COMMUNITIES TOGETHER DURHAM

1. Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the UK General Data Protection Regulation (the GDPR).

2. Who are we?

Communities Together Durham (‘CTD’) is the data controller. This means it decides how your personal data is processed and for what purposes.

3. How do we process your personal data?

CTD complies with its obligations under the GDPR by: –

• keeping personal data up to date;
• storing and destroying personal data securely;
• not collecting or retaining excessive amounts of data;
• protecting personal data from loss, misuse, unauthorised access and disclosure; and
• by ensuring that appropriate technical measures are in place to protect personal data.

We use your personal data for the following purposes: –

• To enable us to provide a voluntary service for the benefit of the public within the Diocese of Durham and the North East of England;
• To enable us to meet our legal and statutory obligations
• To carry out safeguarding procedures in accordance with best safeguarding practice
• To administer records of: –
      Employees, Clergy and licensed ministers, church officers and others who access our services and events and Asylum seekers and refugees accessing our services
• To fundraise and promote the interests of CTD;
• To manage our employees and volunteers;
• To maintain our own accounts and records;
• To inform you of news, events, activities and services running either within CTD or further afield through mailings (by email and/or hard copy).

4. What is the legal basis for processing your personal data?

Most of our data is processed because it is necessary for our legitimate interests, or the legitimate interests of a third party (such as another organisation in the Church of England).  An example of this would be our work to offer support services to clergy, PCCs and parishes.  We will always take into account your interests, rights and freedoms. 

Some of our processing is necessary for compliance with a legal obligation.  For example, data processing will be required in order to meet our obligations as an employer, and to meet our safeguarding responsibilities to protect children and adults at risk. Other data is processed where necessary for the performance of a contract, for example in relation to employment of staff or in support of a partnership agreement.

In some cases, we may seek consent to process your information; in such cases data will only be processed in line with the consent you have provided and this consent may be withdrawn at any time.

5. Sharing your personal data

Your personal data will be treated as strictly confidential and will only be shared for purposes connected with CTD.

We do not share your personal information with third parties without your consent, unless it is for a legitimate business reason, as required by law or other legal processes, or with a secure contractor who carries out data processing operations on our behalf. We never sell your personal information. Annex 1 sets out those partners with whom we would typically share data.

6. How long do we keep your personal data?

Data is retained in line with CTD’s Data Retention Policy which requires data to be deleted once it is no longer needed.

7. Your rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: 

• The right to request a copy of your personal data which CTD holds about you;
• The right to request that CTD corrects any personal data if it is found to be inaccurate or out of date;
• The right to request your personal data is erased where it is no longer necessary for the CTD to retain such data;
• The right to withdraw your consent, where consent has been required, to the processing at any time;
• The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability) (where applicable);
• The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
• The right to object to the processing of personal data, (where applicable);
• The right to lodge a complaint with the Information Commissioners Office.

8. Transfer of Data Abroad

Any electronic personal data transferred to countries or territories outside the EU will only be placed on systems complying with measures giving equivalent protection of personal rights either through international agreements or contracts approved by the European Union. Our website is also accessible from overseas so on occasion some personal data may be accessed from overseas.

9. Changes to this notice

We keep this Privacy Notice under regular review and we will place any updates on the CTD (www.communitiestogetherdurham.org.uk). This Notice was last updated in May 2023. 

10. Contact Details

To exercise all relevant rights, queries or complaints please in the first instance contact the Data Protection Officer (sheilab1554@gmail.com) by post at Communities Together Durham, Cuthbert House, Stonebridge, DURHAM, DH1 3RY.  

You have the right to contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. 

Annex 1

Third parties with whom data may be shared where it is necessary for the performance of their tasks or for them to comply with their legal obligations include: –

• CTD payroll provider, HMRC, nominated pension providers;
• Statutory agencies
• Durham Diocesan Safeguarding Adviser;
• Durham Diocesan HR Adviser and
• Durham Diocesan Communications Adviser.