Privacy Notice Safeguarding Trainers Conference 2023
Church of Scotland Safeguarding Service is providing you with this information to comply with data protection laws and to ensure that you are fully informed and we are transparent in how we collect and use your personal data.
Who is collecting the information?
Church of Scotland is the Data Controller. We have an appointed Data Protection Officer (DPO), Alice Wilson, who can be contacted by emailing: Privacy@churchofscotland.org.uk
Why are we collecting it and what are we doing with it (Purpose)?
We are collecting the data to administrate the Safeguarding Trainers Conference 2023, a learning event for volunteer safeguarding trainers in the Church of Scotland. The purpose of collecting some of the data is for providing correct food provisions and ensuring any access requirements (e.g. a hearing loop for presentations) are put in place.
What personal data do we collect?
We are collecting name, email address and association with a faith tradition. We are collecting dietary requirements and access requirements. We will also be collecting data relating to your church safeguarding role (e.g. whether you are a trainer, co-ordinator etc.), and within which presbytery you undertake this role. This is for supplying badges on the day.
As we are collecting your association with a faith tradition and health information, this means we are collecting special category data and will therefore have additional safeguards in place to protect your data.
How are we collecting this information? What is the source?
The information is collected directly from the individual and also through the event platform Eventbrite.
The lawful basis for the processing
The lawful basis for processing the personal and special category personal data under data protection laws are UK GDPR Article 6(1)(a) "the data subject has given consent to the processing of his or her personal data for one or more specific purposes" and for the special category data Article 9(2)(d) "processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects."
Who we share the information with:
As we are using Eventbrite (processors) we have appropriate documentation and safeguards in place with this company. The use of the Eventbrite platform which is a US company it can mean that data is stored in the USA. However, Eventbrite have provided assurances that all Church data is held within the UK only.
We will share relevant data with Stirling Court Hotel (name, access requirements and dietary requirements if you are staying over and only dietary requirements if you are a day delegate). There is an agreement in place with the hotel and the data will only be used for limited purposes. It will then be destroyed securely following their procedures.
.
Details of data transfers to any third countries or international organisations
There are no data transfers to third countries or international organisations
How long do we hold the personal data?
The data will be held for 6 months and will be destroyed securely following Church procedures after that period of time.
Do we use automated decision making processes, including profiling?
The Church does not process data in this way
Individuals' rights in relation to this processing
Under data protection legislation individuals have a number of rights. These rights are listed on our website here.For the purposes of the Safeguarding Conference 2023 and due to the lawful basis, only the right to object will not apply. All other rights do apply, if you want to exercise any of your rights please contact the Church, you can email the DPO at Privacy@churchofscotland.org.uk or make the request verbally. The Church will process your request accordingly and respond without undue delay and within one calendar month. It may be necessary prior to the request being processed that the Church will require proof of identity. This is required to ensure an individual's personal data is not disclosed to an unauthorised individual.
As the lawful basis is consent, it's important to note that you can withdraw your consent at any time. To exercise this right please email safeguarding@churchofscotland.org.uk to withdraw your consent and your request will be processed accordingly.