Last updated: 26.09.2020
Recording visitor details: how we use your information
To support NHS Test and Trace (which is part of the Department for Health and Social Care) in England, we have been mandated by law to collect and keep a limited record of staff and visitors who come onto our premises for the purpose of contact tracing.
By maintaining records of staff and visitors, and sharing these with NHS Test and Trace where requested, we can help to identify people who may have been exposed to the coronavirus.
As a visitor at the Church or Church Hall, you will be asked to provide some basic information and contact details. The following information will be collected:
This Privacy Notice is provided to you by the Parochial Church Council (PCC) of St Thomas à Becket, Framfield, which is the data controller for your data.
The Church of England is made up of a number of different organisations and office-holders who work together to deliver the Church's mission in each community. The PCC works together with:
As the Church is made up of all of these persons and organisations working together, we may need to share personal data we hold with them so that they can carry out their responsibilities to the Church and our community. The organisations referred to above are joint data controllers. This means we are all responsible to you for how we process your data.
Each of the data controllers have their own tasks within the Church and a description of what data is processed and for what purpose is set out in this Privacy Notice. This Privacy Notice is sent to you by the PCC on our own behalf and on behalf of each of these data controllers. In the rest of this Privacy Notice, we use the word "we" to refer to each data controller, as appropriate.
The PCC as the data controllers for the collection of your personal data, will be responsible for compliance with data protection legislation for the period of time it holds the information. When that information is requested by the NHS Test and Trace service, the service would at this point be responsible for compliance with data protection legislation for that period of time.
The NHS Test and Trace service as part of safeguarding your personal data, has in place technical, organisational and administrative security measures to protect your personal information that it receives from the church, that it holds from loss, misuse, and unauthorised access, disclosure, alteration and destruction.
In addition, if you only interact with one member of staff during your visit, the name of the assigned staff member will be recorded alongside your information.
NHS Test and Trace have asked us to retain this information for 21 days from the date of your visit, to enable contact tracing to be carried out by NHS Test and Trace during that period. We will only share information with NHS Test and Trace if it is specifically requested by them.
For example, if another visitor reported symptoms and subsequently tested positive, NHS Test and Trace can request the log of visitor details for a particular time period (for example, this may be all who visited on a particular day or time-band, or over a 2-day period).
2.2 Under government guidance, the information we collect may include information which we would not ordinarily collect from you and which we therefore collect only for the purpose of contact tracing. Information of this type will not be used for other purposes, and NHS Test and Trace will not disclose this information to any third party unless required to do so by law (for example, as a result of receiving a court order). In addition, where the information is only collected for the purpose of contact tracing, it will be destroyed by us 21 days after the date of your visit.
However, the government guidance may also cover information that we would usually collect and hold onto as part of our ordinary dealings with you (perhaps, for example, your name and phone number). Where this is the case, this information only will continue to be held after 21 days and we will use it as we usually would, unless and until you tell us not to.
2.3 Your information will always be stored and used in compliance with the relevant data protection legislation. The use of your information is covered by the General Data Protection Regulations Article 6 (1) (c) – a legal obligation to which we as a venue/establishment are subject to. The legal obligation to which we’re subject, means that we’re mandated by law, by a set of new regulations from the government, to co-operate with the NHS Test and Trace service, in order to help maintain a safe worshiping environment and to help fight any local outbreak of corona virus.
The church does not transfer personal data outside the UK, the EU or to anywhere else.
By law, you have a number of rights as a data subject, such as the right to be informed, the right to access information held about you and the right to rectification of any inaccurate data that we hold about you.
You have the right to request that we erase personal data about you that we hold (although this is not an absolute right).
You have the right to request that we restrict processing of personal data about you that we hold in certain circumstances.
You have the right to object to processing of personal data about you on grounds relating to your particular situation (also again this right is not absolute).
The Data Protection Act 2018 controls how your personal information is used by organisations, businesses or the government. It is the UK’s implementation of the General Data Protection Regulation (GDPR).
Please contact us if you have any questions about this Privacy Notice or the information we hold about you, or to exercise all relevant rights, or make queries or complaints at:
The Data Controller, Framfield PCC, Church Office, Vicarage Barn, Framfield, East Sussex TN22 5NH
29th August 2020
You can contact the Information Commissioners Office on 0303 123 1113 or via email or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
You can download a copy of this notice as a PDF