Home
Home Privacy Notice

Privacy Notice

Welcome to the privacy notice for the Methodist Church in Great Britain.

We respect your privacy and are committed to protecting your personal information (personal data). This privacy notice lets you know how we look after your personal data which either you provide to us or we obtain and hold about you and it tells you about your privacy rights and how the law protects you.

This privacy notice is available online in a layered format so you can click through to the specific areas that you may be interested in. These are set out below. Please use the Glossary to understand the meaning of some of the terms used in this privacy notice.

1. Important Information and Who We Are

PURPOSE OF THIS PRIVACY NOTICE

This privacy notice aims to give you information on how the Methodist Church in Great Britain collects and processes your personal data which either you provide to us or we obtain and hold about you including any data you may provide.

It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or dealing with personal data about you (e.g. website privacy notices and employment privacy notices) so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.

CONTROLLER

The Methodist Church in Great Britain is a membership church made up of different bodies of Managing Trustees; Local Church Councils, Circuit Meetings and District Synods. These individual charities form part of the wider connexion of the Methodist Church in Great Britain details of which can be found here. This privacy notice is issued on behalf of Local Churches, Circuits and Districts within the Methodist Church in Great Britain and when we mention, “we”, “us” or “our” in this privacy notice, we are referring to the relevant charity within the wider Connexion of the Methodist Church in Great Britain that is responsible for processing your data.

The Connexional Team (registered under the name of the Methodist Church in Great Britain) is the data controller and responsible for data protection matters concerning safeguarding and complaints and discipline issues and the Methodist Council is responsible for implementation of legal obligations.  This means it decides how your personal data is processed and for what purposes. 

Trustees for Methodist Church Purposes (TMCP) is the controller and responsible for general data protection issues arising in respect of day to day matters such as lists of members, third party users of church premises and lay employees employed by local Churches, Circuits and Districts. When we mention the controller we mean the relevant controller.

We have appointed a data protection working party (Working Party) comprised of representatives from both controllers which is responsible for overseeing questions in relation to this privacy notice.

If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the relevant contact for the Working Party using the details set out below.

CONTACT DETAILS

Our full details are:

The controller for matters relating to safeguarding matters or complaints and discipline for Methodist Local Churches, Circuits and Districts is:

The Methodist Church in Great Britain
The Conference Office 
Methodist Church House 
25 Tavistock Place
London 
WC1H 9SF

Name or title of Working Party contact: Data Protection Officer
Tel: 0207 486 5502
Email: dataprotection@methodistchurch.org.uk
Web: www.methodist.org.uk

The controller for routine, day to day data protection matters for Methodist Local Churches, Circuits and Districts is:

Trustees for Methodist Church Purposes
Central Buildings
Oldham Street
Manchester
M1 1JQ

Name or title of Working Party contact: Laura Carnall, Legal Manager
Tel: 0161 235 6770
Email: dataprotection@tmcp.org.uk
Web: www.tmcp.org.uk

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

CHANGES TO THE PRIVACY NOTICE AND YOUR DUTY TO INFORM US OF CHANGES

This version was last updated on 11 April 2023.
 
We have the right to update and amend the provisions of this notice to ensure continual compliance with data protection legislation.  Please check the online for the latest version. We will notify appropriate persons of any updates to any supplemental and applicable supplemental privacy notices and provide a hard copy if practical. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with the Methodist Church in Great Britain.

2. The Data We Collect About You

Personal data, or personal information, means any information about a living individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about our members, ministers, volunteers, employees, adherents, church attendees, users of our premises, those who are interested in and supportive of the work of the Methodist Church, individuals who provide services to us and individuals who contact us.

We have grouped the different kinds of personal data together that may be collected and processed, but not limited to, as follows:

  • Administrative Data includes lists of room bookings; invoices; supplier and contractor details; catering records.
  • Image Data includes photographs taken of you where it is possible to identify you and images of you caught by any CCTV or similar devices Contact Data includes your name, home address, email address and telephone numbers e.g. information used to contact you.
  • Employment Data includes employment history, training records, pension information, details about next of kin and other details relating to your employment.
  • Financial Data includes bank account and payment card details.
  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
  • Demographic information such as postcode, preferences and interests
  • Marketing and Communications Data includes your preferences in receiving information from us about church events and fundraising and our third parties and your communication preferences.
  • Member and Group Data includes details such as your membership of the Methodist Church in Great Britain,
  • Parental Contact Data includes details of parents (e.g. on parent contact forms).
  • Special Categories of Data includes your race or ethnicity, your religious beliefs, sex life, sexual orientation, information about your health, Sensitive data may be collected where necessary for safeguarding purposes, or upon application to become a minister or to hold an office in the Methodist Church, or for employment purposes, or where required by law and in keeping with the Safeguarding Privacy Notices
  • Tax Data includes national insurance numbers and other information that may be required by HMRC relating to gift aid donations and other tax related payments and receipts.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, 3Generate APP usage data, Universally Unique Identifier (UUID); Data communicated while using the service operating system and platform and other technology on the devices you use to access any websites or social media operated by the Methodist Church in Great Britain.
  • Transaction Data includes details about payments to and from you and other details of your room hire, licence agreement or rental agreements that you enter into with us relating to our premises. 

IF YOU FAIL TO PROVIDE PERSONAL DATA

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with accommodation under a tenancy agreement or process gift aid payments). We will notify you if this is the case at the time.

3. How Your Personal Data is Collected

We use different methods to collect data from and about you including through:

  • Direct exchanges. You may choose to provide personal information to us direct e.g. by speaking to us, by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
    • join and take part in Local Church, Circuit or District groups;
    • become a member of the Methodist Church in Great Britain;
    • apply for paid or voluntary roles within the Methodist Church in Great Britain; or
    • enter into property contracts with us including leases, licence agreements, tenancy agreements and booking forms;
  • Automated technologies or interactions. As you interact with any websites run by Local Churches, Circuits or Districts (Local Websites), we may automatically collect Technical Data about your equipment, browsing actions and patterns. We may collect this personal data by using cookies, server logs and other similar technologies. Please see website privacy notices and cookie policies available from such Local Websites for further details.

  • Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:
    • Your family members
    • Our ecumenical partners in the case of shared churches and Local Ecumenical Partnerships;
    • Identity and Contact Data from publicly available sources such as Companies House, the Charity Commission and the Electoral Register based inside the EU.
4. How we use your personal data, including cookies

FAIR PROCESSING

The Methodist Church in Great Britain takes its obligations under data protection law (including the UK General Data Protection Regulation (UK GDPR)) seriously.  We keep personal data as up to date as possible and take active steps to rectify any personal data we find to be incorrect.  We store and destroy personal data securely and do not collect or retain personal data which is in excess of our processing activities.  We take steps to protect all personal data (including Special Category Data) from loss, misuse, unauthorised access and disclosure by ensuring that appropriate measures are in place to protect personal data.

We ensure that personal data is processed in accordance with the principles of the UK GDPR and is processed:

  • Lawfully, fairly and in a transparent manner;
  • For specified, explicit and legitimate purposes and not processed in a manner which is incompatible with those purposes;
  • Accurately, relevantly and limited to what is necessary in relation to the purposes for which it is processed;
  • Kept accurate and where necessary kept up to date, with all reasonable steps being taken to ensure that all inaccurate data is erased or rectified without delay;
  • Is not kept longer than is necessary for the purposes for which the personal data is processed; and
  • In a manner that ensures appropriate security of the Personal Data including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage by using appropriate technical and organisational measures.

Our Purpose for processing data

We collect data necessary for the Methodist Church in Great Britain to pursue its stated charitable objectives and by running events and maintaining memberships, keep our members and supporters informed of our activities, marketing, fundraising and the effective running of the Methodist Church in Great Britain through its staff, trustees and volunteers. 

Please see the legal basis and purposes for processing your data, as identified in the table in the Annex to this privacy notice for our full list of how we use your personal data. This includes but is not limited to the following purposes: -

  • To maintain and update lists of officers and groups that are part of the Methodist Church in Great Britain
  • Oversight of ministers, including the production of the Minutes of the Conference
  • Administrative support to committees and other bodies in the Methodist Connexion
  • Recruitment to appointments and volunteer posts in the Methodist Connexion
  • Safeguarding casework and safer recruitment work
  • Conference/events management
  • Responding to queries about Constitutional, Discipline and Practice of the Methodist Church in Great Britain
  • Oversight of the Complaints and Disciplinary procedures
  • Issuing and arranging the distribution of publications, mailings and newsletters
  • Enabling people to participate in campaigns/allowing the administration of campaigns
  • Communication with existing/new/potential supporters of the Methodist Church about enquiries relating to giving to/fundraising on behalf and promoting the interests of the Methodist Church
  • Facilitating the application process for Connexional Grants
  • Managing properties held connexionally by the Methodist Church in Great Britain
  • Recruitment and Administration of staff and mission personnel
  • Administration and support for users of Connexional Team IT resources as well as online applications serviced by the Connexional Team.
  • To enable and to verify voting for Youth President, Youth Reps and ad hoc polls via the 3Generate APP.
  • Financial services:
    • Payment of expenses/invoices
    • Payment of stipends/wages
    • Administering income
  • Fulfilling obligations under Health & Safety legislation
  • Oversight of Local Preacher training and records
  • Administering the candidating process and training of ministers
  • Training course administration
  • Archiving for research purposes
  • To respond to general enquiries

