This Privacy Notice is relevant for anyone visiting The Church of Scotland ("The Church", "we" or "us") websites. The Church of Scotland is a charity registered in the UK and, as such, we adhere to all data protection laws, including but not limited to the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
Our address is 121 George Street, Edinburgh EH2 4YN. With regard to data protection, we have appointed a Data Protection Offcer (DPO), Alice Wilson, who can be contacted by email at email@example.com. In this Privacy Notice, we explain what types of personal data we process and for what purposes when you visit our website. For more information about your choices in relation to our processing, how you can learn more about our processing and exercise your rights, please see our page on Your Rights and Choices.
Personal data processed
When you share your personal data on this website or through any personal data collection form associated with this website, you are giving your Personal Data to the Church of Scotland as the Data Controller.
Personal data refers to data that relates to you. We process the following types of personal data related to you:
- Identity details such as your name.
- Contact details such as e-mail address and phone number.
- Information generated as a result of your use of our services. Such information may include IP address, device and browser type and also information about how you interact with our services.
- Plus other information we receive from you through your contact with us.
Purposes of processing
We process personal data for the following purposes:
- To provide our services in accordance with relevant terms and conditions.
- Administration of the business relationship with you.
- To develop and improve our services.
- To provide you with information about our services.
- Marketing and promotion of our services and activities.
Data sharing and transfers
We share personal data with third parties who process your personal data on our behalf for the purposes explained above.
When we transfer personal data to a country outside the UK and EEA we will, in such cases, obtain your consent first, or ensure the transfer is legal and safe by taking other measures. For example, using the EU/US Privacy Shield to protect transfer to data processors the USA or by using Standard Contractual Clauses to govern the transfer and processing of personal data involved.
Individuals' rights in relation to this processing
Data protection laws have a number of rights for individuals. This is detailed on our page on your rights and choices.
If you want to exercise any of these rights you can do so either verbally or in writing. The Church will require proof of identity prior to processing the request. The Church are required to process the request without undue delay and must respond within one month.
It's important to note that you can withdraw your consent at any time, to do this please contact firstname.lastname@example.org.
Complaints to UK Information Commissioner's Office (ICO)
If you are concerned about how your personal data is being used by the Church of Scotland, in the first instance please can you contact the Church of Scotland Data Protection Officer (DPO) at email@example.com. If you are not satisfied with the outcome then you can complain to the regulator of data protection, the UK Information Commissioner's Office (ICO). The ICO has guidance on their website.
You can email them at firstname.lastname@example.org or call them on 0303 123 113 or you can send a letter to them at the following address:Customer Contact
Information Commissioner's Office