{"id":240,"date":"2026-06-22T22:41:55","date_gmt":"2026-06-22T22:41:55","guid":{"rendered":"https:\/\/cwsdemowebsites.com\/kirk\/?page_id=240"},"modified":"2026-06-22T22:56:31","modified_gmt":"2026-06-22T22:56:31","slug":"privacy-and-data-protection","status":"publish","type":"page","link":"https:\/\/cwsdemowebsites.com\/kirk\/privacy-and-data-protection\/","title":{"rendered":"Privacy and Data Protection"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"240\" class=\"elementor elementor-240\" data-elementor-post-type=\"page\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-40d7a7e hero-inner elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"40d7a7e\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-9d85413\" data-id=\"9d85413\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-0f45872 elementor-widget elementor-widget-heading\" data-id=\"0f45872\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h1 class=\"elementor-heading-title elementor-size-default\">Privacy and Data Protection<\/h1>\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-ea6b0a9 about-sec elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"ea6b0a9\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-31031c3 about-col\" data-id=\"31031c3\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-6a6636d elementor-widget elementor-widget-heading\" data-id=\"6a6636d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Privacy Notice<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6961ab1 elementor-widget elementor-widget-text-editor\" data-id=\"6961ab1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>KIRK OF CALDER, MID CALDER (Scottish Charity No. SCO13461)<br \/>\u00a0(the \u201cCongregation\u201d)<\/p><p>Purpose of this Notice<br \/>This Privacy Notice outlines the way in which the Congregation will use personal information provided to us.\u00a0 Personal information includes any information that identifies you personally, such as your name, address, email address or telephone number.<br \/>The Congregation recognises the importance of your privacy and personal information and we have therefore outlined below how we use, disclose and protect this information. The Congregation, jointly with the Presbytery of West Lothian is the data controller, because we decide how your data are processed and for what purpose.\u00a0 Contact details for us are provided below.<br \/>\u00a0How we use information<br \/>We use the information you give to us:<\/p><ul role=\"list\"><li>to administer membership records, including a Communion Roll and Supplementary Roll;<\/li><li>for pastoral care purposes;<\/li><li>in relation to participation in Congregational activities ;<\/li><li>to provide you with information about news, events, and activities within the Congregation or the wider Church of Scotland;<\/li><li>to provide the services of a parish church to the local community;<\/li><li>to fulfill contractual or other legal obligations;<\/li><li>to manage our employees;<\/li><li>to further our charitable aims, for example through fundraising activities;<\/li><li>to maintain our accounts and records (including the processing of Gift Aid applications);<\/li><\/ul><p>\u00b7\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 if CCTV is in place we have this for the prevention and detection of crime.<br \/>Disclosure of information<br \/>The Congregation will only share your personal information where this is necessary for the purposes set out above. Information will not be shared with any third party outwith the Church of Scotland without your consent unless we are obliged or permitted to do so by law.<br \/>Basis for processing personal information<br \/>The Congregation processes your information in the course of its legitimate activities, with appropriate safeguards in place, as a not-for-profit body with a religious aim and on the basis that our processing relates solely to members, former members or people who have regular contact with us, and that this information is not disclosed to any third party without your consent.<br \/>We also process information where this is necessary for compliance with our legal obligations; where processing is necessary for the purposes of our legitimate interests and such interests are not overridden by your interests or fundamental rights and freedoms; and where you have given consent to the processing of your information for a particular purpose.\u00a0<br \/>Storage and security of personal information<br \/>The Congregation will strive to ensure that personal information is accurate and held in a secure and confidential environment.\u00a0 We will keep your personal information for as long as you are a member or adherent or have regular contact with us or so long as we are obliged to keep it by law or may need it in order to respond to any questions or complaints or to show that we treated you fairly. \u00a0\u00a0We may also keep it for statistical purposes but if so we will only use it for that purpose.\u00a0 When the information is no longer needed it will be securely destroyed or permanently rendered anonymous.\u00a0 [Further information about our data retention policy is available at <a href=\"http:\/\/www.kirkofcalder.com\" target=\"_blank\" rel=\"noopener\" data-fpl-component=\"primitive\">www.kirkofcalder.com<\/a> OR by emailing <a href=\"mailto:dpokirkofcalder@virginmedia.com\">dpokirkofcalder@virginmedia.com<\/a><br \/>Getting a copy of your personal information<br \/>You can request details of the personal information which the Congregation holds about you by contacting us using the contact details given below. \u00a0<br \/>Inaccuracies and Objections<br \/>If you believe that any information the Congregation holds about you is incorrect or incomplete or if you do not wish your personal information to be held or used by us please let us know. \u00a0Any information found to be incorrect will be corrected as quickly as possible.