General Privacy Notice

We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event that you have a complaint.

When we use your personal data we are regulated under the General Data Protection Regulation (GDPR) which applies across the European Union (including in the United Kingdom) and we are responsible as “controller” of that personal data for the purposes of the GDPR. Our use of your personal data is subject to the instructions of the Bishop of Worcester and The Worcester Diocesan Board of Finance Limited for whom we act, as well as by the GDPR, other relevant UK and EU legislation and our professional duty of confidentiality.

 

KEY TERMS

Here are some key terms that are used within this policy:

We, us, our

SME Solicitors

Our Data Protection Manager

Guy Salter

Personal data

Any information relating to an identified or identifiable individual.

Special category personal data

Personal data revealing racial or ethnic origin, political opinions, religious beliefs or trade union membership

 

Genetic and biometric data

 

Data concerning health, sex life or sexual orientation

 

WHO ARE WE

This privacy notice is provided to you by SME Solicitors which is the data controller for your data. We act as legal advisors to the Bishop of Worcester, The Worcester Diocesan Board of Finance Limited, the Worcester Diocesan Board of Education and the Worcester Diocesan Synod; Stuart Ness, who is a solicitor at SME Solicitors, is the Bishop of Worcester’s Legal Secretary and he is the Registrar of the Diocese of Worcester. Jack Smith, who is also a solicitor with SME is the Deputy Registrar. If we are advising you about an ecclesiastical matter we are doing so on behalf of the Bishop of Worcester or one of the other bodies mentioned: we are not acting for you.

Because the Church of England is made up of different people and organisations all working together, we may need to share the personal data we hold with other parts of the Church so that they can carry out their responsibilities to the Church and our community.

This privacy notice explains how SME Solicitors, which is the location of the Worcester Diocesan Registry, will process your data. 

HOW WE PROCESS YOUR PERSONAL DATA

Under data protection law, we can only use your personal data if we have a proper reason for doing so, for example:

  • to comply with our legal and regulatory obligations;
  • for the performance of our instructions;
  • for our legitimate interests or those of a third party; or
  • where you have given consent.

A legitimate interest is when we have a business or commercial reason to use your information, or where the organisations for whom we work or third parties have such reason, so long as this is not overridden by your own rights and interests.

We will comply with our legal obligations to keep personal data up to date. We will store and destroy it securely preventing personal data from being lost, misused, accessed or disclosed without authorisation and we will not collect or retain excessive amounts of data.

The table below explains how we process your data, specifically in relation to the Worcester Diocesan Registry, and the reasons for doing so:

What we use your personal data for

Our reasons for doing so

To provide legal services to the Bishop of Worcester or to The Worcester Diocesan Board of Finance Limited

For the performance of our contract with them or to take steps at your request before entering into a contract

 

This means that we may use your personal data for some or all of the following purposes:

  • to enable us to meet all legal rules of law and statutory obligations (which include requirements under legislation specific to the regulation of all those who have contact with the Church including: Acts of Parliament, Synodical Measures, Statutory Instruments, Rules made under Measures, and the Canons of the Church of England);
  • to provide advice to the Bishop of Worcester, the Bishop of Dudley, the Archdeacon of Worcester, the Archdeacon of Dudley, the rural deans, incumbents and other licensed clergy and those permitted by the Bishop of Worcester to officiate in the diocese, the Synods and their Chairs, the Boards and their officers and committees, the Parochial Church Councils and churchwardens about any legal matter pertaining to the ecclesiastical or synodical offices or their work or the corporate work of the boards;
  • to administer the jurisdiction of the Bishop’s Vicar General in respect of the grant of common licenses for marriage;
  • to administer justice in relation to the jurisdiction of the Bishop’s Consistory Court and to act as clerk to Diocesan Chancellor as Official Principal and judge of that Court and to ensure the publication of the Judgments of that Court;
  • to advise the Bishop on matters relating to the discipline of clergy or lay people; 
  • to advise the Bishop and the Diocesan Safeguarding Advisor and all persons having such responsibilities in relation to safeguarding with the aim of ensuring that all children and vulnerable adults are provided with safe environments and protected from neglect or physical mental or emotional harm;
  • to assist in the prevention or detection of any unlawful act, including in this context acts which are contrary to ecclesiastical law as well as secular law;
  • to assist in the protection of the public from dishonesty, malpractice or other seriously improper conduct, unfitness, incompetence, mismanagement or service provision failing including the misconduct of clergy or lay people in contact with the Church of England; 
  • to maintain the Bishop’s records as to his Acts, and the decisions of the Consistory Court;
  • to maintain the Patronage Register in respect of Patrons of individual benefices;
  • to draw up and retain copies of all deeds and other documentation as to Ordination, Deeds of Collation, Institution and Licence and other matters;
  • to advise all persons as to legal matters pertaining to the Church of England in the diocese relating to baptism, confirmation, marriage, and the burial of the dead; 
  • to maintain our own accounts and records.

