This page contains Privacy Notices for Oxford Diocesan Board of Finance and for Diocesan Trustees (Oxford) Ltd.  These documents describe the way we process personal data in different situations: the personal data we process; what we do with it; how we store it; and what happens when we finish processing it.

General Privacy Notice for Oxford Diocesan Board of Finance (ODBF)

This privacy notice explains how ODBF processes personal data in our general day-to-day work.  It should be read in conjunction with additional privacy notices which explains our handling of personal data in specific circumstances (for specific activities or groups of people).  All our privacy notices are available at www.oxford.anglican.org/ privacy-policy/.

1. What is personal data?

Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in our possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”) and the Data Protection Act 2018, (the “DPA 2018”).

2. Who are we?

Oxford Diocesan Board of Finance (ODBF) is the data controller (contact details below).  This means it decides how your personal data is processed and for what purposes.

3. How do we process your personal data?

ODBF complies with its obligations under the GDPR and DPA 2018 by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We may use your contact data for the following purposes:

  • To support communications by letter, email and telephone
  • To include as required in meeting minutes, reports, agendas, invitations and other documents
  • To maintain a database of contacts, parishes and posts for the diocese of Oxford
  • Administration of training events, special services, conferences, consultations and other gatherings of diocesan post-holders
  • Recording of attendance at training events, meetings, etc. when there is a need to do so

We may also process your personal data as a result of:

  • Identity checks required to complete DBS checks
  • CCTV (at Church House Oxford) for the prevention of crime

4. What is the legal basis for processing your personal data?

Processing is carried out under different legal bases depending on the circumstances:

Legal Obligation where we are required to meet legal requirements, such as legislation for taxation, charity law, safeguarding, employment law, health & safety, or church representation/faculty law.

Legitimate Interest to support the collaborative working between ODBF staff and members of our parishes, deaneries and the general public.

5. Sharing your personal data

Your personal data will be treated as confidential and will only be shared when necessary with Bishops’ offices, Oxford Diocesan Board of Education, Oxford Cathedral, Diocesan Registry and National Church Institutions (such as the Church Commissioners) for purposes connected with the Diocese of Oxford.  If we wish to share your personal data outside the Church of England, then we will always seek your consent first.

6. How long do we keep your personal data?

We keep your personal data for no longer than reasonably necessary.  This includes following Church of England guidelines in ‘Save or delete: the Care of Diocesan Records’ and ‘Personal Files Relating to Clergy’, see https://www.churchofengland.org/ more/libraries-and-archives/records-management-guides.

Our general policy for retention of personal data is:

  • Contact data held on personal devices (mobile phones, PCs, laptops, etc.): reviewed and updated/deleted annually
  • Contact/post database entries are changed to archive status when you no longer hold any post. Historic post data remains on archive for 25 years.
  • Training administration data: 5 years from the course date
  • Training attendance data: 6 years after employment ceases
  • Financial transaction data: 6 years from transaction date
  • Logs of DBS checks are held indefinitely

7. Your rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: –

  • The right to request a copy of your personal data which the ODBF holds about you;
  • The right to request that ODBF corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for the ODBF to retain such data;
  • The right to withdraw your consent to the processing at any time;
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to lodge a complaint with the Information Commissioners Office.

8. Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

9. Contact Details

To exercise all relevant rights, queries or complaints please in the first instance contact the Data Protection Officer, Church House Oxford, Langford Locks, Kidlington, Oxford, OX5 1GF. Tel: 01865 208200.  Email: dpo@oxford.anglican.org.

You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

Privacy Notice May 2019

Privacy Notice for Clergy and LLMs

1. Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in our possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR and the Data Protection Act 2018, (the “DPA 2018”).

2. How do we process your personal data?

The diocesan and area bishops comply with their obligations under the GDPR and DPA 2018 by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We use your personal data for the following purposes:
To exercise our legal and pastoral responsibilities as your diocesan and area bishops. In addition to our general oversight of your ministry, we are responsible for assessing your qualifications and suitability for any particular office or ministry within the diocese, and for making appropriate arrangements for your ministerial development (including ministerial development review).

3. What is the legal basis for processing your personal data?

Processing of data in relation to personal files is a legitimate interest in accordance with my responsibilities under the Canons. These include our general responsibilities as chief pastors of the diocese, in order to be able to develop, support, administer, regulate and manage licensed ministers through their ministry. In so far as any personal data relates to “special categories of personal data” or criminal conviction or offence, the processing of data is also a legitimate activity; it is also needed in order to manage and administer internal functions with those with whom we have regular contact.  It is not shared externally outside the institutional bodies that comprise the Church of England without your consent. The exception to this is the provision of Episcopal References and Clergy Current Status Letters (“CCSL”).

Episcopal References and CCSLs are processed on the basis that it is a legitimate interest as established by the Promoting a Safer Church House of Bishops Policy Statement (2017)[1].  However, in so far as the personal data contained within the Episcopal Reference and CCSL relates to “special categories of personal data” and criminal conviction and offence data, this will be processed on the basis that it is necessary for reasons of substantial public interest on the basis of UK law. The Episcopal Reference and CCSL will be disclosed both for posts within the Church of England and externally, where you have applied for a ministerial post in another diocese or a church outside the Church of England and is done so in order to protect members of the public from harm, including dishonesty, malpractice and other seriously improper conduct or safeguarding purposes as established by the Safer Recruitment: Practice Guidance (2016)[2].

4. Sharing your personal data

Your personal data will be treated as strictly confidential and will be shared only when necessary with institutional bodies that comprise the Church of England for the purposes of administrative functions in connection with your role.   If we wish to share your personal data outside the Church of England, then we will always seek your consent first.