<br \/>You have the right to object to our use of your personal information, or to ask us to remove or stop using your personal information if there is no need for us to keep it.\u00a0 There may be legal or other reasons why we need to keep or use your data, but please tell us if you think that we should not be using it.<br \/>If we are processing your data on the basis of your explicit consent, you can withdraw your consent at any time.\u00a0 Please contact us if you want to do so.<br \/>Contact us<br \/>You can contact us by getting in touch with Kevin Shiach at \u00a0<a href=\"mailto:kevin_shiach@sky.com\">kevin_shiach@sky.com<\/a><\/p><p>How to complain<br \/>You have the right to complain to the Information Commissioner\u2019s Office about anything relating to the processing of your personal information by the Congregation.\u00a0 You can contact the ICO via its website at <a href=\"http:\/\/www.ico.org.uk\" target=\"_blank\" rel=\"noopener\" data-fpl-component=\"primitive\">www.ico.org.uk<\/a> or at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.\u2028 \u00a0<br \/><a href=\"file:\/\/\/C:\/Users\/ANDREW%20McLEMAN\/Dropbox\/0000%20kirkofcalder\/0000%20KirkofCalder%20Website\/htdocs\/KirkofCalderConsentForm.pdf\" target=\"_blank\" rel=\"noopener\" data-fpl-component=\"primitive\">Download Consent Form<\/a><\/p><p>Kirk of Calder<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c1d364d elementor-widget elementor-widget-heading\" data-id=\"c1d364d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Data Protection Policy<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a69b21f elementor-widget elementor-widget-text-editor\" data-id=\"a69b21f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>CONTENTS<br \/>1.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Overview\u00a0<br \/>2.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Data Protection Principles\u00a0<br \/>3.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Personal Data\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<br \/>4. \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Special Category Data\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<br \/>5.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Processing\u00a0<br \/>6.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 How personal data should be processed\u00a0<br \/>7.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Privacy Notice\u00a0<br \/>8.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Consent\u00a0<br \/>9.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Security\u00a0<br \/>10.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Sharing personal data\u00a0<br \/>11.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Data security breaches\u00a0<br \/>12.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Subject access requests\u00a0<br \/>13.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Data subject rights\u00a0<br \/>14.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Contracts\u00a0<br \/>15.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Review<\/p><p>Data Protection Policy<\/p><p>1\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Overview<br \/>1.1\u00a0\u00a0\u00a0 The congregation takes the security and privacy of personal information seriously.\u00a0 As part of our activities we need to gather and use personal information\u00a0\u00a0\u00a0\u00a0\u00a0 \u2028 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 about a variety of people including members, former members, adherents, employees, office-holders and generally people who are in contact with us. The Data \u2028 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Protection Act 2018 (the \u201c2018 Act\u201d) and the EU General Data Protection Regulation (\u201cGDPR\u201d) regulate the way in which personal information about living\u00a0\u00a0\u00a0\u00a0 \u2028 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 individuals is collected, processed, stored or transferred.<br \/>1.2\u00a0\u00a0\u00a0\u00a0 This policy explains the provisions that we will adhere to when any personal data belonging to or provided by data subjects, is collected, processed, stored or\u00a0\u00a0 \u2028 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 transferred on behalf of the congregation. \u00a0\u00a0We expect everyone processing personal data on behalf of the congregation (see paragraph 5 for a definition of \u2028 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u201cprocessing\u201d) to comply with this policy in all respects.<br \/>1.3\u00a0\u00a0\u00a0\u00a0\u00a0 The congregation has a separate Privacy Notice which outlines the way in which we use personal information provided to us. \u00a0A copy can be obtained from Kevin Shiach at <a href=\"mailto:dpokirkofcalder@virginmedia.com\">dpokirkofcalder@virginmedia.com<\/a>.<br \/>1.4\u00a0\u00a0\u00a0\u00a0 All personal data must be held in accordance with the congregation\u2019s Data Retention Policy, which must be read alongside this policy. \u00a0A copy of the Data Retention Policy can be obtained from Kevin Shiach at kevin_shiach@sky.com<br \/>\u00a0Data should only be held for as long as necessary for the purposes for which it is collected. \u00a0<br \/>1.5\u00a0\u00a0\u00a0\u00a0 This policy does not form part of any contract of employment (or contract for services if relevant) and can be amended by the congregation at any time. It is intended that this policy is fully compliant with the 2018 Act and the GDPR. If any conflict arises between those laws and this policy, the congregation intends to comply with the 2018 Act and the GDPR.<br \/>1.6\u00a0\u00a0\u00a0\u00a0 Any deliberate or negligent breach of this policy by an employee of the congregation may result in disciplinary action being taken in accordance with our disciplinary procedure.\u00a0 It is a criminal offence to conceal or destroy personal data which is part of a subject access request (see Paragraph 12 below) and such conduct by an employee would amount to gross misconduct which could result in dismissal.<\/p><p>2\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Data Protection Principles<br \/>2.1\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Personal data will be processed in accordance with the six \u2018Data Protection Principles.\u2019 It must:<br \/>\u00a0\u00b7\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 be processed fairly, lawfully and transparently;<br \/>\u00b7\u00a0\u00a0\u00a0\u00a0\u00a0 be collected and processed only for specified, explicit and legitimate purposes;<br \/>\u00b7\u00a0\u00a0\u00a0\u00a0\u00a0 be adequate, relevant and limited to what is necessary for the purposes for which it is processed;<br \/>\u00b7\u00a0\u00a0\u00a0\u00a0\u00a0 be accurate and kept up to date. Any inaccurate data must be deleted or rectified without delay;<br \/>\u00b7\u00a0\u00a0\u00a0\u00a0\u00a0 not be kept for longer than is necessary for the purposes for which it is processed; and<br \/>\u00b7\u00a0\u00a0\u00a0\u00a0\u00a0 be processed securely.<br \/>We are accountable for these principles and must be able to demonstrate compliance.<\/p><p>3\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Definition of personal data<br \/>3.1\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u201cPersonal data\u201d means information which relates to a living person (a \u201cdata subject\u201d) who can be identified from that data on its own, or when taken together with other information which is likely to come into the possession of the data controller. It includes any expression of opinion about the person and an indication of the intentions of the data controller or others, in respect of that person. It does not include anonymised data.<br \/>3.2\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0This policy applies to all personal data whether it is stored electronically, on paper or on other materials.<\/p><p>4\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Definition of special category personal data\u2028 4.1\u00a0\u00a0\u00a0 \u2018Special category personal data\u2019 is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership; \u2028 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 genetic or biometric data; \u00a0data concerning health; or data concerning a person\u2019s sex life and sexual orientation.<br \/>4.2\u00a0\u00a0\u00a0\u00a0\u00a0A significant amount of personal data held by the congregation will be classed as special category personal data, either specifically or by implication, as it could be indicative of a person\u2019s religious beliefs.<\/p><p>5\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Definition of processing \u00a0<br \/>5.1\u00a0\u00a0\u00a0\u00a0\u2018Processing\u2019 means any operation which is performed on personal data, such as collection, recording, organisation, structuring or storage; adaption or alteration; \u2028 \u00a0\u00a0 retrieval, consultation or use; disclosure by transmission, dissemination or otherwise making available; and restriction, destruction or erasure.<\/p><p>6\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 How personal data should be processed<br \/>6.1\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Everyone who processes data on behalf of the congregation has responsibility for ensuring that the data they collect and store is handled appropriately, in \u2028 \u00a0\u00a0\u00a0\u00a0\u00a0 ine\u00a0 with this policy, our Data Retention policy and our Privacy Notice.\u00a0<br \/>6.2\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Personal data should only be accessed by those who need it for the work they do for or on behalf of the congregation. \u00a0Data should be used only for the\u00a0\u00a0 \u2028 \u00a0\u00a0\u00a0 specified lawful purpose for which it was obtained.<br \/>\u00a06.3\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0The legal bases for processing personal data (other than special category data, which is referred to in Paragraph 8 below) are that the processing is necessary \u2028 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 for the purposes of the congregation\u2019s legitimate interests; or that (so far as relating to any staff whom we employ) it is necessary to exercise the rights and \u2028 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 obligations of the congregation under employment law; or that (in relation to the processing of personal data relating to criminal convictions and offences or \u2028 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 related security measures in a safeguarding context) the processing meets a condition in Part 1, 2 or 3 of Schedule 1 of the Data Protection Act 2018.<br \/>\u00a06.4\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Personal data held in all ordered manual files and databases should be kept up to date.