Privacy Policy

_{During the harshest generations of English rule, Penal laws forbade Catholic worship and hunted Catholic priests. Nevertheless, Irish faithful continued to gather and celebrate mass in secret, setting up simple stone altars, like this one, on cliffs and deep in the remaining forests.
^{Clashganny Mass Rock, CC License by A.-K. D.}}

PRIVACY POLICY AND NOTICE

Saint Patrick Orthodox Mission Church is committed to protecting all information that we handle about people we support and work with, and to respecting people’s rights around how their information is handled. This policy explains our responsibilities and how we will meet them.

Section A – Policy Statement: What this policy is for

Saint Patrick Orthodox Church Company Limited by Guarantee (the “Church”) is committed to protecting personal data and respecting the rights of our data subjects, who are the people whose personal data we collect and use. We value the personal information entrusted to us and we respect that trust, by complying with all relevant laws, and adopting good practice.  We are committed to abiding by applicable privacy laws and regulations in the control and processing of personal data.

I. We process personal data to help us:

1. maintain our list of church members and from time to time those in attendance;
2. provide pastoral support for members and others connected with our Church;
3. provide services to the community;
4. safeguard children, young people and adults at risk;
5. recruit, support and manage staff and volunteers;
6. maintain our accounts and records;
7. promote our services;
8. respond effectively to enquirers and handle any complaints.

This notice has been approved by the Church’s charity trustees who are responsible for ensuring that we comply with all our legal obligations. It sets out the legal rules that apply whenever we obtain, store or use personal data.

II. How our data protection policy applies to you & what you need to know

1. We will handle all personal information of our members and those who provide us with protected information in line with this policy.
2. Our procedures will be in line with the requirements of this policy, but if you are unsure about whether anything you plan to do, or are currently doing, might breach this policy you must first speak to one of our Trustees.

Section B – Our data protection responsibilities

III. What personal information do we process?

1. In the course of our work, we may collect and process information (personal data) about many different people (data subjects). This includes data we receive straight from the person it is about, for example, where they complete forms or contact us or use our website. 
2. We process personal data in both electronic and paper form and all this data is protected under data protection law. The personal data we process can include information such as names and contact details, education or employment details, date of birth, bank information and visual images.
3. How can we legally use personal data? We may process your data if:
   • the processing is necessary for a contract with the data subject;
   • the processing is necessary for us to comply with a legal obligation;
   • the processing is necessary to protect someone’s life (this is called “vital interests”);
   • the processing is necessary for us to perform a task in the public interest, and the task has a clear basis in law;
   • the processing is necessary for legitimate interests pursued by the Church or another organisation, unless these are overridden by the interests, rights and freedoms of the data subject.
4. If none of the other legal conditions apply, the processing will only be lawful if the data subject has given their clear consent.

IV. Keeping data and destroying it

1. We will not keep personal data longer than is necessary for the purposes that it was collected for. We will comply with official guidance issued to our sector about retention periods for specific records.

Section C – Working with people we process data about (data subjects)

V. Direct marketing

1. We will comply with the rules and any laws which may amend or replace the regulations around direct marketing.
2. Any direct marketing material that we send will identify Saint Patrick Orthodox Church Company Limited by Guarantee as the sender and will describe how people can object to receiving similar communications in the future. If a data subject exercises their right to object to direct marketing we will stop the direct marketing as soon as possible.

Section D – working with other organisations & transferring data

VI. Sharing information

1. We will only share personal data with other organisations or people when we have a legal basis to do so and if we have informed the data subject about the possibility of the data being shared (in a privacy notice), unless legal exemptions apply to informing data subjects about the sharing.
2. We are required to share your data with third parties where we have a legal obligation to do so. We may also share information with our partner organisations with whom we have a Data Sharing Agreement, or as set out in our Privacy Notice. The persons/organisations we may share your special category and criminal offence data with are:
   • Our charity trustees, bishops, employees, contractors and volunteers on a need-to-know basis;
   • Service providers such as the website or social media platforms, legal and tax accountants, payment processors, employees and volunteers working for us or the dioceses.
   • Our church dioceses and other appointing or employing bodies as appropriate.
   • The Police and Social Services, Local Authority Designated Officers and other statutory agencies.
   • Before sharing information with any of the above persons or organisations, careful consideration is given to the rights and freedoms of the data subject against what is needed to be shared to achieve our overarching goal of safeguarding children, young people and adults at risk from harm within Saint Patrick Orthodox Church and to support and promote exemplary ministry. Special category and criminal offence data is only disclosed where it is reasonably necessary to do so and a record and full details of any disclosure to third parties is kept [please describe how and where the special category data or criminal offence data is securely held].

VII. Transferring personal data outside Ireland and the UK

1. The Church’s ruling dioceses is located in the United Kingdom.  All data and information collected by the Church is subject to the review of the ruling bishops. Personal data may be transferred outside of Ireland to the United Kingdom for processing by the ruling diocese.  The diocese may use the personal data only to fulfil a legitimate interest.

Section E – Managing change & risks

VIII. Dealing with data protection breaches

1. Where staff or volunteers, or contractors working for us, think that this policy has not been followed, or data might have been breached or lost, this will be reported immediately to our Trustees.
2. We will keep records of personal data breaches.
3. We will report to the competent authority all data breaches that are likely to result in a material risk to any person.
4. In situations where a personal data breach causes a high risk to any person, we will inform data subjects whose information is affected, without undue delay.  

Schedule 1 – Definitions and useful terms

The following terms are used throughout this policy. Their legal meaning as set out within the EU General Data Protection Regulation:

Data controller means any person, company, authority or other body who (or which) determines the means for processing personal data and the purposes for which it is processed. It does not matter if the decisions are made alone or jointly with others.

 The data controller is responsible for the personal data which is processed and the way in which it is processed. We are the data controller of data which we process.

Data processors include any individuals or organisations, which process personal data on our behalf and on our instructions e.g. an external organisation which provides secure waste disposal for us. This definition will include the data processors’ own staff (note that staff of data processors may also be data subjects).

Data subjects include all living individuals who we hold or otherwise process personal data about. A data subject does not need to be an Irish national or resident. All data subjects have legal rights in relation to their personal information. Data subjects that we are likely to hold personal data about include:

1. the people we care for and support;
2. our employees (and former employees);
3. consultants/individuals who are our contractors or employees working for them;
4. volunteers;
5. tenants;
6. trustees;
7. complainants;
8. supporters;
9. enquirers;
10. friends and family;
11. advisers and representatives of other organisations.

Personal data means any information relating to a natural person (living person) who is either identified or is identifiable. A natural person must be an individual and cannot be a company or a public body. Representatives of companies or public bodies would, however, be natural persons.

Personal data is limited to information about living individuals and does not cover deceased people. Personal data can be factual (for example, a name, address or date of birth). Or it can be an opinion about that person, their actions and behaviour.

Privacy notice means the information given to data subjects which explains how we process their data and for what purposes.

Processing is very widely defined and includes any activity that involves the data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing can also include transferring personal data to third parties, listening to a recorded message (e.g. on voicemail) or viewing personal data on a screen or in a paper document which forms part of a structured filing system. Viewing of clear, moving or stills images of living individuals is also a processing activity.