5. How long do we keep your personal data?

We keep your personal data for no longer than reasonably necessary for the periods and purposes as set out in the attached retention table. Although this table relates to clergy, files for lay ministers are held for the same periods of time. [see p.21 at the following link: https://www.churchof england.org/sites/default/files/2018-02/Personal%20Files %20Relating%20to%20Clergy%202017%20revision.pdf]

6. Your rights and your personal data

Unless subject to an exemption under the GDPR or DPA 2018, you have the following rights with respect to your personal data: –

  • The right to request a copy of your personal data which the Bishop holds about you;
  • The right to request that the Bishop corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for the Bishop to retain such data;
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data, (where applicable). The right to lodge a complaint with the Information Commissioners Office.

7. Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

8. Contact Details

To exercise all relevant rights, queries or complaints please in the first instance contact the Data Protection Officer, Church House Oxford, Langford Locks, Kidlington, Oxford, OX5 1GF. Tel: 01865 208200.  Email: dpo@oxford.anglican.org.

You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

Privacy notice November 2018

[1] https://www.churchofengland.org/sites/default/files/2017-12/PromotingSaferChurchWeb.pdf

[2] https://www.churchofengland.org/sites/default/files/2017-11/safeguarding%20safer_recruitment_practice_guidance_2016.pdf

Privacy Notice for Parish Office Holders (Churchwarden,
PCC secretary, Treasurer, Deanery Synod rep, Safeguarding officer)

We are grateful for the support of all those who serve the Diocese. It helps the diocese to help you if we have all your contact details from the start. It will ensure that you receive appropriate diocesan information and mailings.

1 What is personal data?

Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in our possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”) and the Data Protection Act 2018, (the “DPA 2018”).

2. Who are we?

Oxford Diocesan Board of Finance (ODBF) is the data controller (contact details below).  This means it decides how your personal data is processed and for what purposes.

3. How do we process your personal data?

ODBF complies with its obligations under the GDPR and DPA 2018 by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We use your data for the following purposes:

  • To serve you with legal notices related to your parish office e.g. as PCC secretary
  • To contact you with guidance, training opportunities and other events related to your office

4 What is the legal basis for processing your personal data?

Processing is carried out under different legal bases depending on the circumstances:

Legal Obligation

There are certain activities the diocese needs to coordinate with parish officers to comply with statutory requirements (for example PCC elections, deanery synod elections, faculty process, requirements of tax/charity laws).

Legitimate Interest

We process your personal data so that diocesan staff can contact you when necessary, also to help you carry out your duties as a parish officer effectively, such as: creating awareness of your office requirements (particularly when things change); training opportunities and events related to your office.

Consent

Subject to consent being given, your contact details will appear in the Diocesan Directory.  This is available online, to any parish/deanery office holders in the diocese at www.parishinfo.org or via a limited number of paper copies.  The Diocese will, on occasion, make extracts of relevant Diocesan Directory information available to third parties which have requirements that align with the aims and objectives of the diocese (e.g. Funeral Directors).

5. Sharing your personal data

Your office held and contact information are made available to ODBF staff, this is also shared with the Bishops’ Offices and the Diocesan Registry.  In addition, we may share your data on a ‘need to know’ basis with the National Church Institutions (such as the Church Commissioners).

At the discretion of ODBF, Diocesan Directory information may be shared (subject to consent as above) with third parties who are aligned to the diocese’s aims and objectives.

6. How long do we keep your personal data?

We keep your data until either you tell us that you have ceased to hold the office, or we receive formal notification of your successor.  After you cease to hold office, the record of your period(s) of service is retained for archive purposes for a period of 30 years.

7. Your rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: –

  • The right to request a copy of your personal data which the ODBF holds about you;
  • The right to request that ODBF corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for the ODBF to retain such data;
  • The right to withdraw your consent to the processing at any time;
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to lodge a complaint with the Information Commissioners Office.

8. Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

9. Contact Details

To exercise all relevant rights, queries or complaints please in the first instance contact the Data Protection Officer, Church House Oxford, Langford Locks, Kidlington, Oxford, OX5 1GF. Tel: 01865 208200.  Email: dpo@oxford.anglican.org.

You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

Privacy Notice November 2018

Website privacy Policy

This Policy explains when and why we collect personal information about people who visit our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

This policy relates to oxford.anglican.org, its subdomains, and other official Diocese of Oxford websites including earthingfaith.org, thamespilgrimway.org.uk, youthblog.org.  It does not apply to sites the Diocese of Oxford may host for affiliated organisations.

We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using our website, you’re agreeing to be bound by this Policy.

Any questions regarding this Policy and our privacy practices should be sent by email to webmaster@oxford.anglican.org or by writing to the Data Protection Officer, Church House Oxford, OX5 1GF. Alternatively, you can telephone 01865 208200 and ask to speak to the Data Protection Officer or web team.

How do we collect information from you?

We obtain limited information about you when you use the website, for example, when you contact us or subscribe to our newsletter.

What type of information is collected from you?

Newsletters

If you voluntarily subscribe to eNews or other emails from us we save:

  • Your email address (required)
  • Your name (optional)
  • The archdeaconry where you worship (optional)

You can update your newsletter profile at any time and each email newsletter we send to you contains an unsubscribe link. If you unsubscribe and are a church officer then we will only send important information related to your role.

Contact Forms

We use contact forms so you can send us queries.  We save the information you submit on the form for a maximum of 6 months, the information is then deleted.  We do this to ensure that your query reaches the intended recipient.