\u00a0 It should be shredded or disposed of securely when it is no longer \u2028 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 needed.\u00a0 Unnecessary copies of personal data should not be made.<\/p><p>7.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Privacy Notice<br \/>7.1\u00a0\u00a0 If someone would not reasonably expect the way in which we use their personal data, we will issue information about this using a Privacy Notice which ~\u2028 \u00a0\u00a0\u00a0\u00a0\u00a0 will be given to them at the point when the data is provided.\u00a0<br \/>7.2\u00a0\u00a0 If our use of personal data is what someone would reasonably expect, we will provide information about this using a Privacy Notice which is available on ~\u2028 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 the\u00a0 congregation\u2019s website, at the table entering the church and published in the church magazine from time to time.<\/p><p>8.\u00a0\u00a0\u00a0 When is consent needed for the processing of personal data?<br \/>8.1\u00a0\u00a0A significant amount of personal data held by the congregation will be classed as special category personal data, as it could be indicative of someone\u2019s \u2028 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 religious beliefs. \u00a0\u00a0<br \/>8.2\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Processing of such special category data is prohibited under the GDPR unless one of the listed exemptions applies.\u00a0 Three of these exemptions are \u2028 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0especially relevant (although others may also apply):<br \/>\u00a0\u00b7\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 the individual has given explicit consent to the processing of the personal data for one or more specified purposes; OR<br \/>\u00b7\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit \u2028 \u00a0\u00a0\u00a0 of the body or to persons who have regular contact with it in connection with its purposes and that the personal data is not disclosed outside that\u00a0\u00a0\u00a0 \u2028 \u00a0\u00a0\u00a0 body\u00a0 without the consent of the data subjects; OR<br \/>\u00a0\u00b7\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 processing is necessary for reasons of substantial public interest, and in particular for the purpose of (a) protecting an individual from neglect or physical, \u2028 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mental or emotional harm; or (b) protecting the physical, mental or emotional well-being of an individual, where that individual is either aged under 18 or is \u2028 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 aged 18 or over and is \u201cat risk\u201d (has needs for care and support, experiencing or at risk of neglect or any type of harm, and unable to protect themselves).<br \/>8.3\u00a0\u00a0Most of the processing carried out by the congregation will fall within the latter two exemptions, and will be carried out by the congregation with appropriate safeguards to keep information safe and secure.\u00a0 This information will not be disclosed outside the Church without consent.\u00a0 Such processing will not require the explicit consent of the data subject.<br \/>8.4\u00a0\u00a0 Where personal data is to be shared with a third party, the congregation will only do so with the explicit consent of the data subject. \u00a0For example, \u2028 \u00a0\u00a0\u00a0 personal data will only be included in a directory for circulation or included on a website where consent has been obtained.<br \/>8.5\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 If consent is required to process the information this should be recorded using the style consent form.\u00a0 If consent is given orally rather than in writing, this fact should be recorded in writing.<\/p><p>9.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Keeping personal data secure<br \/>9.1 \u00a0\u00a0\u00a0 Personal data should not be shared with those who are not authorised to receive it.\u00a0 Care should be taken when dealing with any request for personal \u2028 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 information over the telephone or otherwise. Identity checks should be carried out if giving out information to ensure that the person requesting the \u2028 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 information is either the individual concerned or someone properly authorised to act on their behalf.<br \/>9.2\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Hard copy personal information should be stored securely (in lockable storage, where appropriate) and not visible when not in use. \u00a0Filing cabinets and \u2028 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 drawers and\/or office doors should be locked when not in use. \u00a0Keys should not be left in the lock of the filing cabinets\/lockable storage.<br \/>9.3\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Passwords should be kept secure, should be strong, changed regularly and not written down or shared with others.<br \/>9.4\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Emails containing personal information should not be sent to or received at a work email address (other than an @churchofscotland.org address) as this might \u2028 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 be accessed by third parties.<br \/>9.5\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0The \u2018bcc\u2019 rather than the \u2018cc\u2019 or \u2018to\u2019 fields should be used when emailing a large number of people, unless everyone has agreed for their details to be shared amongst the group.