HOW WE USE YOUR DATA

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
    • Legitimate interests means the interests of the Methodist Church in Great Britain in operating as a membership Church, supporting our members and the communities we work in and conducting and managing our missional activities to enable us to fulfil the calling of the Methodist Church in Great Britain. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting the Data Protection  Officer.
  • Where we need to perform the contract we are about to enter into or have entered into with you.
    • Performance of Contract means processing your personal data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract including employment contracts and property contracts, such as licences and tenancy agreements.
  • Where we need to comply with a legal or regulatory obligation.
    • Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

In rare cases we may need to use your personal data in the following circumstances:

  • Where we need to protect your vital interests e.g. in an emergency life or death situation where the emergency services are called to treat you when you are with us.
    • Vital interests means where it is necessary to use your personal data to protect your "vital interests" or those of another person (such as a child) in a life-or-death situation.
  • Where we need to perform a task carried out in the public interest e.g. in certain safeguarding situations.

Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sharing your personal data with third parties (including where Contact Details are made publicly available, sending marketing communications to you via email or to legitimise dealing with Special Category Data. You have the right to withdraw consent at any time by contacting the Data Protection Officer, although this will not prevent processing where the law allows us to process for a different reason in addition to consent.

SPECIAL CATEGORY DATA

Where data processing relates to Special Categories of Data (e.g. health information) the following processing conditions apply in addition to the legal basis identified in the table in the Annex to this privacy notice:

  • Explicit Consent has been given by the data subject;
  • Processing is necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement;
  • Processing is carried out by a not for profit body with a religious aim provided:
    • the processing relates to member or former members (or those who have regular contact with it in connection with those purposes; and there is no disclosure to a third party without consent;
  • Processing relates to personal data manifestly made public by the data subject;
  • Processing is necessary for the establishment, exercise, defence of legal claims or where the courts are acting in their judicial capacity; or
  • Processing is necessary for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes.

PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA

We have set out in detail in the Annexes to this privacy notice, in a table format, a description of the main ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
 
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact the Data Protection Officer if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table in the Annex.

NOTIFYING YOU ABOUT EVENTS AND FUNDRAISING

We like to notify our members, those in regular contact with the Methodist Church and third parties who support the Methodist Church about upcoming church events and fundraising opportunities so that you can play as much of a role in the life of the Church as you choose from time to time. Most of the time we will let you know about such opportunities on the basis that we have a legitimate interest in doing so.

If we decide to contact you by email or telephone where you are registered with the telephone preference service we will provide you with choices as required to do so under data protection legislation and the Privacy and Electronic Communications Regulations 2003 (PECR).

THIRD-PARTY MARKETING

As a Church we will not share your personal data with any third parties for marketing purposes but if a Local Church, Circuit or District thought you might be interested in hearing from another Christian denomination or a community group or charity about certain events or fundraising we will get your express opt-in consent to us sharing your information with them before we do so.

OPTING OUT

You can ask us or third parties to stop sending you marketing messages (e.g. messages about church events or fundraising) at any time by contacting the Data Protection Officer.

COOKIES

What is a cookie?

A cookie is a small file that we send to your computer or other device that is accessing the Methodist Church website and that we can then access when you visit the Methodist Church website again in the future. By sending cookies like this we are able to offer you an improved user experience when using the Methodist Church website.

Does the Methodist Church website set cookies?

Yes, we currently use cookies on this website to count the numbers of visitors and understand how to serve our visitors and members better. When you use the Methodist Church website, a small number of cookies are set.

What cookies are set?