The personal information we collect through the form is as follows:

  • Your name
  • Email address
  • IP address
  • Date and time
  • Message subject and content including attachments

Cookies

This site uses cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, keep you logged in if you are an editor, and provide anonymised tracking data to third party applications like Google Analytics.

As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers.

What third-party cookies (external to oxford.anglican.org) do we store:

 __cfduid

This is a security cookie set by Cloudflare that relates to One Signal.  The system we use for sending browser notifications of new posts

__utma / __utmb / __utmc / __utmz

These relate to Google Analytics which we use to understand how many people use the website and which pages they visit.

Other cookies may be set that are local to our own domain and are used for the smooth running of the website.  None of the cookies we set contains personally identifiable information.

How is my information used?

We may use your information to:

  • improve the website by understanding which pages are most visited and in what order
  • send you notifications that you have requested (more about browser notifications)
  • put you in touch with someone you need to contact
  • remember your login details if you are one of our website editors

We do not store any information you provide for any longer than necessary.

We will not sell or rent your information to third parties.

We will not share your information with third parties for marketing purposes.

Your choices

The accuracy of your information is important to us. If your email address or any of the other information we hold is inaccurate or out of date, please let us know.

You can update your details on the newsletter by following the “Update My Preferences” link in the email.

You have the right to ask for a copy of the information we hold about you on our website.

Security precautions in place to protect the loss, misuse or alteration of your information

When you give us personal information, we take steps to ensure that it’s treated securely.

We do not collect sensitive information (such as credit or debit card details on this website).

You do not need to register to use this website unless you are a staff editor.

Our website is SSL secured so all passwords etc are encrypted however non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Links to other websites

Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.

Transferring your information outside of Europe

All our web servers are located in the EU However, as part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Union (“EU”).  For example, when you subscribe to a newsletter, a browser notification, or when our sites are backed-up.   These countries may not have similar data protection laws to the UK. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.

Visitors should be aware that public websites are indexed and cached by search engines and archival services over which site managers have limited control.    These may include, Google, Yahoo, Bing and Archive.org.

Review of this Policy

We keep this Policy under regular review. This Policy was last updated in May 2018.

Privacy Notice for Members of Oxford Diocesan Synod and Associated Boards and Councils

We are grateful for the support of all those who serve the diocese. It helps the diocese to help you if we have all your contact details from the start. It will ensure that you receive appropriate diocesan information and mailings.

1 What is personal data?

Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in our possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”) and the Data Protection Act 2018, (the “DPA 2018”).

2. Who are we?

Oxford Diocesan Board of Finance (ODBF) is the data controller (contact details below).  This means it decides how your personal data is processed and for what purposes.

3. How do we process your personal data?

ODBF complies with its obligations under the GDPR and DPA 2018 by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We use your personal data for the distribution of documentation required for the operation of Diocesan Synod, its associated Boards and Councils. This includes agendas, meeting minutes, papers for discussion, election papers and information to support your effectiveness in your role.

4 What is the legal basis for processing your personal data?

Processing is carried out under different legal bases depending on the circumstances:

Legitimate Interest

Processing of your personal data is undertaken so that you can carry out your duties effectively a member of Diocesan Synod, its Boards or Councils.

Legal Obligation

In specific situations (for example, members of Bishop’s Council who are directors and trustees of ODBF), the details of certain synod/council members will be included in statutory documents required by Companies House and the Charities Commission.

Consent

Consent may be sought to share your contact details with other members of Diocesan Synod and associated Boards and Councils, to facilitate communication between members.

5. Sharing your personal data

Your personal data will be treated as confidential and will be shared when necessary with Bishops’ Offices, National Church Institutions (such as the Church Commissioners) and the Diocesan Registrar for the purposes of administrative functions in connection with your role(s).

As members of ODBF, the names of Diocesan Synod members will be available in the public domain (for example, on the Oxford Diocesan website).  We will seek your consent before any further sharing of your personal data.

6. How long do we keep your personal data?

We keep data in accordance with the guidance set out in the guide “Save or delete – The Care of Diocesan Records” (which covers Diocesan Synod records) and is available from the Church of England website:  https://www.churchof england.org/more/libraries-and-archives/records-management-guides.  We keep your personal details for as long as you hold office, after which electronic data is deleted and paper copies are shredded.

7. Your rights and your personal data

Unless subject to an exemption under the GDPR or DPA 2018, you have the following rights with respect to your personal data:

  • The right to request a copy of your personal data which the ODBF holds about you;
  • The right to request that ODBF corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for the ODBF to retain such data;
  • The right to withdraw your consent to the processing at any time
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to lodge a complaint with the Information Commissioners Office.

8. Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

9. Contact Details

To exercise all relevant rights, queries or complaints please in the first instance contact the Data Protection Officer, Church House Oxford, Langford Locks, Kidlington, Oxford, OX5 1GF. Tel: 01865 208200.  Email: dpo@oxford.anglican.org.

You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

Privacy Notice November 2018

Privacy Notice for Employees of ODBF
(Oxford Diocesan Board of Finance)

1. Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in our possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR and the Data Protection Act 2018, (the “DPA 2018”).

2. How do we process your personal data?

Oxford Diocesan Board of Finance (ODBF) is the data controller (contact details below).  This means it decides how your personal data is processed and for what purposes.

We comply with obligations under the GDPR and DPA 2018 by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We use your personal data for the following purposes:
To exercise our responsibilities as your employer in line with legislation, your statement of particulars of employment and our policies and procedures. In addition to our general oversight of your employment, we are responsible for assessing your qualifications and memberships, your right to work in the UK, your criminal background (for specific roles only), your ongoing suitability for the role within the diocese and for managing your performance and well-being, including processing absence and health data to inform business decisions and well-being support.  We will instruct payment to be made for the work you do and administer relevant benefits.

