diocese. It helps the diocese to help you if we have all your contact details from the start. It will ensure that you receive appropriate diocesan information and mailings.

1 What is personal data?
Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in our possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”) and the Data Protection Act 2018, (the “DPA 2018”).
2. Who are we?
Oxford Diocesan Board of Finance (ODBF) is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
3. How do we process your personal data?
ODBF complies with its obligations under the GDPR and DPA 2018 by keeping personal data up to date, by storing and destroying it securely, by not collecting or retaining excessive amounts of data, by protecting personal data from loss, misuse, unauthorised access and disclosure, and by ensuring that appropriate technical measures are in place to protect personal data. We use your data for the following purposes:
  • To serve you with legal notices related to your parish office e.g. as PCC secretary;
  • To contact you with guidance, training opportunities and other events related to your office.
4. What is the legal basis for processing your personal data?
Processing is carried out under different legal bases depending on the circumstances:
Legal Obligation
There are certain activities the diocese needs to coordinate with parish officers to comply with statutory requirements (for example PCC elections, deanery synod elections, faculty process, requirements of tax/charity laws).
Legitimate Interest
We process your personal data so that diocesan staff can contact you when necessary, also to help you carry out your duties as a parish officer effectively, such as: creating awareness of your office requirements (particularly when things change), training opportunities and events related to your office.
Consent
Subject to consent being given, your contact details will appear in the Diocesan Directory.  This is available online, to any parish/deanery office holders in the diocese at www.parishinfo.org or via a limited number of paper copies. The diocese will, on occasion, make extracts of relevant Diocesan Directory information available to third parties which have requirements that align with the aims and objectives of the diocese (e.g. funeral directors).
5. Sharing your personal data
Your office held and contact information are made available to ODBF staff, this is also shared with the Bishops’ Offices and the Diocesan Registry. In addition, we may share your data on a ‘need to know’ basis with the National Church Institutions (such as the Church Commissioners). At the discretion of ODBF, Diocesan Directory information may be shared (subject to consent as above) with third parties who are aligned to the diocese’s aims and objectives.
6. How long do we keep your personal data?
We keep your data until either you tell us that you have ceased to hold the office, or we receive formal notification of your successor. After you cease to hold office, the record of your period(s) of service is retained for archive purposes for a period of 30 years.
7. Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: -
  • The right to request a copy of your personal data which the ODBF holds about you;
  • The right to request that ODBF corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for the ODBF to retain such data;
  • The right to withdraw your consent to the processing at any time;
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to lodge a complaint with the Information Commissioners Office.
8. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
9. Contact Details
To exercise all relevant rights, queries or complaints please in the first instance contact the Data Protection Officer, Church House Oxford, Langford Locks, Kidlington, Oxford, OX5 1GF. Tel: 01865 208 200. Email: dpo@oxford.anglican.org. You can contact the Information Commissioners Office on 0303 123 1113, via email or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Privacy Notice November 2018
Diocesan Website

Website privacy policy

Download

This policy explains when and why we collect personal information about people who visit our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

This policy relates to oxford.anglican.org, its subdomains, and other official Diocese of Oxford websites, including earthingfaith.org, thamespilgrimway.org.uk, and youthblog.org. It does not apply to sites the Diocese of Oxford may host for affiliated organisations.
We may change this policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using our website, you’re agreeing to be bound by this policy. Any questions regarding this policy and our privacy practices should be sent by email to webmaster@oxford.anglican.org or by writing to the Data Protection Officer, Church House Oxford, OX5 1GF. Alternatively, you can telephone 01865 208 200 and ask to speak to the Data Protection Officer or web team.
1. How do we collect information from you?
We obtain limited information about you when you use the website - for example, when you contact us or subscribe to our newsletter.
2. What type of information is collected from you?
Newsletters: If you voluntarily subscribe to eNews or other emails from us we save:
  • Your email address (required)
  • Your name (optional)
  • The archdeaconry where you worship (optional)
You can update your newsletter profile at any time and each email newsletter we send to you contains an unsubscribe link. If you unsubscribe and are a church officer then we will only send important information related to your role. Contact Forms We use contact forms so you can send us queries. We save the information you submit on the form for a maximum of 6 months, the information is then deleted. We do this to ensure that your query reaches the intended recipient. The personal information we collect through the form is as follows:
  • Your name
  • Email address
  • IP address
  • Date and time
  • Message subject and content including attachments
3. Cookies
This site uses cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, keep you logged in if you are an editor, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers. What third-party cookies (external to oxford.anglican.org) do we store?  __cfduid This is a security cookie set by Cloudflare that relates to One Signal. The system we use for sending browser notifications of new posts __utma / __utmb / __utmc / __utmz These relate to Google Analytics which we use to understand how many people use the website and which pages they visit. Other cookies may be set that are local to our own domain and are used for the smooth running of the website. None of the cookies we set contains personally identifiable information.
4. How is my information used?
We may use your information to:
  • improve the website by understanding which pages are most visited and in what order;
  • send you notifications that you have requested (more about browser notifications);
  • put you in touch with someone you need to contact;
  • remember your login details if you are one of our website editors.
We do not store any information you provide for any longer than necessary. We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.
5. Your choices
The accuracy of your information is important to us. If your email address or any of the other information we hold is inaccurate or out of date, please let us know. You can update your details on the newsletter by following the "Update My Preferences" link in the email. You have the right to ask for a copy of the information we hold about you on our website.
6. Security precautions in place to protect the loss, misuse or alteration of your information
When you give us personal information, we take steps to ensure that it’s treated securely. We do not collect sensitive information (such as credit or debit card details) on this website. You do not need to register to use this website unless you are a staff editor. Our website is SSL secured so all passwords etc are encrypted however non-sensitive details (your email address etc) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
7. Links to other websites
Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website. In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.
8. Transferring your information outside of Europe
All our web servers are located in the EU However, as part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Union (“EU”). For example, when you subscribe to a newsletter, a browser notification, or when our sites are backed-up. These countries may not have similar data protection laws to the UK. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy.
Visitors should be aware that public websites are indexed and cached by search engines and archival services over which site managers have limited control. These may include, Google, Yahoo, Bing and Archive.org.
9. Review of this Policy
We keep this policy under regular review. This policy was last updated in May 2018.
Diocesan Synod, Board and Council Members

 

Privacy Notice for Members of Oxford Diocesan Synod and Associated Boards and Councils

Download

We are grateful for the support of all those who serve the diocese. It helps the diocese to help you if we have all your contact details from the start. It will ensure that you receive appropriate diocesan information and mailings.

