Privacy Notice Minister Recruitment, training and onward development
Church of Scotland Ministries is providing you with this information to comply with data protection law and to ensure that you are fully informed and we are transparent in how we collect and use your personal data.
Who is collecting the information?
Church of Scotland Ministries is the Data Controller. We have an appointed Data Protection Officer (DPO), Alice Wilson, who can be contacted by emailing: Privacy@churchofscotland.org.uk
Why are we collecting it and what are we doing with it (Purpose)?
We collect the data initially for recruiting Ministers and subsequent training and development. We need to build as clear a picture of you as we can in order to both assess your suitability for the recognised ministries and, if you are successful at assessment conference, to determine training requirements for you.
What personal data do we collect?
The information we collect about you includes name, address, telephone number, mobile number, email address, relationship status, type of ministry (if applicable),date of birth, church experience, including congregation and presbytery details, personal statement, whether you are a UK or European Area National or if you are an asylum seeker details of education, qualifications, past employment, community and leisure interests. Reports from discernment and assessment are collected along with health data. Any relevant training information will also be collected.
There is also the equality monitoring form which collects racial/ethnic origin, religious beliefs, health, including any disabilities etc. This is separated from the main application form and is used to measure compliance with the Equality Act 2010.
If successful the applicant will also need to complete a Protection of Vulnerable Group (PVG) form to get a Scheme Record certificate to ensure they do not pose a risk to vulnerable adults or children.
How are we collecting this information? What is the source?
Applicants will complete the Ministries Recruitment Form. There will also be data collection using Medigold for all applicants. We use ProfileMatch and Healthlink 360 (Occupational Health Assessment providers) for the Discernment process which assesses competencies to ensure applicants meet the requirements necessary to become a Minister/Office Bearer(s) of the Church of Scotland.
The lawful basis for the processing
Under data protection the lawful basis for the recruitment and training of Ministers and Office Bearers is UK GDPR Article 6(1)(b) "processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract." For the processing of special category data, e.g. religious beliefs, health data, data collected in the equality monitoring form, the lawful basis for processing is UK GDPR Article 9(2)(d) "processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects."
Who we share the information with:
We use a number of third parties in the recruitment process. This includes Medigold, Healthlink 360 (Occupational Health Providers) and ProfileMatch. ProfileMatch is a psychometric test, applicants complete this online and we receive a report which is distributed to a mentor, Presbytery assessors, the applicant and National Assessors. Medigold is an occupational health advisor, which is completed online by the applicant. We receive a statement as to whether the Occupational Health check is satisfactory and Healthlink 360 (HL360) complete a psychological assessment. HL360 generate a report from interview by the applicant which is shared with us. ProfileMatch is used to assist in determining suitability for ministry. Their results are only a part of the assessment process. These three organisations have agreements in place with the Church in relation to this processing purpose.
As referenced earlier, if you are successful in the admissions process you will be required to complete a PVG application to Disclosure Scotland. Disclosure Scotland will share minimal data with us to confirm you are clear to work with children and vulnerable adults.
During the recruitment assessments and admissions processes the Church of Scotland will share information internally to enable us to communicate with you for administration purposes connected with the discernment process, training, continuing ministerial development (CMD), church business and other related matters. We use Microsoft Office 365 and specifically SharePoint to share data involving any international applicants. Microsoft are therefore processors and there is an appropriate contract in place. There is appropriate safeguards in place to ensure only minimal data is shared as necessary for the purpose.
If successful in your application you will then move onto the training and onward development process within the Church. The Church of Scotland Learning platform is hosted by Circle Co Inc. This is a US based company and is a processor of Church personal data. As a processor it will only process your data on the Church's explicit instructions. There is appropriate contractual documentation in place.
Your membership details will not be shared with any other part of the Church of Scotland. The site administrators of the platform will be the only staff within the Church who can view membership details.
Details of data transfers to any third countries or international organisations
Individuals who are located outside of the UK often apply to be a Minister or Office Bearer by the Admissions process. This means that there would be international data transfers between the applicant and Church. The Church would also have contact with the applicants' employers and carry out police checks also. This would be carried out with appropriate safeguards in place to ensure the personal data is protected accordingly. Where international applications are involved any data transferred is done so securely where personal data is involved. We use SharePoint when we are sharing personal data, this ensures that appropriate controls are in place and only the individuals authorised to access the data can.
For the Church Learning Platform we use Circle Co Inc. They and some of their sub-processors are based in the United States of America. Therefore, there are data transfers which occur outside the UK to a third country. There are appropriate safeguards in place including the contractual requirements for international data transfers, there is also appropriate security measures in place to protect the data when it is transferred to Circle and its sub-processors.
How long do we hold the personal data?
The retention of data differs for different applicants and what stage of the process they are going through. If an applicant is unsuccessful at Profilematch or HealthLink 360 only the individuals name is held. Due to the fact that applicants can apply up to 3 times we hold this data for 60 years. Following this period of time the data will be destroyed securely following church procedures.
For Admissions data, if the applicant is unsuccessful at pre-assessment the data is fully destroyed following Church procedures. If unsuccessful at local review, the applicant's name is retained for 60 years and is then destroyed following church procedures. For Admissions, if unsuccessful at online Admissions Conference the applicant's name, and details of the conference they attended are retained on our Recruitment (Towards Ministry) database for 60 years and is then destroyed securely following church procedures.
If unsuccessful at Assessment / Admissions conference the name and details of conference are retained for 60 years and are then destroyed securely following church procedures.
If an applicant's health check is unsatisfactory the name is retained for 60 years and then destroyed securely following church procedures.
If the applicant's PVG/Safeguarding check is unsatisfactory, the applicant's name and conference details will be retained for 60 years and is then destroyed following church procedures.
If applicants withdraw voluntarily from the process prior to any assessment, then their data is not retained. However, if an applicant withdraws voluntarily after an assessment point then the individual's name is retained for 60 years and is then destroyed securely following church procedures.
If unsuccessful at the final appraisal in training, Admissions, the name is retained and in exceptional circumstances, Assessment and Training records retained for 5 years and is then destroyed securely following church procedures.
If the applicant is successful at all of these stages and gain full status in one of our recognised ministries: Admissions, Assessment and Training records are retained for 5 years prior to secure destruction following Church procedures.
Do we use automated decision making processes, including profiling?
The Church does not process data in this way
Individuals' rights in relation to this processing
Individuals have a number of rights under data protection laws. These are detailed here. Not all rights are absolute and some only apply in relation to the lawful basis for processing the data. For this purpose, the only right that does not apply is the Right to Object. All other rights apply. If you want to exercise any of your rights please contact the DPO at Privacy@churchofscotland.org.uk