The Methodist Church website current sets the following cookies:

A cookie issued by the "AddThis" service which we use throughout the Methodist Church website to allow content to be shared between different services. This cookie expires after two years and is set in line with the AddThis Privacy Policy: http://www.addthis.com/privacy/privacy-policy

Google Analytics, which we use to monitor and analyse how our site is working, which areas are most popular and a number of quality indicators. Google Analytics generates anonymous statistical and other information about website use by means of cookies, which are stored on users' computers. The information generated relating to our website is used to create reports about the use of the website. Google will store this information. Google's privacy policy is available at: http://www.google.com/privacypolicy.html

Additional cookies may sometimes be set by third-party services used through the Methodist Church website. These include but are not necessarily limited to Google, Twitter, YouTube and Facebook.

None of the cookies above contain any personal data or information that could be used to identify you personally. Their purpose is solely to improve the functionality and quality of service of the Methodist Church website.

Can I disable the cookies?

Yes. Most browsers allow you to refuse to accept cookies. This choice will, however, have a negative impact upon the usability of many websites, including this one.

Most browser companies provide instructions on disabling cookies on their websites. You can learn more about cookies and how to disable them at AboutCookies.org

We do not make decisions based solely on automated processing, including profiling, that have legal or similarly significant effects on individuals.

CHANGE OF PURPOSE

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact the Data Protection Officer.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

5. Disclosures of Your Personal Data

SHARING PERSONAL DATA

We treat all personal data as strictly confidential, except where consent has been provided for it to appear in publications available to general members of the public.

Personal data will not be shared with third parties, other than those listed below unless we are legally obliged to do so or:

  • with your explicit consent;
  • it is necessary for law enforcement purposes; or
  • it is necessary to protect our rights, property or safety of our members, ministers, volunteers or staff.

We may have to share your personal data with the parties set out below for the purposes set out in the table in the Annexes;

  • Internal third parties such as other Methodist organisations which form part of the Methodist Connexion and family, such as TMCP or the Connexional Team.
  • External third parties such as:
    • Professional advisers including lawyers, surveyors, bankers, auditors and insurers based in the UK who provide legal, surveying, consultancy, banking, insurance and accounting services.
    • Estate agents who provide advice and administrative support in relation to transactional matters and ongoing residential tenancy matters.
    • HM Revenue & Customs, regulators and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.
    • Our ecumenical partners in the case of shared churches and Local Ecumenical Partnerships.
    • Trusted Third Parties where necessary to communicate with our members, office holders and volunteers (such as mailing companies for postal communications, the App support company for 3Generate APP data or through small email campaigns or newsletters), and only once satisfied that any such use of data will accord with this policy and we have in place a data processing agreement with that third party that fulfils our legal obligations in relation to the use of third party data processors. Explicit, informed consent will be sought from individuals whenever and wherever required in accordance with data protection legislation.
  • The United Kingdom implements the UK GDPR through the Data Protection Act 2018 and it was granted an Adequacy Decision from the European Commission relating to GDPR on 28 June 2021 in respect of the transfer of data within the EU. We will only transfer data within the EU with your explicit consent and for the purpose of carrying out the intended purpose and/or under a legally binding contract.

Trusted third parties are as follows

  • Methodist Homes for the Aged
  • Action for Children
  • All We Can
  • Queen Victoria Seamen’s Rest of the Methodist Church
  • Christian Aid
  • Methodist Ministers’ Housing Society

We will ask all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow third-parties to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

6. Transfer of Personal Data outside of the European Economic Area (‘EEA’)

We may at times transfer and process personal data outside of the EEA.  This is particularly relevant where members Local Churches, Circuits or Districts are engaged with providing missionary and support services abroad. We will only transfer data outside the EEA with your explicit consent and for the purpose of carrying out the intended purpose and/or under a legally binding contract.

Storing, publishing or transmitting personal data via the internet, (this includes by email), is not completely secure and therefore whilst we take all reasonable and necessary precautions to protect personal data from unauthorised access, you acknowledge that there is a risk that your personal data may be transferred and accessed outside of the EEA and consent for us to proceed with this if you provide your consent to allow us to transfer your data outside of the EEA.

We will transfer data only where required for a specific purpose and as set out in the below Annexes. We will ensure that sufficient safeguards are put in place by way of Standard Contractual Clauses as defined by Article 46 of the UK GDPR or if these are not in place, then data will be transferred only with your Consent or under a legally binding Contract.

