Privacy Notice for Disciplinary Proceedings
The Church of Scotland is providing you with this information to comply with data protection law and to ensure that you are fully informed and we are transparent in how we collect and use your personal data.
Who is collecting the information?
The Church of Scotland is the Data Controller. We have an appointed Data Protection Officer (DPO), Alice O'Sullivan, who can be contacted by emailing: Privacy@churchofscotland.org.uk
Why are we collecting it and what are we doing with it (Purpose)?
We collect information in relation to disciplinary proceedings when a complaint is received regarding a potential disciplinary offence under the Discipline Act (Act I 2019)
What personal data do we collect?
Name, address, role, personal opinions, congregation and Presbytery details, witness statements, evidence in relation to the alleged disciplinary offence
How are we collecting this information? What is the source?
Information directly from complainants, witnesses and respondents
The lawful basis for the processing
The Church of Scotland Act 1921 allows the Church to legislate and to adjudicate finally in all matters of doctrine, worship, government and discipline involving its ministers, members and office-bearers. The civil courts do not have jurisdiction in these matters and the church has developed its own parallel system of courts. The Church's Presbyterian system of government means that authority is vested in the Church courts rather than in individuals. Courts of the Church have the status of courts of the land. The lawful basis for processing under data protection law is UK GDPR Article 6(1)(e) "processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller." For processing special category personal data (e.g. religious beliefs), the lawful basis is UK GDPR Article 9(2)(g) "processing is necessary for reasons of substantial public interest, on the basis of domestic law which shall be proportionate to the aim pursued and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject" and the Data Protection Act 2018 Schedule 1, Part 2(26) "Publication of legal judgments"
Who we share the information with:
We use Net Documents and Microsoft as processors. They only act on the Church's instructions and there is an appropriate contract in place.
Decisions of the Discipline Tribunal are shared with the Session Clerk of the relevant congregation, the Presbytery Clerk, the Principal Clerk and (unless the respondent is an elder or office-bearer) the Head of the Faith Action Programme.
The outcome of Disciplinary Tribunal will be published on the Church's website, with appropriate redaction applied for any third party data.
Details of data transfers to any third countries or international organisations
The Church of Scotland will proactively publish the decisions of the Discipline Tribunal on its website. It will only name the respondent; all other personal data will be withheld. As this information will be published, it will be accessible globally.
How long do we hold the personal data?
The records and decision of the Discipline Tribunal are held for the lifetime of a respondent as individuals could potentially be active in the Church for their whole life. Once this period has passed, the records will be destroyed securely, following Church procedures.
Do we use automated decision making processes, including profiling?
The Church does not process data in this way
Individuals' rights in relation to this processing
Individuals have a number of rights under data protection laws. These are detailed here. Not all rights are absolute and some only apply in relation to the lawful basis for processing the data. For this processing purpose the right to erasure and the right to data portability do not apply. All other rights do apply. If you want to exercise any of your rights please contact the DPO at Privacy@churchofscotland.org.uk