3. What is the legal basis for processing your personal data?

Processing of data in relation to your employment is necessary to meet our contractual obligations, as set out in your statement of particulars of employment and to meet legal obligations in relation to the employment relationship.

In so far as any personal data relates to “special categories of personal data” or criminal conviction or offence, the processing of data is also a legitimate activity; in order to assess suitability for a role and monitor diversity. It is not shared externally outside the institutional bodies that comprise the Church of England without your consent.

4. Sharing your personal data

Your information will be shared internally and seen by authorised ODBF staff for the purposes of managing the employment relationship, pay and benefits.  This will include members of HR, your manager and members of senior management if access to the data is necessary for performance of their roles.

ODBF will share your data with third parties in order to obtain pre-employment checks required for the role.  This includes your referees and other organisations such as professional bodies necessary to complete pre-employment checks.   Medical checks from our Occupational Health Provider and criminal records checks required for the role, obtained from the Disclosure and Barring Service by a third-party organisation, will not be sought until a conditional offer of employment has been made.

Data will be shared with our payroll provider and benefit suppliers in order to ensure the management of pay and benefits, such as pension scheme and childcare vouchers.

Data may be shared with our occupational health provider, your GP or a healthcare professional, where health information is required to support your well-being.  Additional consent will be required from you before a request for medical information is made.

We don’t use your data for any other reason, nor do we sell it to any third parties or use it to contact you about any unrelated services.

5. How long do we keep your personal data?

We keep your personal data for the duration of your employment with us, plus an additional six years after the employment relationship has come to an end.  It is your responsibility to inform us of any changes to your information, for example if you move to a new house.

6. Your rights and your personal data

Unless subject to an exemption under the GDPR or DPA 2018, you have the following rights with respect to your personal data: –

  • The right to request a copy of your personal data which ODBF holds about you;
  • The right to request that ODBF correct any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for us to retain such data;
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data, (where applicable). The right to lodge a complaint with the Information Commissioners Office.

7. Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

8. Contact Details

To exercise all relevant rights, queries or complaints please in the first instance contact the Data Protection Officer, Church House Oxford, Langford Locks, Kidlington, Oxford, OX5 1GF. Tel: 01865 208200.  Email: dpo@oxford.anglican.org.

You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

Privacy Notice November 2018

Privacy Notice for candidates applying for vacancies with Oxford Diocesan Board of Finance (ODBF)

1. Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in our possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR and the Data Protection Act 2018, (the “DPA 2018”).

2. How do we process your personal data?

Oxford Diocesan Board of Finance (ODBF) is the Data Controller.  This means it is ultimately responsible for the data it holds about you. We comply with our obligations under the GDPR and DPA 2018 by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We use your personal data for the following purposes:

 ODBF collects and processes a range of information about you. This includes:

  • your name, address and contact details, including email address and telephone numbers
  • your date of birth
  • details of your education, qualifications, skills, experience and employment history, including start and end dates
  • information about your current level of remuneration, including entitlement to allowances
  • details of any gaps in employment
  • details of whether you are a relative or a partner of, or have any close personal relationship with any employee of
  • details of your registration with or membership of any professional bodies required for you to be able to practice in your profession or meet the requirements of the role that you have applied for, and details of any sanctions or restrictions placed upon you that affect your ability to practice in that role
  • information about your identity and entitlement to work in the UK
  • information about your criminal record where applicable to your role
  • whether or not you have a disability for which the ODBF needs to make reasonable adjustments during the recruitment and selection process
  • equal opportunities monitoring information, including information about your gender, whether you are married or in a civil partnership, ethnic origin, sexual orientation, religion or belief, health and disability
  • where you have applied for a role that would require you to drive on ODBF business/ have a lease car we will collect details of your driving licence and any driving offences that you incur

ODBF will collect this information in a variety of ways. For example, data might be collected through application forms, obtained from your passport or other identity documents such as your driving licence and qualification certificates, or collected through interviews or other forms of assessment, including on-line tests.

ODBF will also collect information about you from third parties, such as references supplied by former employers, other organisations in relation to pre-employment checks, such as registration with professional bodies where a requirement of the role and information from criminal records checks permitted by law.

3. What is the legal basis for processing your personal data?

Processing of data in relation to the recruitment process is a legitimate interest in accordance with current employment legislation and ODBF’s policies and procedures.

The data collected from you when you apply for a role is used solely to manage the recruitment process with respect to the requirements of the role (for instance, we only need information about your driving licence if the role you are applying for involves driving as part of your duties).  All of the information we ask for above is used to check your suitability for the advertised role with a view to potentially entering into a contract of employment.

ODBF has a duty as a company and charitable organisation to ensure that it runs an efficient, fair and safe recruitment process in the public interest to attract suitable staff, in order to protect public funds.

There are also reasons that ODBF needs to process this data by law.  For instance, The Equality Act 2010 means that ODBF has a duty to ensure that no discrimination takes place during recruitment and selection on grounds of “protected characteristics”.  Clearly, ODBF needs to collect the data which relates to the characteristics to ensure (and to be able to show) that it is not treating applicants unfairly as a result.

You are under no statutory or contractual obligation to provide data to ODBF during the recruitment and selection process.  However, if you do not provide the information, ODBF may not be able to process your application properly or at all which will obviously have the potential to disadvantage your chances of success.  You are under no obligation to provide information for equal opportunities monitoring purposes (this is asked for on a separate form to your main application and is retained within HR for monitoring purposes only and does not form part of the selection process.).  There are no consequences for your application if you choose not to provide such information.

