- Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the Data Protection Act 1998 and subsequent UK legislation and regulations.
- Who are we?
The Methodist Church in Britain is the data controller, and the Methodist Council is responsible for implementation of legal obligations (contact details at the end of this notice). This means it decides how your personal data is processed and for what purposes. The Methodist Council may change this policy from time to time and any such changes will be published on our website. Nothwithstanding any change to this policy, we will continue to process your personal data in accordance with your rights and our obligations in law.
- How do we process your personal data?
We collect data necessary for the Methodist Church in Britain to pursue its stated charitable objectives, and by running events, maintaining memberships, keep our members and supporters informed of our activities, marketing, fundraising and the effective running of the Methodist Church in Britain through its staff, trustees and volunteers.
In furtherance of this we use your personal data, which includes but is not limited to the following purposes: -
- To maintain and update lists of officers and groups that are part of the Methodist Church in Britain
- Oversight of ministers, including the production of the Minutes of the Conference
- Administrative support to committees and other bodies in the Methodist Connexion
- Recruitment to appointments and volunteer posts in the Methodist Connexion
- Safeguarding casework and safer recruitment work
- Conference/events management
- Responding to queries about Constitutional, Discipline and Practice of the Methodist Church in Britain
- Oversight of the Complaints and Disciplinary procedures
- Issuing and arranging the distribution of publications, mailings and newsletters
- Enabling people to participate in campaigns/allowing the administration of campaigns
- Communication with existing/new/potential supporters of the Methodist Church about enquiries relating to giving to/fundraising on behalf and promoting the interests of the Methodist Church
- Facilitating the application process for Connexional Grants
- Managing properties held connexionally by the Methodist Church in Britain
- Recruitment and Administration of staff and mission personnel
- Administration and support for users of Connexional Team IT resources as well as online applications serviced by the Connexional Team.
- Financial services:
- Payment of expenses/invoices
- Payment of stipends/wages
- Administering income
- Fulfilling obligations under Health & Safety legislation
- Oversight of Local Preacher training and records
- Administering the candidating process and training of ministers
- Training course administration
- Archiving for research purposes
- To respond to general enquiries
Data collected and processed may include, but not be limited to:
- name and job title
- contact information including email address
- demographic information such as postcode, preferences and interests
- Sensitive data  may be collected where necessary for safeguarding purposes, or upon application to become a minister or to hold an office in the Methodist Church, or for employment purposes, or where required by law.
- What is the legal basis for processing your personal data?
Organisations are permitted to process data if they have a legal basis for doing so. The Methodist Church in Britain processes data on the basis that:
- The Methodist Church in Britain has a legitimate interest to process data; and/or
- Express and informed consent has been given by the person whose data is being processed; and/or
- It is necessary in relation to a contract or agreement which the person has entered into or because the person has asked for something to be done so they can enter into a contract or agreement; and/or
- There is a legal obligation on the Methodist Church in Britain to process data; and/or
- Processing is necessary to protect the vital interests of a data subject or another person (in accordance with safeguarding policy and practice).
Where we process special category sensitive data (under Article 9 of the GDPR) we process data on the basis that:
- Explicit consent has been given by the person whose data is being processed; and/or
- It is necessary for the Methodist Council to carrying out its obligations under employment, social security or social protection law, or a collective agreement; and/or
- Processing is necessary to protect the vital interests of a data subject or another individual where the data subject is physically or legally incapable of giving consent; (in accordance with safeguarding policy and practice); and/or
- The Methodist Church in Britain is a membership organisation and the processing relates only to members or former members or those who have regular contact with it in connection with its purposes, and no disclosure is made to a third party without consent of the person whose data is being processed; and/or
- Processing is necessary for archiving purposes in the public interest, or scientific and historical research purposes or statistical purposes.
- Sharing your personal data
Your data will not be shared outside of the Methodist Church, except where required to do so by law, or with trusted third parties where necessary to communicate with our members, office holders and volunteers (such as mailing companies for postal communications or through small email campaigns or newsletters), and only once satisfied that any such use of data will accord with this policy. Explicit, informed consent will be sought from individuals whenever and wherever required in accordance with data protection legislation.
We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the data we process. Users of our web-based applications are responsible for keeping passwords confidential. We will only ask users for passwords for IT support purposes.
- How long do we keep your personal data?
We keep data in accordance with the guidance set out in the Connexional Team Retention Schedules, which incorporates statutory retention periods. The Schedules can be viewed at www.methodist.org.uk/dataprotection
We regularly review the data we hold and securely delete any personal data that is no longer necessary for us to process.
- Web browsing and cookies
What is a cookie?
A cookie is a small file that we send to your computer or other device that is accessing the Methodist Church website and that we can then access when you visit the Methodist Church website again in the future. By sending cookies like this we are able to offer you an improved user experience when using the Methodist Church website.
Does the Methodist Church website set cookies?
What cookies are set?
The Methodist Church website current sets the following cookies:
Additional cookies may sometimes be set by third-party services used through the Methodist Church website. These include but are not necessarily limited to Google, Twitter, YouTube and Facebook.
None of the cookies above contain any personal data or information that could be used to identify you personally. Their purpose is solely to improve the functionality and quality of service of the Methodist Church website.
Can I disable the cookies?
Yes. Most browsers allow you to refuse to accept cookies. This choice will, however, have a negative impact upon the usability of many websites, including this one.
Most browser companies provide instructions on disabling cookies on their websites. You can learn more about cookies and how to disable them at AboutCookies.org
- Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: -
- The right to request a copy of your personal data which the Methodist Council holds about you;
- The right to request that the Methodist Council corrects any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary for the Methodist Council to retain such data. (Records will remain in skeleton, to ensure no further contact in future);
- The right to withdraw your consent to the processing at any time
- The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable) [Only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means].
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data, (where applicable) [Only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics]
- The right to lodge a complaint with the Information Commissioners Office.
You can contact the Fundraising Regulator on 0300 999 3407 or via email: firstname.lastname@example.org or at Fundraising Regulator, 2nd Floor, CAN Mezzanine Building, 49 – 51 East Road, London N1 6AH.
- Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
- Contact Details
To exercise all relevant rights, queries of complaints please in the first instance contact the Data Protection Officer at email@example.com or Data Protection, Methodist Church House, 25 Marylebone Road, London, NW1 5JR.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
 Article 9 GDPR defines sensitive data as information about an individual’s race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health, sex life, or sexual orientation