Church of Scotland Faith Action is the Data Controller.

We are collecting this for the purpose of keeping our Central Information Systems (CIS) database database up to date with accurate up to date contact details. These purposes include administration purposes, church business purposes and other related matters.

Name, address, date of birth, gender, martial status, email address & phone number. We also ask for the detail of what position they hold: e.g. Session Clerk, Congregational Treasurer, Retired Minister etc. It also records the detail in relation to Congregation or Presbytery.

We are collecting this by sending out the CIS Data Protection Form.

The lawful basis for this purpose is UK GDPR 6(1)(b) "processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract" and for further sharing of data the lawful basis is UK GDPR Article 6(1)(a) "the data subject has given consent to the processing of his or her personal data for one or more specific purposes"

The Church Information System (CIS) is an in-house database so no processors are involved. The Data Protection Consent Form includes a statement for sharing data wider with other Christian organisations. If the Church does share this data, it is only done if the individual has consented and the data shared is carried out securely with appropriate documentation in place.

The data is held for the length of membership to the Church. Following on from that the data is held for an additional 5 years before being destroyed securely following Church procedures.

Individuals have a number of rights under data protection laws. These are detailed on our website here. As the lawful basis for this processing is consent, all of the rights apply except for the Right to Object. If you want to exercise any of your rights, please email privacy@churchofscotland.org.uk