Recruitment and selection decisions are never based solely on an automated decision-making process – there is always human intervention and judgement exercised at the point of a decision.

You can access information about your rights with respect to the data we collect below (see “Your Rights”).

4. Sharing your personal data

Your information will be shared internally and seen by authorised ODBF staff for the purposes of the recruitment and selection exercise.  This will include members of HR, the recruiting manager and members of the recruitment panel, managers in the service area with the vacancy and IT staff if access to the data is necessary for performance of their roles.

ODBF will share your data with third parties in order to obtain pre-employment checks required for the role.  This includes your referees and other organisations such as professional bodies necessary to complete pre-employment checks.   Medical checks from our Occupational Health Provider and criminal records checks required for the role, obtained from the Disclosure and Barring Service by a third-party organisation, will not be sought until a conditional offer of employment has been made.

We don’t use your data for any other reason, nor do we sell it to any third parties or use it to contact you about any unrelated services.

5. How long do we keep your personal data?

Your data will not be kept any longer than necessary.  Data for successful applicants will be used to enter into an employment contract.  A separate privacy notice exists for employees and you will have access to that should you be appointed in the role.  Data for unsuccessful applicants is retained for a period of 6 months from the end of the recruitment exercise and is then securely destroyed.

 

6. Your rights and your personal data

Unless subject to an exemption under the GDPR or DPA 2018, you have the following rights with respect to your personal data: –

  • The right to request a copy of your personal data which ODBF holds about you;
  • The right to request that ODBF correct any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for us to retain such data;
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data, (where applicable). The right to lodge a complaint with the Information Commissioners Office.

7. Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

8. Transfer overseas

Your data will not be stored or sent outside of the European Economic Area (EEA), with the exception of requests for references where the referees you have provided are outside of the EEA.

9. Contact Details

To exercise all relevant rights, queries or complaints please in the first instance contact the Data Protection Officer, Church House Oxford, Langford Locks, Kidlington, Oxford, OX5 1GF. Tel: 01865 208200.  Email: dpo@oxford.anglican.org.

You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

Privacy Notice November 2018

Privacy Notice for those seeking to discern a call to Licensed Lay Ministry within the Oxford Diocese

We are grateful to those who wish to explore their sense of calling to Licensed Lay Ministry within this Diocese. It helps the diocese to help you if we have all your contact details from the start. It will ensure that you receive appropriate diocesan information and mailings.

1. Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in our possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”) and the Data Protection Act 2018, (the “DPA 2018”)

2. Who are we?

Oxford Diocesan Board of Finance (ODBF) is the data controller (contact details below).  This means it decides how your personal data is processed and for what purposes.

3. How do we process your personal data?

ODBF complies with its obligations under the GDPR and DPA 2018 by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. We use your personal data for the following purposes:

  • To work with you in the process of discerning a vocation to LLM and, should you be selected for LLM, to arrange training and placement. This will involve the collection and use of ‘special category’ data (which may include race, ethnic origin, political affiliation, religious affiliation, health, sex life or sexual orientation).
  • To send you invitations to suitable vocations events designed to help you discern your calling.

4. What is the legal basis for processing your personal data?

Processing requires legal bases under Article 6 and (since ‘special category’ data is involved) Article 9 of the GDPR:

  • We have a legitimate interest (Article 6) to discern candidates who offer themselves for LLM and training, in accordance with the Church of England’s national selection processes, taking special care to handle sensitive information with extra care and security.
  • We have a legal obligation (Article 6) to ascertain your right to work under UK employment law.
  • Special category data is processed as part of our legitimate activity (Article 9), with appropriate safeguards to keep such data secure and not to share it outside the bodies which constitute the Church of England without your consent.
  • Independent of the discernment and training process, we seek consent (Article 6) to keep you informed about news, events, activities and services related to vocations and the vocations process.

5. Sharing your personal data

Your personal data will be treated as confidential and will be shared when necessary with the relevant Bishop’s office within the Oxford Diocese, Oxford Cathedral, with National Church Institutions and other Dioceses in the Church of England, for the purposes of administrative activity in connection with you discerning a call to LLM, selection, training, placements, and meeting legal requirements for licensing.

Subject to your consent to share, your personal data may be shared outside the Church of England: with Theological Education Institutes and (in the event of transfer) other Anglican Dioceses within the UK and European Economic Area (EEA).  If we need to share your personal data with any other organisation, then we will always seek your consent first.

6. How long do we keep your personal data?

We keep your personal data for as long as you are in the discernment process and afterwards, according to protocol from Church of England Ministry Division:

  • Candidates who attend a selection day and are not recommended: 10 years after selection after which electronic data is deleted and paper copies are shredded.
  • Candidates who withdraw from the process before selection: 5 years after withdrawal, after which electronic data is deleted and paper copies are shredded.
  • Where safeguarding concerns have been identified: indefinitely
  • Candidates who are licensed: 1 year after licensing after which electronic data and paper copies are passed to the relevant Bishop’s office.

7. Your rights and your personal data

Unless subject to an exemption under the GDPR or DPA 2018, you have the following rights with respect to your personal data:

  • The right to request a copy of your personal data which ODBF holds about you;
  • The right to request that ODBF corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for ODBF to retain such data;
  • The right to withdraw your consent to the processing at any time, however should you do this, the discernment process would not continue;
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to lodge a complaint with the Information Commissioners Office.

8. Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

9. Contact Details

To exercise all relevant rights, queries or complaints please in the first instance contact the Data Protection Officer, Church House Oxford, Langford Locks, Kidlington, Oxford, OX5 1GF. Tel: 01865 208200.  Email: dpo@oxford.anglican.org.

You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

April 2019

Privacy Notice for those seeking to discern a call to ordained ministry within the Oxford Diocese                                                                                                                                           

We are grateful to those who wish to explore their sense of calling to ordination within this Diocese. It helps the diocese to help you if we have all your contact details from the start. It will ensure that you receive appropriate diocesan information and mailings.

1. Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in our possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”) and the Data Protection Act 2018, (the “DPA 2018”)

2. Who are we?

Oxford Diocesan Board of Finance (ODBF) is the data controller (contact details below).  This means it decides how your personal data is processed and for what purposes.

3. How do we process your personal data?

ODBF complies with its obligations under the GDPR and DPA 2018 by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. We use your personal data for the following purposes:

  • To work with you in the process of discerning a vocation to ordained ministry and, should you be selected for ordained ministry, to arrange training and curacy placement. This will involve the collection and use of ‘special category’ data (which may include race, ethnic origin, political affiliation, religious affiliation, trade union membership, health, sex life or sexual orientation).
  • To send you invitations to suitable vocations events designed to help you discern your calling.

4. What is the legal basis for processing your personal data?

Processing requires legal bases under Article 6 and (since ‘special category’ data is involved) Article 9 of the GDPR:

  • We have a legitimate interest (Article 6) to discern candidates who offer themselves for ordination and training, in accordance with the Church of England’s national selection processes, taking special care to handle sensitive information with extra care and security.
  • We have a legal obligation (Article 6) to ascertain your right to work under UK employment law.
  • Special category data is processed as part of our legitimate activity (Article 9), with appropriate safeguards to keep such data secure and not to share it outside the bodies which constitute the Church of England without your consent.
  • Independent of the discernment and training process, we seek consent (Article 6) to keep you informed about news, events, activities and services related to vocations and the vocations process.

5. Sharing your personal data

Your personal data will be treated as confidential and will be shared when necessary with the relevant Bishop’s office within the Oxford Diocese, Oxford Cathedral, Diocesan Registry, with National Church Institutions and other Dioceses in the Church of England, for the purposes of administrative activity in connection with you discerning a call to ordained ministry, selection, training, placements, curacy placement and meeting legal requirements for ordination.

Subject to your consent to share, your personal data may be shared outside the Church of England: with Theological Education Institutes and (in the event of transfer) other Anglican Dioceses within the UK and European Economic Area (EEA).  If we need to share your personal data with any other organisation, then we will always seek your consent first.

6. How long do we keep your personal data?

We keep your personal data for as long as you are in the discernment process and afterwards, according to protocol from Church of England Ministry Division:

  • Candidates who attend a BAP and are not recommended: 10 years after BAP after which electronic data is deleted and paper copies are shredded.
  • Candidates who withdraw from the process before a BAP: 5 years after withdrawal, after which electronic data is deleted and paper copies are shredded.
  • Where safeguarding concerns have been identified: indefinitely
  • Candidates who are ordained: 1 year after ordination after which electronic data and paper copies are passed to the relevant Bishop’s office and IME team.

7. Your rights and your personal data

Unless subject to an exemption under the GDPR or DPA 2018, you have the following rights with respect to your personal data:

  • The right to request a copy of your personal data which ODBF holds about you;
  • The right to request that ODBF corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for ODBF to retain such data;
  • The right to withdraw your consent to the processing at any time, however should you do this, the discernment process would not continue;
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to lodge a complaint with the Information Commissioners Office.

8. Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

9. Contact Details

To exercise all relevant rights, queries or complaints please in the first instance contact the Data Protection Officer, Church House Oxford, Langford Locks, Kidlington, Oxford, OX5 1GF. Tel: 01865 208200.  Email: dpo@oxford.anglican.org.

You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

April 2019

Privacy Notice for the Parents/Carers of Attendees of Yellow Braces Camp

We are grateful to those who wish to explore their sense of calling to ordination within this Diocese. It helps the diocese to help you if we have all your contact details from the start. It will ensure that you receive appropriate diocesan information and mailings.

1. Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in our possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”) and the Data Protection Act 2018, (the “DPA 2018”)

2. Who are we?

Oxford Diocesan Board of Finance (ODBF) is the data controller (contact details below).  This means it decides how your personal data is processed and for what purposes.

3. How do we process your personal data?

ODBF complies with its obligations under the GDPR and DPA 2018 by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. We use your personal data for the following purposes:

  • To work with you in the process of discerning a vocation to ordained ministry and, should you be selected for ordained ministry, to arrange training and curacy placement. This will involve the collection and use of ‘special category’ data (which may include race, ethnic origin, political affiliation, religious affiliation, trade union membership, health, sex life or sexual orientation).
  • To send you invitations to suitable vocations events designed to help you discern your calling.

4. What is the legal basis for processing your personal data?

Processing requires legal bases under Article 6 and (since ‘special category’ data is involved) Article 9 of the GDPR:

  • We have a legitimate interest (Article 6) to discern candidates who offer themselves for ordination and training, in accordance with the Church of England’s national selection processes, taking special care to handle sensitive information with extra care and security.
  • We have a legal obligation (Article 6) to ascertain your right to work under UK employment law.
  • Special category data is processed as part of our legitimate activity (Article 9), with appropriate safeguards to keep such data secure and not to share it outside the bodies which constitute the Church of England without your consent.
  • Independent of the discernment and training process, we seek consent (Article 6) to keep you informed about news, events, activities and services related to vocations and the vocations process.