We have included Appendix A some of the particular processing areas in more detail.

THE LEGAL BASIS FOR PROCESSING YOUR DATA

Processing will be carried out in accordance with Article 6 of the GDPR and under the principles of Article 5:

  • for our legitimate interests as a firm, or the legitimate interests of a third party (such as the Bishop or an organisation or person within the Church of England). For example, our work may mean that we share information with another diocese or the Church Commissioners in relation to disciplinary matters (in this last criterion, we will always take into account your interests, rights and freedoms);
  • under a legal obligation (for example the maintenance of the Patronage Register); or
  • for performing a task carried out in the public interest or in the exercise of official authority. For example, our work under the Clergy Discipline Measure 2003 and safeguarding work to protect children and vulnerable adults, or in relation to faculties or marriage licences (but given that the Church of England is the Established Church the criterion will also cover a wide variety of other work carried out).

In addition to the above, we may need to process special category data that is

held by us about you. This is in accordance with the GDPR: 

  • in the course of the legitimate activities of the bodies or persons forming part of the Church of England (the data will not be processed outside those bodies or persons which form the Church of England without your consent and we will set in place appropriate safeguards for this processing);
  • where necessary for the establishment and exercise of civil claims;
  • when it is carried out on the part of a Court in a judicial capacity.

 

Religious organisations are also permitted to process information about your religious beliefs to administer membership or contact details. The data we collect may well include special category data as to your religious beliefs.

Where your information is used other than in accordance with one of these legal bases, we will first obtain your consent to that use.

 PERSONAL DATA WE COLLECT ABOUT YOU

The table below sets out the personal data we will or may collect (depending on our instructions) from you and other sources in the course of advising the Bishop or Diocesan Board of Finance: 

Personal data we will collect

Personal data we may collect

Your name, address, aliases and email address and telephone numbers.

 

Information to enable us to check and verify your identity (e.g. your date of birth or passport details).

 

Information relating to the matter about which we are handling or providing advice on.

 

 

Relevant financial details (e.g. source of funds, bank account details, payment card numbers, payment/transaction identifiers, also policy and claim numbers).

 

Your signature.

 

 

Your national insurance and tax details.

 

 

Details of your spouse/partner, dependants or other family members.

 

 

Your employment or ministerial status and details including salary or stipend and benefits if a clergy or lay person holding office within the Church.

 

Information to enable us to undertake a credit or other financial check on you.

 

Details of your pension arrangements.

Special category data may be collected where relevant to advice concerning pastoral care of clergy and parishioners, or to discipline grievance and capability issues concerning clergy and licensed lay persons or those holding office within the Church, including records relating to:

 

·      Age, date of birth;

·      Gender and sexual orientation, marital status;

·      Medical information;

·      Performance, disciplinary, conduct or grievances;

·      Trade union membership or affiliation and political beliefs (insofar as they relate to proscribed organisations).

 

Special category data as to religious or similar beliefs may also be collected where relevant to the mission of the Church including patronage or pastoral matters.

 

Special category data as to nationality and ethnic origin may be collected where relevant to licensing of clergy or as to marriage licence work.

 

Special category data may be collected as to your criminal records, fines; and judicial records where relevant to disciplinary matters.

 

All of the above personal data is, or may be required to enable us to provide our service to the bishop or the Diocesan Board of Finance, or to enable us to carry out our obligations under our retainers or to give you advice about ecclesiastical matters.

The processing of personal and special category data is governed by the Data Protection Act 2018 the General Data Protection Regulation 2016/679 and sometimes by other legislation relating to personal data and rights, such as the Human Rights Act 1998.

 HOW YOUR PERSONAL DATA IS COLLECTED

We collect most of this information from you directly. However, we may also collect information:

  • from publicly accessible sources, for example Companies House or HM Land Registry;
  • from a third party, such as:
  • sanctions screening providers;
  • credit reference agencies;
  • client due diligence providers;
  • estate agents and surveyors;
  • from the Bishop and clergy of the diocese or the wider Church of England Institutions or bodies such as Parochial Church Councils and their staff;
  • from a third party (with your consent), such as;
  • your bank or building society, other financial institution or advisor;
  • consultants and other professionals we may engage in relation to the matter;
  • your employer and/or trade union, professional body or pensions administrators;
  • your doctors, medical and occupational health professionals.
  • via our website.
  • via our IT systems, for example:
  • door entry systems and reception logs;
  • technical systems, such as computer networks and connections, CCTV and access control systems, communication systems, email and instant messaging.

