Privacy Notice for Initial Ministerial Education (IME) Candidates
Church of Scotland Faith Action Programme Leadership Team (FAPLT) is providing you with this information to comply with data protection law and to ensure that you are fully informed and we are transparent in how we collect and use your personal data.
Who is collecting the information?
Church of Scotland Faith Action Programme Leadership Team (FAPLT) is the Data Controller. We have an appointed Data Protection Officer (DPO), Alice Wilson, who can be contacted by emailing: Privacy@churchofscotland.org.uk
Why are we collecting it and what are we doing with it (Purpose)?
Faith Action Programme Leadership Team needs to process data to enter into a Candidate agreement with you and to meet its obligations. We use the information you give to us:
- to plan the provision of the IME Programme including partnership with academic partners
- to maintain student records;
- to communicate with you regarding the IME Programme which includes all aspects of training (e.g. placements, conference planning, supervision, Ministers Training Network (MTNs), reviews, Presbytery links etc.) and other information relevant to your learning/participation such as attendance, progress with academic studies;
- to monitor equal opportunities;
- for safeguarding and promoting the welfare of students;
- to obtain occupational health advice, to ensure that it complies with duties in relation to individuals with disabilities, and meet its obligations under health and safety law
What personal data do we collect?
- your name, address and contact details, including email address and telephone number, date of birth and gender;
- ID information from your passport or other identity documents, such as your driving licence;
- your discernment scheme application form, learning covenant, initial course meeting record and assessment conference report;
- date of membership of the Church of Scotland;
- details of your qualifications, skills, experience, volunteering and employment history, including start and end dates, with previous employers, volunteer-involving organisations and with the Faith Action Programme Leadership Team;
- your leisure and community interests;
- information about your remuneration (grant or stipend);
- details of your bank account and national insurance number;
- information about your marital status, next of kin, dependants and emergency contacts;
- information about your nationality and entitlement to work in the UK;
- information about your criminal record;
- details of placements;
- details of periods of leave from study taken by you, including sickness absence, family leave and the reasons for the leave;
- details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence;
- assessments of your performance, including university transcripts, and training and conferences you have participated in;
- information about medical or health conditions, an occupational health check report including whether or not you have a disability for which the organisation needs to make reasonable adjustments;
- equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief.
Special category data
It is important to understand that some of the data to be collected, within the list above, falls under the ‘special category data' designation. As we are collecting special category data and potentially criminal records data we will therefore have additional safeguards in place to protect your special category data. Special category data is:
- Racial/ethnic origin
- Political Opinions
- Religious or philosophical beliefs
- Trade union membership
- Genetic data
- Biometric data
- Health data
- Sex life
- Sexual orientation
How are we collecting this information? What is the source?
Faith Action Programme Leadership Team collects this information in a variety of ways. For example, data is collected through application forms, CV's; obtained from your passport or other identity documents such as your driving licence; from forms completed by you at the start of or during discernment; from correspondence with you; or through interviews, meetings or other assessments.
Faith Action Programme Leadership Team collects personal data about you from third parties, such as references supplied by former employers or volunteer references, and information from criminal records checks permitted by law.
The lawful basis for the processing
The lawful basis for the processing is UK GDPR Article 6(1)(b)"processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract."
As special category data is collected the lawful basis for this processing is UK GDPR Article 9(2)(d) "processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects."
Who we share the information with:
We use the information you give to us internally to ensure we are meeting the purposes of the processing. It is not shared with any external bodies without appropriate documentation in place. For example, during the discernment process applicants do have assessments made about their suitability for the ministry. This is carried out by HealthLink 360, ProfileMatch and Medigold. There are appropriate joint controller contracts in place with these organisations.
We do use processors for some of this processing. The processors are Zoom, Microsoft and Circle. They act only on the Church's written instructions and there are appropriate contract documentation in place. Both Zoom and Microsoft process the personal data within the EU and UK. However, processing of data with Circle does mean the data is transferred to the US as Circle is a US based company.
Details of data transfers to any third countries or international organisations
Circle is a US based company so there are data transfers to the USA. However, Circle are processors and appropriate documentation is in place. There are additional safeguards in place to further protect the data.
How long do we hold the personal data?
We will keep your personal information for as long as you are a ministry Candidate (3-5 years depending on the formation program that you are following); some is kept for the duration of your ministry with the Church of Scotland in your personnel file. For the training records these are held for five years, then destroyed securely following Church procedures. .
Do we use automated decision making processes, including profiling?
The discernment process involves using HealthLink 360, ProfileMatch and Medigold to assess suitability for ministry etc. Some of this process involves automated decision making, including profiling. There are appropriate controls in place to protect the data and a mechanism in place if individuals request intervention directly by staff rather than automated means.
Individuals' rights in relation to this processing
Individuals have a number of rights under data protection laws. These are detailed here. Not all rights are absolute and some only apply in relation to the lawful basis for processing the data. For this purpose, the only right that does not apply is the Right to Object. All other rights apply. If you want to exercise any of your rights please contact the DPO at Privacy@churchofscotland.org.uk and your request will be processed accordingly, within one month of receipt of the request.