7. Data Security

We implement reasonable and appropriate security measures against unlawful or unauthorised Processing of personal data and against the accidental loss of, or damage to, personal data in accordance with our internal data security policy. For example, we protect your data using varying levels of encryption. We also make sure that any third parties that we deal with have an obligation to keep all personal data they process on our behalf secure. In addition, we limit access to your personal data to those members, volunteers, ministers and employees who have a need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. Users of our web-based applications are responsible for keeping passwords confidential.  We will only ask users for passwords for IT support purposes.

We have put in place reasonable and appropriate procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. Data Retention

HOW LONG WILL YOU USE MY PERSONAL DATA FOR?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Full details of retention periods for data processed by the Methodist Church in Great Britain can be found on the Methodist Church website at: www.methodist.org.uk/for-ministers-and-office-holders/office-holders/archivists/

In some circumstances you can ask us to delete your data: see Section 9 below for further information.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

9. Your Legal Rights

Unless personal data is subject to an exemption under UK GDPR, such as it is subject to the prevention, investigation, detection or prosecution of a criminal offence, you have the following rights with regards to your personal data:

  • Where consent is used as the legal basis for processing personal data, you have the right to withdraw consent to the data processing at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent or processing carried out using an alternative legal basis such as performance of a contract or legal obligation;
  • The right to request a copy of the personal data which the Methodist Church in Great Britain holds about you (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. If you would like to exercise this right then please complete the relevant Data Subject Access Form, the link to which can be found here: www.methodist.org.uk/media/8232/sar-request-form.pdf   and forward to the relevant controller as described in section 1 of this privacy notice.
  • The right to request that the Methodist Church in Great Britain corrects any Personal Data which is found to be inaccurate. Note that we may need to verify the accuracy of the new data you provide to us;
  • The right to request that the Methodist Church in Great Britain erases any Personal Data where there is no good reason for us continuing to process it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.;
  • Where consent or the performance of a contract is used as the legal basis for processing Personal Data, you have the right to request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you and this right is unlikely to apply to personal data held by us.
  • The right to request for a restriction on data processing. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.;
  • Where legitimate interest is used as the legal basis for processing Personal Data, you have the right to object to the processing of personal data where there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. Note that in some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms;
  • The right to lodge a complaint with the Information Commissioners Office (ICO).

Contacting the ICO

Further information, guidance and advice is available from the ICO at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
Web: https://ico.org.uk/global/contact-us/

If you wish to exercise any of the rights set out above, please contact the Data Protection Officer.

NO FEE USUALLY REQUIRED

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

WHAT WE MAY NEED FROM YOU

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

TIME LIMIT TO RESPOND

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

10. Glossary

controller” is the controller described in Section 1 of this privacy notice.

data subject” is a living, identified or identifiable individual about whom personal data is held. e.g. our members, volunteers, lay employees, those who join us in worship and/or those who are interested in and supportive of the work of the Methodist Church and third parties such as community groups who use our buildings and other third parties.

explicit consent” is a very clear and specific statement of consent.

UK GDPR means the UK General Data Protection Regulation ((EU) 2016/679). Personal data is subject to the safeguards specified in the UK GDPR.

lawful bases” are the five lawful grounds on which we can lawfully process personal data set out under Article 6 of GDPR. The lawful basis or bases on which we rely are set out under Section 4 of this privacy notice.

Methodist Church in Great Britain”, “Methodist Church” or “Church” refers to the united church or denomination known as the Methodist Church formed under the provisions of the Methodist Church Union Act 1929 and a deed of union on 20 September 1932.

personal data” is any information identifying a living individual or information relating to an individual that can be identified from that information/data (alone or in combination with other information in your hands or that can reasonably be accessed). Personal Data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person’s actions or behaviour. Personal information includes an individual’s name, address, date of birth, telephone number, email address, a photograph or disability, health or ethnicity data.

Processing” “processed” or “process” means any activity that involves the use of personal data. It includes obtaining, recording or holding the data, or carrying out any activity or set of activities on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring personal data to third parties.  E.g. sharing member information by email and shredding when information is no longer required.

Annexes

ANNEX 1

General Purposes for which we will use your personal data

Purpose/Activity

Type of data
 Please refer to Section 2 for confirmation of what details these categories of data include

Lawful basis for processing including basis of legitimate interest

Contact

To publicise details of officeholders, relevant employees and other volunteers.