1. What is personal data?
Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in our possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”) and the Data Protection Act 2018, (the “DPA 2018”).
2. Who are we?
Oxford Diocesan Board of Finance (ODBF) is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
3. How do we process your personal data?
ODBF complies with its obligations under the GDPR and DPA 2018 by keeping personal data up to date, by storing and destroying it securely, by not collecting or retaining excessive amounts of data, by protecting personal data from loss, misuse, unauthorised access and disclosure, and by ensuring that appropriate technical measures are in place to protect personal data. We use your personal data for the distribution of documentation required for the operation of Diocesan Synod, its associated Boards and Councils. This includes agendas, meeting minutes, papers for discussion, election papers and information to support your effectiveness in your role.
4 What is the legal basis for processing your personal data?
Processing is carried out under different legal bases depending on the circumstances:
Legitimate Interest
Processing of your personal data is undertaken so that you can carry out your duties effectively a member of Diocesan Synod, its Boards or Councils.
Legal Obligation
In specific situations (for example, members of Bishop’s Council who are directors and trustees of ODBF), the details of certain synod/council members will be included in statutory documents required by Companies House and the Charities Commission.
Consent
Consent may be sought to share your contact details with other members of Diocesan Synod and associated Boards and Councils, to facilitate communication between members.
5. Sharing your personal data
Your personal data will be treated as confidential and will be shared when necessary with bishops’ offices, national church institutions (such as the Church Commissioners) and the Diocesan Registrar for the purposes of administrative functions in connection with your role(s). As members of ODBF, the names of Diocesan Synod members will be available in the public domain (for example, on the Oxford Diocesan website).  We will seek your consent before any further sharing of your personal data.
6. How long do we keep your personal data?
We keep data in accordance with the guidance set out in the guide “Save or delete – The Care of Diocesan Records” (which covers Diocesan Synod records) and is available from the Church of England website. We keep your personal details for as long as you hold office, after which electronic data is deleted and paper copies are shredded.
7. Your rights and your personal data
Unless subject to an exemption under the GDPR or DPA 2018, you have the following rights with respect to your personal data:
  • The right to request a copy of your personal data which the ODBF holds about you;
  • The right to request that ODBF corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for the ODBF to retain such data;
  • The right to withdraw your consent to the processing at any time
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to lodge a complaint with the Information Commissioners Office.
8. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
9. Contact Details
To exercise all relevant rights, queries or complaints please in the first instance contact the Data Protection Officer, Church House Oxford, Langford Locks, Kidlington, Oxford, OX5 1GF. Tel: 01865 208200. Email: dpo@oxford.anglican.org. You can contact the Information Commissioners Office on 0303 123 1113, via email or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Privacy Notice November 2018
ODBF Employees

Privacy Notice for Employees of ODBF

(Oxford Diocesan Board of Finance)
Download
1. Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in our possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR and the Data Protection Act 2018, (the “DPA 2018”).
2. How do we process your personal data?
Oxford Diocesan Board of Finance (ODBF) is the data controller (contact details below).  This means it decides how your personal data is processed and for what purposes. We comply with obligations under the GDPR and DPA 2018 by keeping personal data up to date, by storing and destroying it securely, by not collecting or retaining excessive amounts of data, by protecting personal data from loss, misuse, unauthorised access and disclosure, and by ensuring that appropriate technical measures are in place to protect personal data. We use your personal data for the following purposes: To exercise our responsibilities as your employer in line with legislation, your statement of particulars of employment and our policies and procedures. In addition to our general oversight of your employment, we are responsible for assessing your qualifications and memberships, your right to work in the UK, your criminal background (for specific roles only), your ongoing suitability for the role within the diocese and for managing your performance and well-being, including processing absence and health data to inform business decisions and well-being support. We will instruct payment to be made for the work you do and administer relevant benefits.
3. What is the legal basis for processing your personal data?
Processing of data in relation to your employment is necessary to meet our contractual obligations, as set out in your statement of particulars of employment and to meet legal obligations in relation to the employment relationship. In so far as any personal data relates to “special categories of personal data” or criminal conviction or offence, the processing of data is also a legitimate activity; in order to assess suitability for a role and monitor diversity. It is not shared externally outside the institutional bodies that comprise the Church of England without your consent.
4. Sharing your personal data
Your information will be shared internally and seen by authorised ODBF staff for the purposes of managing the employment relationship, pay and benefits.  This will include members of HR, your manager and members of senior management if access to the data is necessary for performance of their roles. ODBF will share your data with third parties in order to obtain pre-employment checks required for the role.  This includes your referees and other organisations such as professional bodies necessary to complete pre-employment checks. Medical checks from our Occupational Health Provider and criminal records checks required for the role, obtained from the Disclosure and Barring Service by a third-party organisation, will not be sought until a conditional offer of employment has been made. Data will be shared with our payroll provider and benefit suppliers in order to ensure the management of pay and benefits, such as pension scheme and childcare vouchers. Data may be shared with our occupational health provider, your GP or a healthcare professional, where health information is required to support your well-being. Additional consent will be required from you before a request for medical information is made. We don’t use your data for any other reason, nor do we sell it to any third parties or use it to contact you about any unrelated services.
5. How long do we keep your personal data?
We keep your personal data for the duration of your employment with us, plus an additional six years after the employment relationship has come to an end.  It is your responsibility to inform us of any changes to your information, for example if you move to a new house.
6. Your rights and your personal data
Unless subject to an exemption under the GDPR or DPA 2018, you have the following rights with respect to your personal data: -
  • The right to request a copy of your personal data which ODBF holds about you;
  • The right to request that ODBF correct any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for us to retain such data;
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data, (where applicable). The right to lodge a complaint with the Information Commissioners Office.
7. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
8. Contact Details
To exercise all relevant rights, queries or complaints please in the first instance contact the Data Protection Officer, Church House Oxford, Langford Locks, Kidlington, Oxford, OX5 1GF. Tel: 01865 208 200. Email: dpo@oxford.anglican.org. You can contact the Information Commissioners Office on 0303 123 1113, via email or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Privacy Notice November 2018
ODBF Recruitment

Privacy Notice for candidates applying for vacancies with Oxford Diocesan Board of Finance (ODBF)

