The Church of Scotland Central Information Systems (CIS) database Privacy Notice
Church of Scotland's Faith Impact Forum is providing you with this information to comply with data protection law and to ensure that you are fully informed and we are transparent in how we collect and use your personal data.
Who is collecting the information?
Church of Scotland Faith Action is the Data Controller.
Why are we collecting it and what are we doing with it (Purpose)?
We are collecting this for the purpose of keeping our Central Information Systems (CIS) database database up to date with accurate up to date contact details. These purposes include administration purposes, church business purposes and other related matters.
What personal data do we collect?
Name, address, date of birth, gender, martial status, email address & phone number. We also ask for the detail of what position they hold: e.g. Session Clerk, Congregational Treasurer, Retired Minister etc. It also records the detail in relation to Congregation or Presbytery.
How are we collecting this information? What is the source?
We are collecting this by sending out the CIS Data Protection Form.
The lawful basis for the processing
The lawful basis for this purpose is UK GDPR 6(1)(b) "processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract" and for further sharing of data the lawful basis is UK GDPR Article 6(1)(a) "the data subject has given consent to the processing of his or her personal data for one or more specific purposes"
Who we share the information with:
The Church Information System (CIS) is an in-house database so no processors are involved. The Data Protection Consent Form includes a statement for sharing data wider with other Christian organisations. If the Church does share this data, it is only done if the individual has consented and the data shared is carried out securely with appropriate documentation in place.
How long do we hold the personal data?
The data is held for the length of membership to the Church. Following on from that the data is held for an additional 5 years before being destroyed securely following Church procedures.
Individuals’ rights in relation to this processing
Individuals have a number of rights under data protection laws. These are detailed on our website here. As the lawful basis for this processing is consent, all of the rights apply except for the Right to Object. If you want to exercise any of your rights, please email firstname.lastname@example.org