5. Sharing your personal data

Your personal data will be treated as confidential and will be shared when necessary with the relevant Bishop’s office within the Oxford Diocese, Oxford Cathedral, Diocesan Registry, with National Church Institutions and other Dioceses in the Church of England, for the purposes of administrative activity in connection with you discerning a call to ordained ministry, selection, training, placements, curacy placement and meeting legal requirements for ordination.

Subject to your consent to share, your personal data may be shared outside the Church of England: with Theological Education Institutes and (in the event of transfer) other Anglican Dioceses within the UK and European Economic Area (EEA).  If we need to share your personal data with any other organisation, then we will always seek your consent first.

6. How long do we keep your personal data?

We keep your personal data for as long as you are in the discernment process and afterwards, according to protocol from Church of England Ministry Division:

  • Candidates who attend a BAP and are not recommended: 10 years after BAP after which electronic data is deleted and paper copies are shredded.
  • Candidates who withdraw from the process before a BAP: 5 years after withdrawal, after which electronic data is deleted and paper copies are shredded.
  • Where safeguarding concerns have been identified: indefinitely
  • Candidates who are ordained: 1 year after ordination after which electronic data and paper copies are passed to the relevant Bishop’s office and IME team.

7. Your rights and your personal data

Unless subject to an exemption under the GDPR or DPA 2018, you have the following rights with respect to your personal data:

  • The right to request a copy of your personal data which ODBF holds about you;
  • The right to request that ODBF corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for ODBF to retain such data;
  • The right to withdraw your consent to the processing at any time, however should you do this, the discernment process would not continue;
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to lodge a complaint with the Information Commissioners Office.

8. Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

9. Contact Details

To exercise all relevant rights, queries or complaints please in the first instance contact the Data Protection Officer, Church House Oxford, Langford Locks, Kidlington, Oxford, OX5 1GF. Tel: 01865 208200.  Email: dpo@oxford.anglican.org.

You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

April 2019

Privacy Notice for the Staff of Yellow Braces Camp

1. Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in our possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”) and the Data Protection Act 2018, (the “DPA 2018”)

2. Who are we?

Oxford Diocesan Board of Finance (ODBF) is the data controller (contact details below).  This means it decides how your personal data is processed and for what purposes.

3. How do we process your personal data?

ODBF complies with its obligations under the GDPR and DPA 2018 by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

The information we collect comes from your Staff Application Form: name, phone number, email address, address, gender, date of birth, church and parish, your experience, references, and data needed to complete DBS checks.

We use Staff personal data, as collected on Staff Application forms, to recruit camp staff and communicate with staff members.

4. What is the legal basis for processing your personal data?

We process the information you provide on the basis of ‘legitimate interest’, to process your application for a role at The Oxford Diocese Yellow Braces Camp, to communicate between staff members to conduct your duties in relation to Yellow Braces, and for emergency purposes.

5. Sharing your personal data

Your personal data will be treated as confidential and will be shared when necessary with other staff attending the Yellow Braces Camp, this may include sharing with medical professionals in case of an emergency.

6. How long do we keep your personal data?

In accordance with the Church of England’s current safeguarding guidelines, personal data connected with records of children’s activity, including any risk assessment, will be kept for 50 years after the activity ends.

 

7. Your rights and your personal data

Unless subject to an exemption under the GDPR or DPA 2018, you have the following rights with respect to your personal data:

  • The right to request a copy of your personal data which ODBF holds about you;
  • The right to request that ODBF corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for ODBF to retain such data;
  • The right to withdraw your consent to the processing at any time;
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to lodge a complaint with the Information Commissioners Office.

8. Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

9. Contact Details

To exercise all relevant rights, queries or complaints please in the first instance contact the Data Protection Officer, Church House Oxford, Langford Locks, Kidlington, Oxford, OX5 1GF. Tel: 01865 208200.  Email: dpo@oxford.anglican.org.

You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

May 2019

Privacy Notice for Members & Trustees of Diocesan Trustees (Oxford) Ltd [DT(O)L]

We are grateful for the support of all those who serve in the diocese. If we have all your contact details from the outset it will ensure that you receive appropriate information and mailings.

1 What is personal data?

Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in our possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”) and the Data Protection Act 2018, (the “DPA 2018”).

2. Who are we?

DT(O)L is the data controller (contact details below).  This means it decides how your personal data is processed and for what purposes.

3. How do we process your personal data?

DT(O)L complies with its obligations under the GDPR and DPA 2018 by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We use your personal data for the distribution of documentation required for DT(O)L purposes. This includes agendas, meeting minutes, papers for discussion, election papers and information to support your effectiveness in your rôle.

4 What is the legal basis for processing your personal data?

Processing is carried out under different legal bases depending on the circumstances:

Legitimate Interest

Processing of personal data is undertaken to enable duties as a member & director of DT(O)L to be carried out effectively

Legal Obligation

Personal information will be included in statutory documents required by Companies House & the Charity Commission and will be used in compliance with legislation.

Consent

Subject to consent being given, contact details of members & directors may be shared with the other members or directors to facilitate communication.

5. Sharing your personal data

Your personal data will be treated as confidential and will be shared when necessary with the joint Diocesan Registrars, the ODBF & ODBE for reading minutes; the ODBF for the purposes of administrative functions in connection with your rôle; Companies House for statutory documentation; The Charity Commission for submission of trustee details, Annual return, Reports & Accounts, Auditors for audit of and advice on the Annual Report & Accounts; Oxfordshire History Centre for archival of company minutes, available to the public after 30 years

As members of DT(O)L, the personal information will be in the public domain (for example, on the Companies House website).  We will seek your consent before any further sharing of your personal data.