Download
1. Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in our possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR and the Data Protection Act 2018, (the “DPA 2018”).
2. How do we process your personal data?
Oxford Diocesan Board of Finance (ODBF) is the Data Controller.  This means it is ultimately responsible for the data it holds about you. We comply with our obligations under the GDPR and DPA 2018 by keeping personal data up to date, by storing and destroying it securely, by not collecting or retaining excessive amounts of data, by protecting personal data from loss, misuse, unauthorised access and disclosure, and by ensuring that appropriate technical measures are in place to protect personal data. We use your personal data for the following purposes: ODBF collects and processes a range of information about you. This includes:
  • your name, address and contact details, including email address and telephone numbers
  • your date of birth
  • details of your education, qualifications, skills, experience and employment history, including start and end dates
  • information about your current level of remuneration, including entitlement to allowances
  • details of any gaps in employment
  • details of whether you are a relative or a partner of, or have any close personal relationship with any employee of
  • details of your registration with or membership of any professional bodies required for you to be able to practice in your profession or meet the requirements of the role that you have applied for, and details of any sanctions or restrictions placed upon you that affect your ability to practice in that role
  • information about your identity and entitlement to work in the UK
  • information about your criminal record where applicable to your role
  • whether or not you have a disability for which the ODBF needs to make reasonable adjustments during the recruitment and selection process
  • equal opportunities monitoring information, including information about your gender, whether you are married or in a civil partnership, ethnic origin, sexual orientation, religion or belief, health and disability
  • where you have applied for a role that would require you to drive on ODBF business/ have a lease car we will collect details of your driving licence and any driving offences that you incur
ODBF will collect this information in a variety of ways. For example, data might be collected through application forms, obtained from your passport or other identity documents such as your driving licence and qualification certificates, or collected through interviews or other forms of assessment, including on-line tests. ODBF will also collect information about you from third parties, such as references supplied by former employers, other organisations in relation to pre-employment checks, such as registration with professional bodies where a requirement of the role and information from criminal records checks permitted by law.
3. What is the legal basis for processing your personal data?
Processing of data in relation to the recruitment process is a legitimate interest in accordance with current employment legislation and ODBF’s policies and procedures. The data collected from you when you apply for a role is used solely to manage the recruitment process with respect to the requirements of the role (for instance, we only need information about your driving licence if the role you are applying for involves driving as part of your duties). All of the information we ask for above is used to check your suitability for the advertised role with a view to potentially entering into a contract of employment. ODBF has a duty as a company and charitable organisation to ensure that it runs an efficient, fair and safe recruitment process in the public interest to attract suitable staff, in order to protect public funds. There are also reasons that ODBF needs to process this data by law.  For instance, The Equality Act 2010 means that ODBF has a duty to ensure that no discrimination takes place during recruitment and selection on grounds of “protected characteristics”. Clearly, ODBF needs to collect the data which relates to the characteristics to ensure (and to be able to show) that it is not treating applicants unfairly as a result. You are under no statutory or contractual obligation to provide data to ODBF during the recruitment and selection process. However, if you do not provide the information, ODBF may not be able to process your application properly or at all which will obviously have the potential to disadvantage your chances of success. You are under no obligation to provide information for equal opportunities monitoring purposes (this is asked for on a separate form to your main application and is retained within HR for monitoring purposes only and does not form part of the selection process.). There are no consequences for your application if you choose not to provide such information. Recruitment and selection decisions are never based solely on an automated decision-making process – there is always human intervention and judgement exercised at the point of a decision. You can access information about your rights with respect to the data we collect below (see “Your Rights”).
4. Sharing your personal data
Your information will be shared internally and seen by authorised ODBF staff for the purposes of the recruitment and selection exercise. This will include members of HR, the recruiting manager and members of the recruitment panel, managers in the service area with the vacancy and IT staff if access to the data is necessary for performance of their roles. ODBF will share your data with third parties in order to obtain pre-employment checks required for the role.  This includes your referees and other organisations such as professional bodies necessary to complete pre-employment checks.  Medical checks from our Occupational Health Provider and criminal records checks required for the role, obtained from the Disclosure and Barring Service by a third-party organisation, will not be sought until a conditional offer of employment has been made. We don’t use your data for any other reason, nor do we sell it to any third parties or use it to contact you about any unrelated services.
5. How long do we keep your personal data?
Your data will not be kept any longer than necessary.  Data for successful applicants will be used to enter into an employment contract.  A separate privacy notice exists for employees and you will have access to that should you be appointed in the role.  Data for unsuccessful applicants is retained for a period of 6 months from the end of the recruitment exercise and is then securely destroyed.
6. Your rights and your personal data
Unless subject to an exemption under the GDPR or DPA 2018, you have the following rights with respect to your personal data: -
  • The right to request a copy of your personal data which ODBF holds about you;
  • The right to request that ODBF correct any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for us to retain such data;
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data, (where applicable). The right to lodge a complaint with the Information Commissioners Office.
7. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
8. Transfer overseas
Your data will not be stored or sent outside of the European Economic Area (EEA), with the exception of requests for references where the referees you have provided are outside of the EEA.
9. Contact Details
To exercise all relevant rights, queries or complaints please in the first instance contact the Data Protection Officer, Church House Oxford, Langford Locks, Kidlington, Oxford, OX5 1GF. Tel: 01865 208 200. Email: dpo@oxford.anglican.org. You can contact the Information Commissioners Office on 0303 123 1113, via email or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Privacy Notice November 2018
Vocations to LLM

Privacy Notice for those seeking to discern a call to Licensed Lay Ministry within the Oxford Diocese

Download

We are grateful to those who wish to explore their sense of calling to licensed lay ministry within this diocese. It helps the diocese to help you if we have all your contact details from the start. It will ensure that you receive appropriate diocesan information and mailings.

1. Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in our possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”) and the Data Protection Act 2018, (the “DPA 2018”)
2. Who are we?
Oxford Diocesan Board of Finance (ODBF) is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
3. How do we process your personal data?
ODBF complies with its obligations under the GDPR and DPA 2018 by keeping personal data up to date, by storing and destroying it securely, by not collecting or retaining excessive amounts of data, by protecting personal data from loss, misuse, unauthorised access and disclosure, and by ensuring that appropriate technical measures are in place to protect personal data. We use your personal data for the following purposes:
  • To work with you in the process of discerning a vocation to LLM and, should you be selected for LLM, to arrange training and placement. This will involve the collection and use of ‘special category’ data (which may include race, ethnic origin, political affiliation, religious affiliation, health, sex life or sexual orientation).
  • To send you invitations to suitable vocations events designed to help you discern your calling.
4. What is the legal basis for processing your personal data?
Processing requires legal bases under Article 6 and (since ‘special category’ data is involved) Article 9 of the GDPR:
  • We have a legitimate interest (Article 6) to discern candidates who offer themselves for LLM and training, in accordance with the Church of England’s national selection processes, taking special care to handle sensitive information with extra care and security.
  • We have a legal obligation (Article 6) to ascertain your right to work under UK employment law.
  • Special category data is processed as part of our legitimate activity (Article 9), with appropriate safeguards to keep such data secure and not to share it outside the bodies which constitute the Church of England without your consent.
  • Independent of the discernment and training process, we seek consent (Article 6) to keep you informed about news, events, activities and services related to vocations and the vocations process.
5. Sharing your personal data
Your personal data will be treated as confidential and will be shared when necessary with the relevant Bishop’s office within the Oxford Diocese, Oxford Cathedral, with National Church Institutions and other dioceses in the Church of England, for the purposes of administrative activity in connection with you discerning a call to LLM, selection, training, placements, and meeting legal requirements for licensing. Subject to your consent to share, your personal data may be shared outside the Church of England with Theological Education Institutes and (in the event of transfer) other Anglican dioceses within the UK and European Economic Area (EEA).  If we need to share your personal data with any other organisation, then we will always seek your consent first.
6. How long do we keep your personal data?
We keep your personal data for as long as you are in the discernment process and afterwards, according to protocol from Church of England Ministry Division:
  • Candidates who attend a selection day and are not recommended: 10 years after selection after which electronic data is deleted and paper copies are shredded;
  • Candidates who withdraw from the process before selection: 5 years after withdrawal, after which electronic data is deleted and paper copies are shredded;
  • Where safeguarding concerns have been identified: indefinitely;
  • Candidates who are licensed: 1 year after licensing after which electronic data and paper copies are passed to the relevant bishop’s office.
7. Your rights and your personal data
Unless subject to an exemption under the GDPR or DPA 2018, you have the following rights with respect to your personal data:
  • The right to request a copy of your personal data which ODBF holds about you;
  • The right to request that ODBF corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for ODBF to retain such data;
  • The right to withdraw your consent to the processing at any time, however should you do this, the discernment process would not continue;
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to lodge a complaint with the Information Commissioners Office.
8. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
9. Contact Details
To exercise all relevant rights, queries or complaints please in the first instance contact the Data Protection Officer, Church House Oxford, Langford Locks, Kidlington, Oxford, OX5 1GF. Tel: 01865 208 200. Email: dpo@oxford.anglican.org. You can contact the Information Commissioners Office on 0303 123 1113, via email or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. April 2019
Vocations to Ordained Ministry

Privacy Notice for those seeking to discern a call to ordained ministry within the Oxford Diocese

Download

We are grateful to those who wish to explore their sense of calling to ordination within this diocese. It helps the diocese to help you if we have all your contact details from the start. It will ensure that you receive appropriate diocesan information and mailings.

1. Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in our possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”) and the Data Protection Act 2018, (the “DPA 2018”)
2. Who are we?
Oxford Diocesan Board of Finance (ODBF) is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
3. How do we process your personal data?
ODBF complies with its obligations under the GDPR and DPA 2018 by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. We use your personal data for the following purposes:
  • To work with you in the process of discerning a vocation to ordained ministry and, should you be selected for ordained ministry, to arrange training and curacy placement. This will involve the collection and use of ‘special category’ data (which may include race, ethnic origin, political affiliation, religious affiliation, trade union membership, health, sex life or sexual orientation);
  • To send you invitations to suitable vocations events designed to help you discern your calling.
4. What is the legal basis for processing your personal data?
Processing requires legal bases under Article 6 and (since ‘special category’ data is involved) Article 9 of the GDPR:
  • We have a legitimate interest (Article 6) to discern candidates who offer themselves for ordination and training, in accordance with the Church of England’s national selection processes, taking special care to handle sensitive information with extra care and security;
  • We have a legal obligation (Article 6) to ascertain your right to work under UK employment law;
  • Special category data is processed as part of our legitimate activity (Article 9), with appropriate safeguards to keep such data secure and not to share it outside the bodies which constitute the Church of England without your consent;
  • Independent of the discernment and training process, we seek consent (Article 6) to keep you informed about news, events, activities and services related to vocations and the vocations process.
5. Sharing your personal data
Your personal data will be treated as confidential and will be shared when necessary with the relevant bishop’s office within the Diocese of Oxford, Oxford Cathedral, Diocesan Registry, with National Church Institutions and other dioceses in the Church of England, for the purposes of administrative activity in connection with you discerning a call to ordained ministry, selection, training, placements, curacy placement and meeting legal requirements for ordination. Subject to your consent to share, your personal data may be shared outside the Church of England with Theological Education Institutes and (in the event of transfer) other Anglican dioceses within the UK and European Economic Area (EEA). If we need to share your personal data with any other organisation, then we will always seek your consent first.
6. How long do we keep your personal data?
We keep your personal data for as long as you are in the discernment process and afterwards, according to protocol from Church of England Ministry Division:
  • Candidates who attend a BAP and are not recommended: 10 years after BAP after which electronic data is deleted and paper copies are shredded;
  • Candidates who withdraw from the process before a BAP: 5 years after withdrawal, after which electronic data is deleted and paper copies are shredded;
  • Where safeguarding concerns have been identified: indefinitely;
  • Candidates who are ordained: 1 year after ordination after which electronic data and paper copies are passed to the relevant Bishop’s office and IME team.
7. Your rights and your personal data
Unless subject to an exemption under the GDPR or DPA 2018, you have the following rights with respect to your personal data:
  • The right to request a copy of your personal data which ODBF holds about you;
  • The right to request that ODBF corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for ODBF to retain such data;
  • The right to withdraw your consent to the processing at any time, however should you do this, the discernment process would not continue;
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to lodge a complaint with the Information Commissioners Office.
8. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
9. Contact Details
To exercise all relevant rights, queries or complaints please in the first instance contact the Data Protection Officer, Church House Oxford, Langford Locks, Kidlington, Oxford, OX5 1GF. Tel: 01865 208 200. Email: dpo@oxford.anglican.org. You can contact the Information Commissioners Office on 0303 123 1113, via email or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. April 2019
Yellow Braces - Applicants

Privacy Notice for the Parents/Carers of Attendees of Yellow Braces Camp

Download

We are grateful to those who wish to explore their sense of calling to ordination within this diocese. It helps the diocese to help you if we have all your contact details from the start. It will ensure that you receive appropriate diocesan information and mailings.

1. Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in our possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”) and the Data Protection Act 2018, (the “DPA 2018”)
2. Who are we?
Oxford Diocesan Board of Finance (ODBF) is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
3. How do we process your personal data?
ODBF complies with its obligations under the GDPR and DPA 2018 by keeping personal data up to date, by storing and destroying it securely, by not collecting or retaining excessive amounts of data, by protecting personal data from loss, misuse, unauthorised access and disclosure, and by ensuring that appropriate technical measures are in place to protect personal data. We use your personal data for the following purposes:
  • To work with you in the process of discerning a vocation to ordained ministry and, should you be selected for ordained ministry, to arrange training and curacy placement. This will involve the collection and use of ‘special category’ data (which may include race, ethnic origin, political affiliation, religious affiliation, trade union membership, health, sex life or sexual orientation);
  • To send you invitations to suitable vocations events designed to help you discern your calling.
4. What is the legal basis for processing your personal data?
Processing requires legal bases under Article 6 and (since ‘special category’ data is involved) Article 9 of the GDPR:
  • We have a legitimate interest (Article 6) to discern candidates who offer themselves for ordination and training, in accordance with the Church of England’s national selection processes, taking special care to handle sensitive information with extra care and security;
  • We have a legal obligation (Article 6) to ascertain your right to work under UK employment law;
  • Special category data is processed as part of our legitimate activity (Article 9), with appropriate safeguards to keep such data secure and not to share it outside the bodies which constitute the Church of England without your consent;
  • Independent of the discernment and training process, we seek consent (Article 6) to keep you informed about news, events, activities and services related to vocations and the vocations process.
5. Sharing your personal data
Your personal data will be treated as confidential and will be shared when necessary with the relevant bishop’s office within the Diocese of Oxford, Oxford Cathedral, Diocesan Registry, with national church institutions and other dioceses in the Church of England, for the purposes of administrative activity in connection with you discerning a call to ordained ministry, selection, training, placements, curacy placement and meeting legal requirements for ordination. Subject to your consent to share, your personal data may be shared outside the Church of England with theological education institutes and (in the event of transfer) other Anglican dioceses within the UK and European Economic Area (EEA). If we need to share your personal data with any other organisation, then we will always seek your consent first.
6. How long do we keep your personal data?
We keep your personal data for as long as you are in the discernment process and afterwards, according to protocol from Church of England Ministry Division:
  • Candidates who attend a BAP and are not recommended: 10 years after BAP after which electronic data is deleted and paper copies are shredded;
  • Candidates who withdraw from the process before a BAP: 5 years after withdrawal, after which electronic data is deleted and paper copies are shredded;
  • Where safeguarding concerns have been identified: indefinitely;
  • Candidates who are ordained: 1 year after ordination after which electronic data and paper copies are passed to the relevant bishop’s office and IME team.
7. Your rights and your personal data
Unless subject to an exemption under the GDPR or DPA 2018, you have the following rights with respect to your personal data:
  • The right to request a copy of your personal data which ODBF holds about you;
  • The right to request that ODBF corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for ODBF to retain such data;
  • The right to withdraw your consent to the processing at any time, however should you do this, the discernment process would not continue;
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to lodge a complaint with the Information Commissioners Office.
8. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
9. Contact Details
To exercise all relevant rights, queries or complaints please in the first instance contact the Data Protection Officer, Church House Oxford, Langford Locks, Kidlington, Oxford, OX5 1GF. Tel: 01865 208 200. Email: dpo@oxford.anglican.org. You can contact the Information Commissioners Office on 0303 123 1113, via email or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. April 2019
Yellow Braces - Staff

Privacy Notice for the Staff of Yellow Braces Camp

Download
1. Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in our possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”) and the Data Protection Act 2018, (the “DPA 2018”)
2. Who are we?
Oxford Diocesan Board of Finance (ODBF) is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
3. How do we process your personal data?
ODBF complies with its obligations under the GDPR and DPA 2018 by keeping personal data up to date, by storing and destroying it securely, by not collecting or retaining excessive amounts of data, by protecting personal data from loss, misuse, unauthorised access and disclosure, and by ensuring that appropriate technical measures are in place to protect personal data. The information we collect comes from your staff application form: name, phone number, email address, address, gender, date of birth, church and parish, your experience, references, and data needed to complete DBS checks. We use staff personal data, as collected on staff application forms, to recruit camp staff and communicate with staff members.
4. What is the legal basis for processing your personal data?
We process the information you provide on the basis of ‘legitimate interest’, to process your application for a role at the Oxford Diocese Yellow Braces Camp, to communicate between staff members to conduct your duties in relation to Yellow Braces, and for emergency purposes.
5. Sharing your personal data
Your personal data will be treated as confidential and will be shared when necessary with other staff attending the Yellow Braces Camp, this may include sharing with medical professionals in case of an emergency.
6. How long do we keep your personal data?
In accordance with the Church of England’s current safeguarding guidelines, personal data connected with records of children’s activity, including any risk assessment, will be kept for 50 years after the activity ends.
7. Your rights and your personal data
Unless subject to an exemption under the GDPR or DPA 2018, you have the following rights with respect to your personal data:
  • The right to request a copy of your personal data which ODBF holds about you;
  • The right to request that ODBF corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for ODBF to retain such data;
  • The right to withdraw your consent to the processing at any time;
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to lodge a complaint with the Information Commissioners Office.
8. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
9. Contact Details
To exercise all relevant rights, queries or complaints please in the first instance contact the Data Protection Officer, Church House Oxford, Langford Locks, Kidlington, Oxford, OX5 1GF. Tel: 01865 208 200. Email: dpo@oxford.anglican.org. You can contact the Information Commissioners Office on 0303 123 1113, via email or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. May 2019
DT(O)L Members and Trustees of Diocesan Trustees (Oxford) Ltd

Privacy Notice for Members & Trustees of Diocesan Trustees (Oxford) Ltd [DT(O)L]

Download

We are grateful for the support of all those who serve in the diocese. If we have all your contact details from the outset it will ensure that you receive appropriate information and mailings.

