General Assembly Privacy Notice
The Church of Scotland is providing you with this information to comply with data protection laws and to ensure that you are fully informed and we are transparent in how we collect and use your personal data for the General Assembly. When you take part in the General Assembly, which will proceed simultaneously with in person and online attendees, you are giving your personal data to The Church of Scotland.
Who is collecting the information?
The Church of Scotland is the Data Controller.
We have an appointed Data Protection Officer (DPO), Alice Wilson, who can be contacted by emailing: privacy@churchofscotland.org.uk
Why are we collecting it and what are we doing with it (Purpose)?
The purpose of processing the personal data we have is to enable the General Assembly to meet, debate and make decisions both in person and by video-conference. Your personal data will not be used for any other purpose without your permission, except in the context of fulfilling a legal obligation to which The Church of Scotland is subject.
Your Personal Data
- From the information you supplied we have your: surname, first name, middle initial, email address, postal address, congregation and designation as a minister, deacon or elder. If you gave any information as to accessibility or other needs then we may have that information also. In addition, we may hold your date of birth, whether or not you have retired and details of your qualifications/decorations. We will use this information for the purpose of enabling you to join and participate in the General Assembly.
- During the Assembly itself we will record your questions, comments and oral and written contributions. This may mean recording your image and voice as you speak in the Hall, or if you are online, recording your webcam image and your voice.
- If the Assembly uses a poll or voting form your voting preference will be recorded but will be known only to the meeting organiser and will not be shared with anyone else.
- If you join the Assembly by telephone, your telephone number will be recorded (only where used).
- The Assembly will be recorded so that a record can be kept for accountability and archiving purposes. The video part of the meeting will also be streamed live on the internet for others to view.
The lawful basis for processing
The lawful basis for processing the personal data is UK GDPR Article 6(1)(e) "processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller." The Church of Scotland Act 1921 provides for the official authority vested in the General Assembly of the Church of Scotland as data controller.
For the processing of special category data (sensitive personal data) the lawful basis is UK GDPR Article 9(2)(d) "processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects".
Who we share your personal data with
Your personal data is shared with our contracted data processors Sanctus Media and Oscus Media (and their respective sub-contractors), both of whom will process your data according to instructions agreed by The Church of Scotland.
Your personal data will not be used for any other purpose or shared with any other third party unless doing so is necessary in order to comply with a legal obligation or in order to protect your vital interests or those of another data subject.
Details of data transfers to any third countries or international organisations
We receive information from the Presbytery of International Charges and from the Presbytery of Jerusalem, so to that extent there are data transfers outside the UK and EEA. We also publish recordings of the Assembly on the Church's website and/or where excerpts from the recordings are broadcast on national or international television and/or used in other publications so there are additional data transfers which occur. With all of the data transfers there are appropriate safeguards in place to protect this data.
How long do we hold the personal data?
The Assembly will be recorded as a record of the process under the control of the Principal Clerk. The recordings will only reference you as an individual if you take part in the debate or make any oral or written contribution. The recordings may be published on the Church's website and also excerpts from them may be broadcast on national or international television and/or may be used in other publications. The recordings will be retained for accountability and archiving purposes.
Individuals' rights in relation to this processing
Under data protection law, individuals have a number of rights. These are detailed on the Church of Scotland website privacy centre.
Not all rights apply and it depends on the lawful basis as to what rights apply. For this purpose the lawful basis is public task. This means that all the rights apply except for the right to erasure and the right to data portability. If you wish to exercise any of your rights, please email the DPO at privacy@churchofscotland.org.uk
You may also advise us of an incident involving personal data or data breach using the same contact information.