 

SHARING YOUR PERSONAL DATA

Your personal data will be treated as strictly confidential. It will be shared with the Bishop or other person or body retaining us. It will only be shared with third parties (outside of the Church of England organisations) where it is necessary for the performance of our tasks. It is likely that we will need to routinely share your data with some or all of the following (but only where necessary): 

  • The appropriate bodies of the Church of England including other data controllers, such as the Dean & Chapter of Worcester Cathedral and the Church Commissioners;
  • Agents, servants and contractors of the Bishop or boards or other parties instructing us;
  • Other clergy or lay persons nominated or licensed by the Bishop of Worcester to support the mission of the Church in your parish including the Archdeacons in particular and the secular and ministry officers of the Board of Finance.
  • law enforcement agencies for the prevention and detection of crime (subject to such bodies providing us with a relevant request in writing);
  • professional advisors who we instruct on behalf of the Bishop or the Board of Finance, for example barristers, medical professionals, accountants, tax advisors or other experts;
  • other third parties where necessary;
  • credit reference agencies;
  • insurers and brokers;
  • external auditors;
  • our bank(s);
  • external service suppliers, representatives and agents that we use to make our business more efficient, for example typing services, marketing agencies or document collation.

 

We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and you. 

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

We may also need to share some personal data with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

We will not share your personal data with any third party where it is not necessary in the performance of our tasks. 

WHERE YOUR PERSONAL DATA IS HELD

Information may be held at our offices in files, or on our electronic case management systems, with third party agencies, service providers, representatives and agents as described above.

HOW LONG DO WE KEEP YOUR PERSONAL DATA? 

We will keep your data after we have we have finished advising.

We will do so for one of the following reasons:

  • to respond to any questions, complaints or claims that may arise following completion of the matter;
  • to keep records required by law or in line with the retention guidelines as set out by the Church of England Records Centre;
  • to keep records in the interests of historical archiving purposes;
  • for the operation of the mission of the church.

We will not retain your data for longer than necessary for the purposes set out in this policy. The minimum storage time limit is 7 years, however some work types have different retention periods. 

We will keep some records permanently if we are legally required to do so or if it is necessary for the operation of the mission of the church. We may keep some other records for an extended period of time for historical archiving purposes. In general, we will endeavour to keep data only for as long as we need it. This means that we may delete it when it is no longer needed. 

Some data is recorded in registers maintained by us in paper and/or electronic form (which may be open to public inspection) and which are retained permanently.

Some data kept on a permanent basis is deposited with the Bishop or in the Worcester Records Office located at The Hive.

For more information on how long your data may be stored, please contact the Diocesan Registrar.

YOUR RIGHTS AND YOUR PERSONAL DATA

You have the following rights, which you can exercise free of charge:

Access

The right to be provided with a copy of your personal data.

Rectification

The right to require us to correct any mistakes in your personal data.

To be forgotten

The right to require us to delete your personal data – in certain situations.

Restriction of processing

The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party – in certain situations.

To object

The right to object:-

·      at any time to your personal data being processed for direct marketing (including profiling);

·      in certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests.

Not to be subject to automated individual decision-making

The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.

 

For further information on each of those rights, including the circumstances in which they apply, please contact us or see the guidance provided by the UK Information Commissioner’s Office: 

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

If you would like to exercise any of these rights, please email, call or write to our Data Protection Manager.

When exercising any of the rights listed above, in order to process your request, we will need to verify your identity for your security. In such cases we will need you to:

  • provide us with enough information to identify you (e.g. full name, address and reference number);
  • let us have proof of your identity and address (a copy of your diving licence or passport and a recent utility or credit card bill); and 
  • let us know what right you want to exercise and the information to which your request relates.

 TRANSFER OF DATA ABROAD

To deliver services to you, it is sometimes necessary for us to share your personal data outside the European Economic Area (EEA), e.g.:-

  • with your service providers located outside the EEA;
  • if you are based outside the EEA;
  • where there is an international dimension to the matter in which we are advising.

 These transfers are subject to special rules under European and UK data protection law.

FURTHER PROCESSING

If we wish to use your personal data for a new purpose, not covered by this Notice then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

KEEPING YOUR PERSONAL DATA SECURE

We have appropriate security measures to prevent personal data from being accidently lost, or used, or accessed unlawfully. We will limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. 

We also have procedures in place to deal with any suspected data security breach.

We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

If you would like detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

HOW TO COMPLAIN

 We hope that we can resolve any query or concern you may raise about our use of your information. 

The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws may have occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone 0303 123 1113.

HOW TO CONTACT US

If you have any questions about this privacy policy or the information we hold about you, our contact details are shown below:

Our contact details

Our Data Protection Manager

SME Solicitors

8 Sansome Walk

Worcester

WR1 1LW

 

info@smesolicitors.co.uk

01905 723561

Guy Salter

 

guy.salter@smesolicitors.co.uk

 

 

 Changes to this privacy policy

This privacy policy was published on 3 January 2019. 

We may change this privacy policy from time to time.

X

Who would you like to see?

Request