(a) Contact


(b) Identity

(c) Member and Group

(a) Necessary for our legitimate interests (to operate as a Church, further Mission and enable third parties to contact relevant office holders)


(b) Consent (where information about you is made public to third parties and you are not an office holder when we will rely on legitimate interests)

Contact


To notify you (and make suggestions and recommendations to you) about Church services, activities and events that may be of interest to you or which you have signed up to and to provide news on Church events.


Also see “targeted marketing and fundraising

(a) Contact


(b) Identity

(c) Image


(d) Marketing and Communications


(e) Member and Group


(f) Parental Contact

(g) Technical

(a) Necessary for our legitimate interests (to fulfil the calling of the Methodist Church in Great Britain, grow our Church (further Mission) by engaging with current and prospective supporters of the Church, developing the worship, activities and events available) and general fundraising (in all cases in respect of individuals who have a continuing relationship with the Church))


(b) Consent (where there is no continuing relationship with the Church and in the case of direct marketing when we cannot rely on legitimate interests as described above and contact you by any electronic form of communication and/or telephone where you are registered with the telephone preference service).

Lists.


To keep and maintain records of:


(a) members, adherents, participants in and attendees to Church groups and events and parental contact information


(b) office holders, employees, volunteers and ministers

(a) Contact


(b) Identity


(c) Member and Group


(d) Parental Contact

(a) Necessary for our legitimate interests (to operate as a membership organisation, keep our records updated, study how our membership changes over time, identify the needs of the communities in which we operate and support our members)


(b) Performance of a contract with you

Pastoral

To keep and maintain contact information and administrative records for you where there is no continuing relationship with the Church e.g. contact details to send you greetings cards.

(a) Contact


(b) Identity


(c) Member and Group


(d) Pastoral Data


(e) Special Category

(a) Necessary for our legitimate interests (for supporting our members and the communities we work in to enable us to fulfil the calling of the Methodist Church in Great Britain where there is a continuing relationship with the Church)


(b) Consent (where there is no continuing relationship with the Church)

Administration


To administer our charity, managing and maintaining church premises, keeping accounts and tax records including Gift Aid, taking audits and recording decisions reached and recording minutes at meetings.

(a) Administrative


(b) Contact


(c) Identity


(d) Financial


(e) Member and Group


(f) Tax


(g) Technical

(a) Necessary for our legitimate interests (for running our charity, fulfilling our obligations under charity law, complying with the Constitution Practice and Discipline of the Methodist Church and providing of support to members and the communities in which we operate)


(b) Performance of a contract with you


(c) Necessary to comply with a legal obligation

Administration

To administer, run and protect our Local Websites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

(a) Administrative


(b) Contact Identity


(c) Member and Group


(e) Technical

Details provided in relevant Local Website privacy notices.

Administration


To manage and administer third party use of our premises including room bookings, licences, leases and residential tenancy agreements

(a) Administrative


(b) Contact


(c) Identity


(c) Financial


(d) Member and Group


(e) Special Category (e.g. right to rent under the Immigration Act)


(f) Tax


(g) Transaction

(a) Necessary for our legitimate interests (for running our premises and fulfilling our obligations as charity trustees)


(b) Performance of a contract with you


(c) Necessary to comply with a legal obligation

Employment


To administer applications for job vacancies and administer and manage our relationship with our employees.

(a) Contact


(b) Identity


(c) Employment


(d) Financial


(e) Special Category (e.g. right to rent under the Immigration Act)


(f) Tax

(a) Necessary for our legitimate interests (for running our charity, fulfilling employer responsibilities and looking after our employees)


(b) Performance of a contract with you


(c) necessary to comply with a legal obligation

Safeguarding


To record and maintain safeguarding records, self-declarations, incident reports, and carry out volunteer checks and Disclosure and Barring Service (DBS) checks.

(a) Contact


(c) Identity


(c) Employment


(d) Special Category

(a) Necessary for our legitimate interests (for ensuring and demonstrating compliance with Safeguarding Policy and Practice to protect children, young people and vulnerable adults within our Local Churches, Circuits and Districts)


(b) Performance of a contract with you


(c) Necessary to comply with a legal obligation


(d) Needed in the public interest

Security


To record and use images.

(a) Image


(b) Identity

(a) Necessary for our legitimate interests (to keep church premises and our members, ministers, volunteers, employees and third parties secure)

Targeted marketing/fundraising


To contact you personally about specific fundraising activities/ initiatives and/or with targeted marketing material.


e.g. where we contact you personally/ target you with a request for a donation to Local Church, Circuit or District funds

(a) Contact


(b) Identity


(c) Marketing and Communications


(d) Member and Group

(a) Consent

Complaints

To collate EDI information during the Complaints process.

