Privacy Notice

This Privacy Notice is relevant for anyone sharing their personal data directly or indirectly with The Church of Scotland ("The Church", "we" or "us") when visiting our websites or using our services. The Church of Scotland is a charity registered in the UK and as such, we adhere to the General Data Protection Regulation - Regulation (EU) 2016/679 , the Data Protection Act 2018 and the Privacy & Electronic Communications Regulations (PECR) 2003.

Our address is 121 George Street, Edinburgh EH2 4YN. With regard to data protection matters, we are happy to receive your questions or concerns by email privacy@churchofscotland.org.uk. In this Privacy Statement, we explain what types of personal data we process and for what purposes. We also explain the choices you have in relation to our processing and how you can learn more about our processing and exercise your rights.

Scope of this Privacy Notice

Please note that this Privacy Notice concerns the processing of personal data for which The Church is the data controller, i.e. where The Church has decided the purposes and means of the processing. For the avoidance of doubt, this Privacy Notice does not concern any processing of personal data that The Church may conduct as a data processor on behalf of another Data Controller.

Personal Data Processed

When you share your personal data on this website or through any personal data collection form associated with this website, you are giving your Personal Data to the Church of Scotland as the Data Controller.

Personal data refers to data that relates to you. We process the following types of personal data related to you:

  • Identity details such as your name.
  • Contact details such as e-mail address and phone number.
  • Information generated as a result of your use of our services. Such information may include IP address, device and browser type and also information about how you interact with our services.
  • Plus other information we receive from you through your contact with us.

Purposes of Processing

We process personal data for the following purposes:

  • To provide our services in accordance with relevant terms and conditions.
  • Administration of the business relationship with you.
  • To develop and improve our services.
  • To provide you with information about our services.
  • Marketing and promotion of our services and activities.

Data Protection Principles

Your personal data shall be collected and processed:

  • Lawfully, fairly and in a transparent manner.
  • Collected for specified, explicit and legitimate purposes and not processed in a manner that is incompatible with those purposes.
  • Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  • Accurate and kept up to date.
  • Kept in a form which permits identification of data subjects for no longer than is necessary.
  • In a manner that ensures appropriate security of the personal data.

Data Sharing

We share personal data with third parties who process your personal data on our behalf for the purposes explained above.
For the avoidance of doubt, we will not share personal data with third parties in a manner that enables such third parties to use personal data for direct marketing purposes in relation to you as a private individual.

When we transfer personal data to a country outside the UK and EEA we will in such cases obtain your consent first, or ensure the transfer is legal and safe by taking other measures. For example using the EU/US Privacy Shield to protect transfer to data processors the USA or by using Standard Contractual Clauses to govern the transfer and processing of personal data involved.