Privacy Notice for Safeguarding Department Drop-in Sessions
Privacy Notice for a Church of Scotland webinar on the Blue Book Report 2023
The Church of Scotland Safeguarding Department is providing you with this information to comply with data protection laws and to ensure that you are fully informed and we are transparent in how we collect and use your personal data during the drop-in session.
Who is collecting the information?
Church of Scotland's Safeguarding Department is the Data Controller. We have an appointed Data Protection Officer (DPO), Alice Wilson, who can be contacted by emailing: Privacy@churchofscotland.org.uk
Why are we collecting it and what are we doing with it (Purpose)?
Your data is collected at the start of a Drop-In Session using Zoom as the platform for these sessions. We use your data and compare this against our existing records on our Clue Database to confirm that you are Safeguarding Co-ordinator, Presbytery contact or Trainer.
What personal data do we collect?
During the Drop-in session, we will verify your details provided on the Zoom call and compare your information to our Clue database records, which is the Safeguarding Service case management system. The only data that is checked is your name and surname which links with your PVG disclosure records. We do not collect any additional data for the Drop-in sessions, we just verify that you are in a Safeguarding role in your congregation or presbytery and therefore can attend these sessions. However, we are aware that attendees may disclose what Presbytery or Congregation they are part of. As such we will be collecting special category data (religious beliefs) and will have additional safeguarding in place.
How are we collecting this information? What is the source?
We collect your information on the Zoom call. Your data is then checked against our existing records, held within our Clue database and linked to your PVG or Basic disclosure records
The lawful basis for the processing
The lawful basis for the processing of this data is UK GDPR Article 6(1)(a) "the data subject has given consent to the processing of his or her personal data for one or more specific purposes."
As it's possible religious beliefs data is disclosed at the Drop-in Sessions, the lawful basis for processing that data is UK GDPR Article 9(2)(d) "processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects".
Who we share the information with:
The Drop-in sessions are run using the Zoom platform. As we are using the Zoom platform (processors) we have appropriate documentation and safeguards in place with this company. Zoom stores all Church of Scotland data within the EU as instructed by the Church. The Clue database provider is also a processor. There is an appropriate contract in place and the data is held within the UK as instructed by the Church.
Details of data transfers to any third countries or international organisations
The use of Zoom means that data is transferred outside the UK. However, the data is stored in Germany and Ireland where there is already a high standard of data protection laws are in place.
How long do we hold the personal data?
At the end of the Drop-In Session the information held on the platform is deleted immediately, following Church procedures.
Do we use automated decision making processes, including profiling?
The Church does not process data in this way for this purpose.
Individuals' rights in relation to this processing
Individuals have a number of rights under data protection laws. These are detailed here. Not all rights are absolute and some only apply in relation to the lawful basis for processing. For this purpose, the only right that does not apply is the Right to Object. All other rights apply. If you want to exercise any of your rights please contact the DPO at Privacy@churchofscotland.org.uk
As the lawful basis is consent, it's important to note that you can withdraw your consent at any time. To exercise this right please contact Safeguarding@churchofscotland.org.uk to withdraw your consent and your request will be processed accordingly.