For Subjects, data will be held in confidence and will be shared only where necessary with appropriate parties within the Methodist Church Complaints Team and EDI Connexional Team to evaluate the Methodist Church’s equality and diversity. It is envisaged currently that personal data may need to be shared with one or more of the following parties within the church, depending on the Subject’s circumstances:

  • Complaints Team and Connexional EDI team

  • those managing any complaints, discipline or employment processes relating to you which are relevant.

  • With statutory agencies and other organisations

  • The Charity Commission

  • Any Statutory Agency officer involved with the Subject

(a) Administrative


(b) Contact


(c) Identity

(d) Special Categories

a) Necessary for our legitimate interests (for ensuring and demonstrating compliance with our anti-discrimination policy and ensure equality and diversity within the Complaints Process. To also ensure the protection of children, young people and vulnerable adults within our Local Churches, Circuits and Districts)

(b) Needed in the public interest

(c) Consent

(d) To comply with a legal obligation under the DPA 1998 Part 2 (18)

ANNEX 2

Discrimination and Abuse Response Service - Additional Purposes for which we will use your personal data to that set out in Annex 1

Purpose/Activity

Type of data
 Please refer to Section 2 for confirmation of what details these categories of data include

Lawful basis for processing including basis of legitimate interest

Record Keeping


To record and maintain complaints and information disclosed and made under this service, including self-declarations, incident reports, and to enable us to carry out checks and an investigation into the complaint.

To enable us to pass data disclosed by you within this service to trusted third parties, including professional services, for the purpose of assisting you with pastoral support, complaint support and to address any underlying issues resulting from the incident/s reported and to support you through the same.

(a) Administrative


(b) Contact


(c) Identity

(d) Special category

(a) Necessary for our legitimate interests (for ensuring and demonstrating compliance with our anti-discrimination policy and to protect children, young people and vulnerable adults within our Local Churches, Circuits and Districts)


(b) Performance of a contract with you


(c) Needed in the public interest

(d) Consent

ANNEX 3

Safeguarding Monitoring and Support Groups - Additional Purposes for which we will use your personal data to that set out in Annex 1

Purpose/Activity

Type of data
 Please refer to Section 2 for confirmation of what details these categories of data include

Lawful basis for processing including basis of legitimate interest

Record Keeping


To record and maintain information of members of Monitoring and Support Groups to enable us to liaise with you and to fulfil our role of monitoring and support.

To enable us to keep accurate records of members

To maintain a record, held by the district or regional safeguarding officer of those who are participating in Monitoring and Support Groups, to facilitate your engagement with the group

To inform you of information and updates that may be relevant to your role

To support arrangements for relevant training

To retain any information about the proceedings of the group and any contribution that you may make, as part of the district and/or connexional safeguarding records.  This may include meeting minutes and other notes including your personal data.

(a) Administrative


(b) Contact


(c) Identity

(a) Necessary for our legitimate interests (for ensuring and demonstrating compliance with our anti-discrimination policy and to enable the relevant group members to assist us in protecting children, young people and vulnerable adults within our Local Churches, Circuits and Districts)


(b) Needed in the public interest

(c) Consent

(d) To comply with a legal obligation under the DPA 1998 Part 2 (18) and Part 2 (10) and Working together to Safeguard Children 2018

For Subjects, data will be held in confidence and will be shared only where necessary with appropriate parties within the Methodist Church to assess and manage a safeguarding risk. It is envisaged currently that personal and or criminal data, depending on which is appropriate, about the subject and their circumstances may need to be shared with one or more of the following parties within the church during the Subject’s membership of the Monitoring and Support Group, depending on the Subject’s circumstances:

  • church/circuit/district/ connexional safeguarding officers
  • parties in oversight, pastoral charge or line management of any individual deemed to be a safeguarding risk
  • members of a Methodist Church Safeguarding Panel
  • members of the Monitoring and Support Group
  • those managing any complaints, discipline or employment processes relating to you which are relevant to safeguarding matters.
  • With statutory agencies and other organisations
  • The DBS
  • The Charity Commission
  • Any Statutory Agency officer involved with the Subject

In the event of any internal safeguarding review to assess and manage a safeguarding risk, it is envisaged currently that personal and or criminal data, depending on which is appropriate, may need to be shared with any person carrying out the review. Further, that any information obtained from that review will be shared back to the Methodist Church for the purpose of fulfilling its safeguarding obligations on both a legal and ethical basis.   