1. What is personal data?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in our possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”) and the Data Protection Act 2018, (the “DPA 2018”).
2. Who are we?
DT(O)L is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
3. How do we process your personal data?
DT(O)L complies with its obligations under the GDPR and DPA 2018 by keeping personal data up to date, by storing and destroying it securely, by not collecting or retaining excessive amounts of data, by protecting personal data from loss, misuse, unauthorised access and disclosure, and by ensuring that appropriate technical measures are in place to protect personal data. We use your personal data for the distribution of documentation required for DT(O)L purposes. This includes agendas, meeting minutes, papers for discussion, election papers and information to support your effectiveness in your role.
4. What is the legal basis for processing your personal data?
Processing is carried out under different legal bases depending on the circumstances:
Legitimate Interest
Processing of personal data is undertaken to enable duties as a member & director of DT(O)L to be carried out effectively
Legal Obligation
Personal information will be included in statutory documents required by Companies House & the Charity Commission and will be used in compliance with legislation.
Consent
Subject to consent being given, contact details of members & directors may be shared with the other members or directors to facilitate communication.
5. Sharing your personal data
Your personal data will be treated as confidential and will be shared when necessary with the joint Diocesan Registrars, the ODBF & ODBE for reading minutes; the ODBF for the purposes of administrative functions in connection with your role; Companies House for statutory documentation; the Charity Commission for submission of trustee details, annual return, reports and accounts, auditors for audit of and advice on the Annual Report and Accounts; Oxfordshire History Centre for archival of company minutes, available to the public after 30 years. As members of DT(O)L, the personal information will be in the public domain (for example, on the Companies House website). We will seek your consent before any further sharing of your personal data.
6. How long do we keep your personal data?
We keep data in accordance with the guidance set out in the guide “Save or delete – The Care of Diocesan Records” and is available from the Church of England website. We keep your personal details for as long as you hold office or as long as required which would normally be six complete years after cessation of trusteeship, after which electronic data is deleted and paper copies are shredded.
7. Your rights and your personal data
Unless subject to an exemption under the GDPR or DPA 2018, you have the following rights with respect to your personal data:
  • The right to request a copy of your personal data which the DT(O)L holds about you;
  • The right to request that DT(O)L corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for the DT(O)L to retain such data;
  • The right to withdraw your consent to the processing at any time
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to lodge a complaint with the Information Commissioners Office.
8. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
9. Contact Details
To exercise all relevant rights, queries or complaints please in the first instance contact the Data Protection Officer, Church House Oxford, Langford Locks, Kidlington, Oxford, OX5 1GF. Tel: 01865 208 200. Email: dpo@oxford.anglican.org. You can contact the Information Commissioners Office on 0303 123 1113, via email or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Privacy Notice November 2018
DT(O)L Financial Trust Work

Privacy Notice for DT(O)L Financial Trust Work

Download
1. What is personal data?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in our possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”) and the Data Protection Act 2018, (the “DPA 2018”).
2. Who are we?
Diocesan Trustees (Oxford)Ltd [DT(O)L] is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
3. How do we process your personal data?
DT(O)L complies with its obligations under the GDPR and DPA 2018 by keeping personal data up to date, by storing and destroying it securely, by not collecting or retaining excessive amounts of data, by protecting personal data from loss, misuse, unauthorised access and disclosure, and by ensuring that appropriate technical measures are in place to protect personal data. We use your personal data for the preparation of payments and issue of annual statements.
4. What is the legal basis for processing your personal data?
Processing is carried out under different legal bases depending on the circumstances:
Legitimate Interest
Processing of personal data is undertaken to enable payments to be made and annual statements issued
5. Sharing your personal data
Your personal data will be treated as confidential and will be shared when necessary with the Oxford Diocesan Board of Finance staff to make payments We will seek your consent before any further sharing of your personal data.
6. How long do we keep your personal data?
We keep data in accordance with the guidance set out in the guide “Save or delete – The Care of Diocesan Records” and is available from the Church of England website. We keep your personal details for as long as long as a Trust is open. After a trust is closed or has been handed to parish trustees, paper files are weeded and scanned. Paper files are retained for six financial years after closure or transfer, after which the start & end paper documentation is transferred to the Oxfordshire History Centre other paper records are shredded. Scanned files and associated emails are kept indefinitely.
7. Your rights and your personal data
Unless subject to an exemption under the GDPR or DPA 2018, you have the following rights with respect to your personal data:
  • The right to request a copy of your personal data which the DT(O)L holds about you;
  • The right to request that DT(O)L corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for the DT(O)L to retain such data;
  • The right to withdraw your consent to the processing at any time
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to lodge a complaint with the Information Commissioners Office.
8. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
9. Contact Details
To exercise all relevant rights, queries or complaints please in the first instance contact the Data Protection Officer, Church House Oxford, Langford Locks, Kidlington, Oxford, OX5 1GF. Tel: 01865 208 200. Email: dpo@oxford.anglican.org. You can contact the Information Commissioners Office on 0303 123 1113, via email or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Privacy Notice November 2018
DT(O)L Trust Work Property Transactions

Privacy Notice for DT(O)L Trust Work Property Transactions

Download
1. What is personal data?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in our possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”) and the Data Protection Act 2018, (the “DPA 2018”).
2. Who are we?
Diocesan Trustees (Oxford) Ltd [DT(O)L] is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
3. How do we process your personal data?
DT(O)L complies with its obligations under the GDPR and DPA 2018 by keeping personal data up to date, by storing and destroying it securely, by not collecting or retaining excessive amounts of data, by protecting personal data from loss, misuse, unauthorised access and disclosure, and by ensuring that appropriate technical measures are in place to protect personal data. We use your personal data for the preparation or storage of documentation required to record property transactions and for compliance with associated legislation. This includes PCC resolutions, tenancy information charts, assured shorthold tenancy agreements, other leases, licences to occupy, property checklists, certificates.
4. What is the legal basis for processing your personal data?
Processing is carried out under different legal bases depending on the circumstances:
Legitimate Interest
Processing of personal data is undertaken to enable Licences to Occupy to be prepared.
Legal Obligation
Personal information will be included on documentation in compliance with legislation.
Contractual
Production of an Assured Shorthold Tenancy Agreement.
5. Sharing your personal data
Your personal data will be treated as confidential and will be shared when necessary with solicitors, the Oxford Diocesan Board of Finance. We will seek your consent before any further sharing of your personal data.
6. How long do we keep your personal data?
We keep data in accordance with the guidance set out in the guide “Save or delete – The Care of Diocesan Records” and is available from the Church of England website. We keep your personal details for as long as long as required, after which electronic data is deleted and paper copies are shredded.
7. Your rights and your personal data
Unless subject to an exemption under the GDPR or DPA 2018, you have the following rights with respect to your personal data:
  • The right to request a copy of your personal data which the DT(O)L holds about you;
  • The right to request that DT(O)L corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for the DT(O)L to retain such data;
  • The right to withdraw your consent to the processing at any time
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to lodge a complaint with the Information Commissioners Office.
8. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
9. Contact Details
To exercise all relevant rights, queries or complaints please in the first instance contact the Data Protection Officer, Church House Oxford, Langford Locks, Kidlington, Oxford, OX5 1GF. Tel: 01865 208 200. Email: dpo@oxford.anglican.org. You can contact the Information Commissioners Office on 0303 123 1113, via email or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Privacy Notice November 2018
Volunteers

1. Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in our possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR and the Data Protection Act 2018, (the “DPA 2018”).