<br \/>9.6\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 If personal devices have an @churchofscotland.org account linked to them these should not be accessed on a shared device for which someone else has the pin code.<br \/>9.7\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Personal data should be encrypted or password-protected before being transferred electronically.<br \/>9.8\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Personal data should never be transferred outside the European Economic Area except in compliance with the law.<\/p><p>10.\u00a0\u00a0\u00a0 Sharing personal data<br \/>10.1\u00a0\u00a0 We will only share someone\u2019s personal data where we have a legal basis to do so, including for our legitimate interests within the Church of Scotland (either within the Presbytery or to enable central databases held within the Church Office at 121 George Street, Edinburgh to be maintained and kept up to date).\u00a0 This may require information relating to criminal proceedings or offences or allegations of offences to be processed for the protection of children or adults who may be at risk and to be shared with the Church\u2019s Safeguarding Service or with statutory agencies.<br \/>10.2\u00a0\u00a0We will not send any personal data outside the European Economic Area.\u00a0 If this changes all individuals affected will be notified and the protections put in place to secure your personal data, in line with the requirements of the GDPR, will be explained.<\/p><p>11.\u00a0\u00a0\u00a0How to deal with data security breaches<br \/>11.1\u00a0\u00a0Should a data security breach occur, the congregation will notify the Presbytery Clerk immediately. If the breach is likely to result in a risk to the rights and freedoms of individuals then the Information Commissioner\u2019s Office must be notified within 72 hours.<br \/>11.2\u00a0\u00a0Breaches will be handled by the Presbytery Clerk in accordance with the Presbytery\u2019s data security breach management procedure.<br \/>12.\u00a0\u00a0\u00a0 Subject access requests<br \/>12.1\u00a0\u00a0Data subjects can make a subject access request to find out what information is held about them. This request must be made in writing.\u00a0 Any such request received by the congregation should be forwarded immediately to the Presbytery Clerk who will coordinate a response within the necessary time limit (30 days).<br \/>12.2 It is a criminal offence to conceal or destroy personal data which is part of a subject access request.<\/p><p>13.\u00a0Data subject rights<br \/>13.1\u00a0\u00a0\u00a0\u00a0Data subjects have certain other rights under the GDPR. This includes the right to know what personal data the congregation processes, how it does so and \u2028 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 what is the legal basis for doing so.<br \/>13.2\u00a0\u00a0 Data subjects also have the right to request that the congregation corrects any inaccuracies in their personal data, and erase their personal data where we are not entitled by law to process it or it is no longer necessary to process it for the purpose for which it was collected. \u00a0Data should be erased when an individual revokes their consent (and consent is the basis for processing); when the purpose for which the data was collected is complete; or when compelled by law.<br \/>13.3\u00a0\u00a0 All requests to have personal data corrected or erased should be passed to kevin_shiach@sky.comwho will be responsible for responding to them in liaison with the Presbytery Clerk.<br \/>14.\u00a0\u00a0Contracts<br \/>14.1\u00a0\u00a0If any processing of personal data is to be outsourced from the congregation, we will ensure that the mandatory processing provisions imposed by the GDPR will be included in the agreement or contract.<\/p><p>15. Policy review<br \/>The Kirk Session will be responsible for reviewing this policy from time to time and updating the congregation in relation to its data protection responsibilities and any risks in relation to the processing of data.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Privacy and Data Protection Privacy Notice KIRK OF CALDER, MID CALDER (Scottish Charity No. SCO13461)\u00a0(the \u201cCongregation\u201d) Purpose of this NoticeThis Privacy Notice outlines the way in which the Congregation will use personal information provided to us.\u00a0 Personal information includes any information that identifies you personally, such as your name, address, email address or telephone number.The [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"elementor_header_footer","meta":{"footnotes":""},"class_list":["post-240","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/cwsdemowebsites.com\/kirk\/wp-json\/wp\/v2\/pages\/240","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cwsdemowebsites.com\/kirk\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/cwsdemowebsites.com\/kirk\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/cwsdemowebsites.com\/kirk\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cwsdemowebsites.com\/kirk\/wp-json\/wp\/v2\/comments?post=240"}],"version-history":[{"count":7,"href":"https:\/\/cwsdemowebsites.com\/kirk\/wp-json\/wp\/v2\/pages\/240\/revisions"}],"predecessor-version":[{"id":248,"href":"https:\/\/cwsdemowebsites.com\/kirk\/wp-json\/wp\/v2\/pages\/240\/revisions\/248"}],"wp:attachment":[{"href":"https:\/\/cwsdemowebsites.com\/kirk\/wp-json\/wp\/v2\/media?parent=240"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}