ANNEX 4

New Homes for Ukraine Scheme - Additional Purposes for which we will use your personal data to that set out in Annex 1

Purpose/Activity

Type of data
 Please refer to Section 2 for confirmation of what details these categories of data include

Lawful basis for processing including basis of legitimate interest

Record Keeping

To record and maintain information of Hosts and guests of the New Homes for Ukraine Scheme to enable us to liaise with both hosts and guests and to fulfil our role of carrying out the scheme’s objectives and to provide support.

To enable us to keep accurate records of hosts and guests, together with details of the spaces available and the duration of availability, household numbers and room information and/or photos so that parties can be accurately matched.

To maintain a record, of those who are participating in the New Homes for Ukraine Scheme, to facilitate our engagement with the group.

To inform parties of information that may be relevant to the accommodation requirements

To support arrangements for relevant training

To provide arrangements for relevant travel

To retain any information about the Scheme, as part of records to ensure safeguarding and monitoring where necessary. 

To be able to swiftly arrange for re-matching if needed

(a) Special Categories


(b) Contact


(c) Identity

(d) Demographic

(e) Administrative

(a) Necessary for our legitimate interests (for ensuring and demonstrating compliance with the New Homes for Ukraine Scheme and to enable the relevant scheme members to assist in carrying out the objectives of that scheme. Also required in order to access the success of the scheme at a later date and to ensure that data is retained for any potential safeguarding issues which may arise. Data will only be retained for the purpose which it was obtained and stored for no longer than 5 years.

(b) Consent

For Data Subjects, data will be held in confidence and will be shared only where necessary with appropriate parties within the Methodist Church and its partners to carry out the purpose of the Scheme.  It is envisaged currently that personal data, may need to be shared with one or more of the following parties within the church during the Subject’s participation in the scheme, depending on the Subject’s circumstances:

  • Local Methodist Ministers
  • Persons engaged to carry out translation services
  • Citizens UK
  • Local authorities
  • The DBS
  • Any Statutory Agency officer involved with the Data Subject

Annex 5 – Solidarity Circles Scheme - Additional Purposes for which we will use your personal data to that set out in Annex 1

Purpose/Activity

Type of data
 Please refer to Section 2 for confirmation of what details these categories of data include

Lawful basis for processing including basis of legitimate interest

Record Keeping


To record and maintain information of members of the Solidarity Circles (SC) group to enable us to liaise with you and to fulfil our role of monitoring and supporting equality and diversity.

To enable us to keep accurate records of members

To maintain a record, held by the Coordinators of the SC group, to facilitate your engagement with the group

To inform you of information and updates that may be relevant to your role

To support arrangements for relevant training

To retain any information about the proceedings of the group and any contribution that you may make, as part of the coordinator’s and Connexional EDI records.  This may include meeting minutes and other notes including your personal data.

(a) Administrative


(b) Contact


(c) Identity

(d) Special Categories

(a) Necessary for our legitimate interests (for ensuring and demonstrating compliance with our anti-discrimination policy and to enable the relevant group members to assist us in ensuring equality and diversity and to share experiences. To also ensure the protection of children, young people and vulnerable adults within our Local Churches, Circuits and Districts)


(b) Needed in the public interest

(c) Consent

(d) To comply with a legal obligation under the DPA 1998 Part 2 (18) and Part 2 (10) and Working together to Safeguard Children 2018

For Subjects, data will be held in confidence and will be shared only where necessary with appropriate parties within the SC Group and Methodist Church EDI Connexional Team to evaluate the Methodist Church’s equality and diversity. It is envisaged currently that personal data may need to be shared with one or more of the following parties within the church during the Subject’s membership of the SC Group, depending on the Subject’s circumstances:

  • Coordinators and Connexional EDI team

  • members of the SC Group when sharing experiences and relevant information

  • those managing any complaints, discipline or employment processes relating to you which are relevant to safeguarding matters.

  • With statutory agencies and other organisations

  • The Charity Commission

  • Any Statutory Agency officer involved with the Subject

  • Information obtained from that the SC Group will be shared back when appropriate and necessary to the Methodist Church for the purpose of fulfilling its safeguarding obligations on both a legal and ethical basis.