2. How do we process your personal data?

We comply with obligations under the GDPR and DPA 2018 by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We use your personal data for the following purposes:

  • To exercise our responsibilities as the organisation you are volunteering through in line with legislation, best practice and our policies and procedures. In addition to our general oversight of your volunteering work, we are responsible for assessing your qualifications, experience and memberships, your criminal background (for specific volunteering roles only) and your ongoing suitability for the volunteering role within the diocese.

3. What is the legal basis for processing your personal data?

Processing of data in relation to your volunteering work is based on consent.

In so far as any personal data relates to “special categories of personal data” or criminal conviction or offence, the processing of data is also a legitimate activity; in order to assess suitability for a volunteer role and monitor diversity. It is not shared externally outside the institutional bodies that comprise the Church of England without your consent.

4. Sharing your personal data

Your information will be shared internally and seen by authorised ODBF staff for the purposes of managing the volunteer relationship.  This will include members of HR, your assigned manager and members of senior management if access to the data is necessary for performance of their roles.

ODBF will share your data with third parties in order to obtain pre-employment checks required for the volunteering role.  This includes your referees and other organisations such as those that obtain checks through the Disclosure and Barring Service if required for the role.

We don’t use your data for any other reason, nor do we sell it to any third parties or use it to contact you about any unrelated services.

5. How long do we keep your personal data?

We keep your personal data for the duration of your volunteering work with us, plus an additional six years after the relationship has come to an end.  It is your responsibility to inform us of any changes to your information, for example if you move to a new house.

6. Your rights and your personal data

Unless subject to an exemption under the GDPR or DPA 2018, you have the following rights with respect to your personal data: -

  • The right to request a copy of your personal data which ODBF holds about you;
  • The right to request that ODBF correct any personal data if it is found to be inaccurate or out of date; 
  • The right to request your personal data is erased where it is no longer necessary for us to retain such data;
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data, (where applicable). The right to lodge a complaint with the Information Commissioners Office.

7. Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

8. Contact details

To exercise all relevant rights, queries or complaints please in the first instance contact the Data Protection Officer, Church House Oxford, Langford Locks, Kidlington, Oxford, OX5 1GF. Tel: 01865 202243.  Email: dpo@oxford.anglican.org.

You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

Contractors

1. Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in our possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR and the Data Protection Act 2018, (the “DPA 2018”).

2. How do we process your personal data?

We comply with obligations under the GDPR and DPA 2018 by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We use your personal data for the following purposes:

  • To assess your suitability to provide services to ODBF.  This may include reviewing your work history or education, checking qualifications, memberships, insurance, right to work in the UK documentation, taking up references, applying for criminal record clearance, driving licence checks, health screening or checking company/self-employed status, as applicable for the services to be provided.
  • To establish and maintain the contract of services between both parties, including the monitoring of assignment outcomes and compliance with the contract of services agreement.
  • To process invoices for payment

3. What is the legal basis for processing your personal data?

The processing of your data is necessary in order for us to fulfil our obligations set out in the contract for services.

In so far as any personal data relates to “special categories of personal data” or criminal conviction or offence, the processing of data is also a legitimate activity; in order to assess suitability for a proving a service and to monitor diversity. It is not shared externally outside the institutional bodies that comprise the Church of England without your consent.

4. Sharing your personal data

Your information will be shared internally and seen by authorised ODBF staff for the purposes of managing the contract of services.  This will include members of HR, Finance your manager and members of senior management if access to the data is necessary for performance of their roles and fulfilment of the contract of services.

ODBF may share your data with third parties in order to obtain checks to verify your suitability to provide services.  This includes referees and other organisations such as professional bodies necessary to complete checks.  Medical checks from our Occupational Health Provider and criminal records checks, obtained from the Disclosure and Barring Service by a third-party organisation, may be required dependant on the services you will be providing.  You will be informed before any such checks are applied for.

We don’t use your data for any other reason, nor do we sell it to any third parties or use it to contact you about any unrelated services.

5. How long do we keep your personal data?

We keep your personal data for the duration of the contract for services, plus an additional six years after the agreement has come to an end.  It is your responsibility to inform us of any changes to your information, for example if you move to a new house.

6. Your rights and your personal data

Unless subject to an exemption under the GDPR or DPA 2018, you have the following rights with respect to your personal data: -

  • The right to request a copy of your personal data which ODBF holds about you;
  • The right to request that ODBF correct any personal data if it is found to be inaccurate or out of date; 
  • The right to request your personal data is erased where it is no longer necessary for us to retain such data;
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data, (where applicable). The right to lodge a complaint with the Information Commissioners Office.

7. Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

8. Contact details

To exercise all relevant rights, queries or complaints please in the first instance contact the Data Protection Officer, Church House Oxford, Langford Locks, Kidlington, Oxford, OX5 1GF. Tel: 01865 202243.  Email: dpo@oxford.anglican.org.

You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

IT & Communications

About this policy 

8.5.1 Our IT and communications systems are intended to promote effective communication and working practices. This policy outlines the standards you must observe when using these systems, when we will monitor their use, and the action we will take if you breach these standards. 

This policy applies to all ODBF employees, contract/temporary staff and any other individuals with access to the ODBF’s IT systems.

8.5.2 Breach of this policy may be dealt with under our Disciplinary Procedure and, in serious cases, may be treated as gross misconduct leading to summary dismissal. 

Equipment security and passwords 

8.5.3 You are responsible for the security of the equipment allocated to or used by you, and you must not allow it to be used by anyone other than in accordance with this policy. You should use passwords on all IT equipment, particularly items that you take out of the office. You should keep your passwords confidential and change them regularly, at least every 3 months. Your password should be a hard-to-guess combination, at least 8 characters (including upper and lower case letters and a numerical digit), and should not include your name.  A strong numerical passcode, that is not easy to guess, should be set on mobile phones or tablets used for work purposes.  

8.5.4 You must only log on to our systems using your own username and password. You must not use another person's username and password or allow anyone else to log on using your username and password, without the permission of IT and your Departmental Head. 

8.5.5 If you are away from your desk you should log out or lock your computer. You must log out and shut down your computer at the end of each working day 

Systems and data security 

8.5.6 You should not delete, destroy or modify existing systems, programs, information or data (except as authorised in the proper performance of your duties). 

8.5.7 You must not download or install software or any application from external sources without authorisation from your line manager and the IT department. Downloading unauthorised software or apps may interfere with our systems and may introduce viruses or other malware. 

8.5.8 We monitor all e-mails passing through our system for viruses. You should exercise particular caution when opening unsolicited e-mails from unknown sources. If an email looks suspicious do not reply to it, open any attachments or click any links in it. 

8.5.9 Inform your line manager immediately if you suspect your computer may have a virus.  

8.5.10 Networked drives (R: drive and U: drive) and Microsoft OneDrive are provided for you to save documents used in the performance of your role (files saved in these locations are automatically backed up).  To maintain the highest levels of security and resilience it is recommended that documents are not saved onto your local computer hard disc drive.  Other cloud storage solutions, such as Dropbox, are not recommended.

Documents should only be stored onto a USB device where necessary.  Sensitive information stored should always be password protected.  If you require regular use of a USB storage device, you should consider encrypting it.

Use of your own devices 

8.5.11 If you access your work emails or data on a personal device (PC, tablet, etc.), documents should not be stored on that device.  We recommend you access Office 365 using a web browser, which provides access to your work without storing files permanently on the local device.  See the Information Security policy for more details on the use of your own devices for work purposes.

E-mail 

8.5.12 Adopt a professional tone and observe appropriate etiquette when communicating with third parties by e-mail.  

8.5.13 Remember that e-mails can be used in legal proceedings and that even deleted emails may remain on the system and be capable of being retrieved. 

8.5.14 You must not send abusive, obscene, discriminatory, racist, harassing, derogatory, defamatory, pornographic or otherwise inappropriate e-mails.  

8.5.15 You should not: (a) send or forward private e-mails at work which you would not want a third party to read; (b) send or forward chain mail, junk mail, cartoons, jokes or gossip; (c) contribute to system congestion by sending trivial messages or unnecessarily copying or forwarding e-mails to others who do not have a real need to receive them; or (d) send messages from another person's e-mail address (unless authorised) or under an assumed name. 

8.5.16 Do not use your own personal e-mail account to send or receive e-mail for the purposes of our organisation. Only use the e-mail account we have provided for you. 

Using the internet 

8.5.17 Internet access is provided for organisation purposes. Occasional personal use may be permitted as set out in paragraph 8.5.20 and 8.5.21 

8.5.18 You should not access any web page or download any image or other file from the internet which could be regarded as illegal, offensive or immoral. Even web content that is legal in the UK may fall within this prohibition. As a general rule, if any person (whether intended to view the page or not) might be offended by the contents of a page, or if the fact that our software has accessed the page or file might be a source of embarrassment if made public, then viewing it will be a breach of this policy.  If such access is necessary for work purposes, written approval must be granted in advance by your Head of Department, in consultation with the IT team.

8.5.19 We may block or restrict access to some websites at our discretion. 

Personal use of our systems 

8.5.20 We permit the occasional use of our systems to send personal e-mail, browse the internet and make personal telephone calls subject to certain conditions. Personal use is a privilege and not a right. It must not be overused or abused. We may withdraw permission for it at any time or restrict access at our discretion. 

8.5.21 Personal use must meet the following conditions: (a) it must be minimal and take place substantially outside of normal working hours (that is, during your lunch break, and before or after work); ; (b) it must not affect your work or interfere with the organisation; (c) it must not commit us to any marginal costs; and (d) it must comply with our policies including the Equal Opportunities Policy, Antiharassment and Bullying Policy, Data Protection Policy, Social Media and Disciplinary Procedure. 

Monitoring 

8.5.22 Our systems enable us to monitor telephone, e-mail, voicemail, internet and other communications. For organisational reasons, and in order to carry out legal obligations in our role as an employer, your use of our systems including the telephone and computer systems (including any personal use) may be continually monitored by automated software or otherwise.  

8.5.23 We reserve the right to retrieve the contents of e-mail messages or check internet usage (including pages visited and searches made) as reasonably necessary in the interests of the organisation, including for the following purposes (this list is not exhaustive): (a) to monitor whether the use of the e-mail system or the internet is legitimate and in accordance with this policy;  (b) to find lost messages or to retrieve messages lost due to computer failure;  (c) to assist in the investigation of alleged wrongdoing; or (d) to comply with any legal obligation. 

8.5.24 Only the Diocesan Secretary has the authority to approve action under 8.5.23 above 

Prohibited use of our systems 

8.5.25 Misuse or excessive personal use of our telephone or e-mail system or inappropriate internet use will be dealt with under our Disciplinary Procedure. Misuse of the internet can in some cases be a criminal offence.  

8.5.26 Creating, viewing, accessing, transmitting or downloading any of the following material will usually amount to gross misconduct (this list is not exhaustive): (a) pornographic material (that is, writing, pictures, films and video clips of a sexually explicit or arousing nature); (b) offensive, obscene, or criminal material or material which is liable to cause embarrassment to us or to our clients;  (c) a false and defamatory statement about any person or organisation;  
(d) material which is discriminatory, offensive, derogatory or may cause embarrassment to others (including material which breaches our Equal Opportunities Policy or our Anti-harassment and Bullying Policy);  (e) confidential information about us or any of our staff or clients (except as authorised in the proper performance of your duties); (f) unauthorised software; (g) any other statement which is likely to create any criminal or civil liability (for you or us); or (h) music or video files or other material in breach of copyright. 

Lost or stolen equipment

8.5.27 Any lost or stolen IT equipment, either issued to you by ODBF or a personal device that you use to access ODBF’s data and systems, must be reported to our IT provider and your line manager as soon as possible, even if this is outside of normal office hours.  Immediate notification is imperative, since this constitutes a data breach under data protection law.  IT can be contacted on:  07770 382452.

8.5.28  Once you have discovered your device is missing you should use an alternative device to log on to Office 365 (using your computer login credentials) and change your password immediately, in case your account password has been compromised.  IT will initiate a remote wipe of any mobile device to remove all data.

Page last updated: Monday 31st July 2023 1:40 PM
Powered by Church Edit