Privacy Notice for Nominations process for the Membership of the Standing Committees of the General Assembly
Privacy Notice for Nominations process for the Membership of the Standing Committees of the General Assembly
Church of Scotland Office of the Assembly Trustees is providing you with this information to comply with data protection law and to ensure that you are fully informed and we are transparent in how we collect and use your personal data.
Who is collecting the information?
Church of Scotland (The Church) is the Data Controller. We have an appointed Data Protection Officer (DPO), Alice Wilson, who can be contacted by emailing: Privacy@churchofscotland.org.uk
Why are we collecting it and what are we doing with it (Purpose)?
We are collecting personal data of individuals for the nominations process for Membership of the Standing Committees of the General Assembly. This information is needed to process a nomination to serve on an agency of the Church and individuals who support/sponsor the nominee.
What personal data do we collect?
Some of the data will not be disclosed to the committee/convenor but collected as part of the Nominations process and to report to the General Assembly on the statistics in relation to Nominees and their sponsors.
Personal data | Special Category (Sensitive) Personal Data |
---|---|
Title | Relationship with the Church including involvement with the Church |
Name | Personal statement may disclose additional sensitive data e.g. disability, racial or ethnic origin etc. |
Address | Nominee confirms their role within the Church: member/elder/deacon/minister |
Telephone/Mobile Number | Congregation which the nominee is a member of along with the Presbytery which the Congregation is part of |
Email address | Church involvement |
Age Group | |
Relevant skills and knowledge including Employment history and professional qualifications | |
Previous service on national committees including dates (over the previous 10 years) | |
Personal statement explaining why you would be suited to serve on your chosen Committee(s) | |
Nominee's Supporter's Name, email address and telephone number | |
Nominee's Supporter's role in which supporting the Nominee | Role of person supporting the nomination should be on of the following: Kirk Session, Minister, Deacon, Presbytery, The Guild, the Standing Committee itself or the Nomination Committee. |
How are we collecting this information? What is the source?
The information is collected directly from the Nominee form and the Nominee's Supporter's Form. If the information is not provided the Church cannot proceed with the Nomination.
The lawful basis for the processing
The lawful basis for processing the personal and special category personal data under data protection laws are UK GDPR Article 6(1)(e) "processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller." and for the special category data Article 9(2)(d) "processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects."
Who we share the information with:
The Church uses Microsoft (MS) as a processor and therefore the data is collected in MS Forms, Teams and Excel for the Nominations process. All of the data is held on their servers. However, this is all held within Microsoft's UK servers and appropriate contractual documentation is in place. Microsoft will only process Church data as instructed by the Church.
The information is then shared with the Nomination Committee, with no contact details (as referenced above & directly in the forms) available, just the answers and statements, explaining why the Nominee wishes to be considered for the committee(s). Also if the Nominee indicates that they wish to be considered for sub-group/committee of the Assembly Trustees the data will be shared with the relevant selection panel.
The Nominations Database and the Central Information System (CIS) database record nominations, candidates etc. These databases are linked but CIS does not detail all the data held in the Nominations database. Both of these databases are managed and maintained within the Church, ensuring appropriate access controls and permissions are applied appropriately.
Appointment as a member is subject to General Assembly agreement. The Nomination Committee report to the General Assembly will provide a list of nominees for each of the Standing Committees (name and congregation) noting when they are Convener, Vice-Convener, reappointment plus whether they are a minister, elder, deacon or member. Appointment of Convener and Vice-Convener requires a section of deliverance for General Assembly approval.
Details of data transfers to any third countries or international organisations
This does not apply for this processing.
How long do we hold the personal data?
Those who are not put forward for nomination to serve on a Standing Committees may be asked to be sit as a ‘reserve' in case of any mid-term vacancies which arise. Or, the Nomination Committee may need to consider a mid-term vacancy and want to refer to the most recent nomination forms received. For this purpose, the nomination forms are held for no longer that 2 years, they are then destroyed securely following Church procedures.
The information which is entered into the Nomination database allows the Church to track previous membership which is essential for nominations processes. The data entered into the database does not include whether they prefer to attend meetings in person/online, where they heard about the nominations process, details of the supporter (other than their role), or the text provided against: personal statement, skills and knowledge including employment history and qualifications, church involvement, previous service on national committees. The Nominations Database will only hold this membership data for the period the individuals are sitting on a committee, for example where an initial term is 4 years but an individual can be re-appointed for a second term or serve as Vice convener for 3 years and Convener for 4 years. Due to this and the need to be able to refer back to previous memberships the data held there will be destroyed after 16 years, following Church procedures.
Do we use automated decision making processes, including profiling?
The Church does not process data in this way.
Individuals' rights in relation to this processing
Individuals have a number of rights under data protection laws. These are detailed here. Not all rights are absolute and some only apply in relation to the lawful basis for processing. For the purposes of the Nominations process and due to the lawful basis, only the right to erasure and the right to data portability will not apply. All other rights do apply.
If you want to exercise any of your rights please contact the Church, you can email the DPO at Privacy@churchofscotland.org.uk or make the request verbally. The Church will process your request accordingly and respond without undue delay and within one calendar month. It may be necessary prior to the request being processed that the Church will require proof of identity. This is required to ensure an individual's personal data is not disclosed to an unauthorised individual.