Islamophobia: The Causes, the Cures and The Church Webinar
Privacy Notice for Islamophobia: The Causes, the Cures and The Church Webinar
Church of Scotland Public Life and Social Justice Department is providing you with this information to comply with data protection law and to ensure that you are fully informed and we are transparent in how we collect and use your personal data.
Who is collecting the information?
Church of Scotland Public Life and Social Justice Department is the Data Controller. We have an appointed Data Protection Officer (DPO), Alice Wilson, who can be contacted by emailing: Privacy@churchofscotland.org.uk
Why are we collecting it and what are we doing with it (Purpose)?
To run a webinar about Islamophobia which will be recorded for training purposes. This will involve a panel of speakers discussing their experiences.
What personal data do we collect?
We are collecting name, email address, and association with a faith tradition from the attendees. As we are collecting your association with a faith tradition, this means we are collecting special category data and will therefore have additional safeguards in place to protect your data.
The speakers information will be disclosed as a biography detailing their background and experience with Islamophobia.
How are we collecting this information? What is the source?
The Church uses Eventbrite to enable individuals to register for a webinar and Zoom for the running of the webinar. This data is then available to the Church in relation to the organisation and running of the event. The data regarding the speakers are collected separately and provided to attendees for information.
The lawful basis for the processing
Under data protection law the lawful basis for processing attendee data is UK GDPR Article 6(1)(a) "the data subject has given consent to the processing of his or her personal data for one or more specific purposes."
As identification of an individual's religion is involved, it means that special category data is processed and therefore the lawful basis for this isUK GDPR Article 9(2)(a) "the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where domestic law provides that the prohibition referred to in paragraph 1 may not be lifted by the data subject" These are the lawful basis for processing attendee data.
The lawful basis for processing speakers data is UK GDPR Article 6(1)(b) "processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract" As the speakers religion will be identified, special category data is involved and therefore the lawful basis for this is UK GDPR Article 9(2)(b) "processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by domestic law or a collective agreement pursuant to domestic law providing for appropriate safeguards for the fundamental rights and the interests of the data subject."
Who we share the information with:
As we are using Eventbrite and Zoom (processors) for the registration of the event and for the running of the event. Both of these processors have appropriate contractual agreements in place with the Church to ensure the appropriate handling of data is done so on the Church's instruction and Eventbrite and Zoom will only act on the Church's instruction.
We also provide an option to be contacted for other events of interest. If you have requested this, it will be shared within the Public Life and Social Justice department in the Church.
Details of data transfers to any third countries or international organisations
The use of Zoom means that there is data transferred outside the UK. However the data is stored in Germany and elsewhere in the EU where adequate data protection laws are in place.
The use of the Eventbrite platform means that back up data may be stored in the USA. However, Eventbrite have provided assurances to the Church that they store the data in their UK data centres only.
How long do we hold the personal data?
Registration information (Emails and names) will be stored for 5 months. The webinar itself will be stored for up to 5 years as it will be used for e-learning training.
Do we use automated decision making processes, including profiling?
The Church does not process data in this way.
Individuals' rights in relation to this processing
Individuals have a number of rights under data protection laws. These are detailed here. Not all rights are absolute and some only apply in relation to the lawful basis for processing both attendee data and speakers data. For this purpose, the only right that does not apply is the Right to Object. All other rights apply. If you want to exercise any of your rights please contact the DPO at Privacy@churchofscotland.org.uk
As the lawful basis is consent, it's important to note that you can withdraw your consent at any time. To exercise this right please EDI@churchofscotland.org.uk to withdraw your consent and your request will be processed accordingly.
If you opted to be contacted in the future when you registered for the event, your email will be stored on the secured Church of Scotland server and will not be shared beyond the event organisers. You can withdraw your consent to be contacted at any time by emailing ‘unsubscribe' to EDI@churchofscotland.org.uk