Church of Scotland Faith Action – Diaconate Councilis the Data Controller. We have an appointed Data Protection Officer (DPO), Alice Wilson, who can be contacted by emailing: Privacy@churchofscotland.org.uk

For Deacons of the Church of Scotland to meet in "Council for learning and fellowship as set out in the relevant Acts of Assembly". Council is held and the Deacons of the Church of Scotland will engage in worship, fellowships, discipleship and learning and a business session.

We are collecting personal information from Diaconate colleagues, to communicate with each other, arrange meetings, support each other through prayer and messages of support and celebrate birthdays and anniversaries. This will be done through email, newsletters and telephone calls.

The Diaconate Council meets twice a year and the meetings will either be online or in-person. For further information in relation to the Diaconate Council please see link The Diaconate | The Church of Scotland

We will be collecting information on Diaconate colleagues: names, addresses, email addresses, presbytery affiliated to, telephone number and date of birth. We also collect whether you are a student, active deacon or inactive deacon and also if you operate outside the Church of Scotland.

As this is in relation to the operation of the Diaconate Council, by implication religious beliefs are processed and therefore special category data is processed.

The initial data collection of the Diaconate data is directly from the individual and through the Church Yearbook. In relation to the organisation of meetings, an email will be sent to Diaconate colleagues asking them to contact the Administrator to confirm if they will be joining the event.

The lawful basis for processing the personal data is UK GDPR Article 6(1)(e) "processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller." The Church of Scotland Act 1921 provides for the official authority vested in the Diaconate of the Church of Scotland as data controller.

For the processing of special category data (sensitive personal data) the lawful basis is UK GDPR Article 9(2)(d) "processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects".

Sanctus Media are used as a processor to run the any of the meeting events online. There is an appropriate contract in place with Sanctus and they only process personal data on the instructions of the Church. Sanctus Media host the event on behalf of the Diaconate for their Diaconate Council online meetings. They will provide link to the individual to join the Diaconate Council on the day. Sanctus Media will record the Diaconate Council meeting during the event. The recording will be made available to all Diaconate colleagues.

When the event is held in person Sanctus Media will not be involved. Any recordings and minutes will be completed by the administrators of the event and the Diaconate President.

The Diaconate Council contact details will be shared with the Administrators of the event the Diaconate President, Diaconate Secretary and the members of the Diaconate Council.

We will hold this information for ten years following the end of an individual's role in the Council. Following that period of time, the data will be destroyed securely following Church procedures.

Under data protection laws individuals have a number of rights. These are detailed on the Church of Scotland website privacy centre here. Not all rights apply and it depends on the lawful basis as to what rights apply. For this purpose, the lawful basis is public task. This means that all of the rights apply except for the right to erasure and the right to data portability. If you wish to exercise any of your rights, please email the DPO at Privacy@churchofscotland.org.uk