6. How long do we keep your personal data?

We keep data in accordance with the guidance set out in the guide “Save or delete – The Care of Diocesan Records” and is available from the Church of England website:  https://www.churchof england.org/more/libraries-and-archives/records-management-guides.  We keep your personal details for as long as you hold office or as long as required which would normally be 6 complete years after cessation of trusteeship, after which electronic data is deleted and paper copies are shredded.

7. Your rights and your personal data

Unless subject to an exemption under the GDPR or DPA 2018, you have the following rights with respect to your personal data:

  • The right to request a copy of your personal data which the DT(O)L holds about you;
  • The right to request that DT(O)L corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for the DT(O)L to retain such data;
  • The right to withdraw your consent to the processing at any time
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to lodge a complaint with the Information Commissioners Office.

8. Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

9. Contact Details

To exercise all relevant rights, queries or complaints please in the first instance contact the Data Protection Officer, Church House Oxford, Langford Locks, Kidlington, Oxford, OX5 1GF. Tel: 01865 208200.  Email: dpo@oxford.anglican.org.

You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

Privacy Notice November 2018

Privacy Notice for DT(O)L Financial Trust Work

1 What is personal data?

Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in our possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”) and the Data Protection Act 2018, (the “DPA 2018”).

2. Who are we?

Diocesan Trustees (Oxford)Ltd [DT(O)L] is the data controller (contact details below).  This means it decides how your personal data is processed and for what purposes.

3. How do we process your personal data?

DT(O)L complies with its obligations under the GDPR and DPA 2018 by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We use your personal data for the preparation of payments and issue of annual statements.

4 What is the legal basis for processing your personal data?

Processing is carried out under different legal bases depending on the circumstances:

Legitimate Interest

Processing of personal data is undertaken to enable payments to be made and annual statements issued

5. Sharing your personal data

Your personal data will be treated as confidential and will be shared when necessary with the Oxford Diocesan Board of Finance staff to make payments

We will seek your consent before any further sharing of your personal data.

6. How long do we keep your personal data?

We keep data in accordance with the guidance set out in the guide “Save or delete – The Care of Diocesan Records” and is available from the Church of England website:  https://www.churchof england.org/more/libraries-and-archives/records-management-guides.

We keep your personal details for as long as long as a Trust is open.  After a trust is closed or has been handed to parish trustees, paper files are weeded and scanned.  Paper files are retained for 6 financial years after closure or transfer, after which the start & end paper documentation is transferred to the Oxfordshire History Centre other paper records are shredded.  Scanned files and associated e-mails are kept indefinitely.

 

7. Your rights and your personal data

Unless subject to an exemption under the GDPR or DPA 2018, you have the following rights with respect to your personal data:

  • The right to request a copy of your personal data which the DT(O)L holds about you;
  • The right to request that DT(O)L corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for the DT(O)L to retain such data;
  • The right to withdraw your consent to the processing at any time
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to lodge a complaint with the Information Commissioners Office.

8. Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

9. Contact Details

To exercise all relevant rights, queries or complaints please in the first instance contact the Data Protection Officer, Church House Oxford, Langford Locks, Kidlington, Oxford, OX5 1GF. Tel: 01865 208200.  Email: dpo@oxford.anglican.org.

You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

Privacy Notice November 2018

Privacy Notice for DT(O)L Trust Work Property Transactions

1. What is personal data?

Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in our possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”) and the Data Protection Act 2018, (the “DPA 2018”).

2. Who are we?

Diocesan Trustees (Oxford) Ltd [DT(O)L] is the data controller (contact details below).  This means it decides how your personal data is processed and for what purposes.

3. How do we process your personal data?

DT(O)L complies with its obligations under the GDPR and DPA 2018 by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We use your personal data for the preparation or storage of documentation required to record property transactions and for compliance with associated legislation. This includes PCC resolutions, Tenancy information Charts, Assured Shorthold Tenancy Agreements, other Leases, Licences to Occupy, Property Checklists, Certificates.

4 What is the legal basis for processing your personal data?

Processing is carried out under different legal bases depending on the circumstances:

Legitimate Interest

Processing of personal data is undertaken to enable Licences to Occupy to be prepared

Legal Obligation

Personal information will be included on documentation in compliance with legislation.

Contractual

Production of an Assured Shorthold Tenancy Agreement

5. Sharing your personal data

Your personal data will be treated as confidential and will be shared when necessary with solicitors, the Oxford Diocesan Board of Finance.

We will seek your consent before any further sharing of your personal data.

6. How long do we keep your personal data?

We keep data in accordance with the guidance set out in the guide “Save or delete – The Care of Diocesan Records” and is available from the Church of England website:  https://www.churchof england.org/more/libraries-and-archives/records-management-guides.  We keep your personal details for as long as long as required, after which electronic data is deleted and paper copies are shredded.

7. Your rights and your personal data

Unless subject to an exemption under the GDPR or DPA 2018, you have the following rights with respect to your personal data:

  • The right to request a copy of your personal data which the DT(O)L holds about you;
  • The right to request that DT(O)L corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for the DT(O)L to retain such data;
  • The right to withdraw your consent to the processing at any time
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to lodge a complaint with the Information Commissioners Office.

8. Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

9. Contact Details

To exercise all relevant rights, queries or complaints please in the first instance contact the Data Protection Officer, Church House Oxford, Langford Locks, Kidlington, Oxford, OX5 1GF. Tel: 01865 208200.  Email: dpo@oxford.anglican.org.

You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

Privacy Notice November 2018