The General Data Protection Regulation (GDPR) came into force in May 2018. The Friends of St Conan’s Kirk have a data protection officer who ensures that any personal data collected in the course of membership, donor and event activities is handled within the confines of the regulations. An audit of the process takes place annually.
Data protection principles
Personal data must be:
• Processed lawfully, fairly and transparently
• Collected for specified, explicit and legitimate purposes
• Adequate, relevant and limited to what is necessary
• Accurate and kept up to date
• Kept no longer that necessary
• Processed with appropriate security
Information we hold
The data collected and held will be in the form of a private membership list. It will include:
• Contact number (optional)
• Email address
This information is required so that the Friends of St Conan’s Kirk can communicate with members regarding membership dues, sending newsletters plus additional news and reminders of special events.
Your rights under GDPR
As a data subject, you have a number of statutory rights. Subject to certain conditions, and in certain circumstances, you have:
• The right to be informed about the processing of your personal data
• The right of access to the personal data held about you
• The right of rectification of inaccurate or incomplete personal data
• The right of erasure or ‘right to be forgotten’, so that personal data are erased when they are no longer needed
• The right to restrict processing of your personal data in specific cases
• The right to data portability, to receive your personal data in a machine-readable format and send it to another controller
• The right to object
• Rights in relation to automated decision-making and profiling
We use Mailchimp to send emails. Unsubscribe functionality is available.
We do not take or hold any payment data. Any payment to the Trustees or Friends of St Conan’s should be made in line with our payment guidelines using: direct debit, BACS payments, by cheque, through the GoCardless payment platform or through other sites when advised for donations made for specific fund-raising activities.
GDPR compliance for external payment methods can be found on the individual company websites.
Data Protection Officer: