The Iona Community (“the Community”) takes the security and accuracy of personal data seriously. It complies with its obligations under the UK General Data Protection Regulation by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. This Policy Statement refers to such data held by the Community on Associate Members, Friends of the Community and those who choose to identify themselves as Supporters.
Personal Data Held and Processed
Personal data on Associates and Friends in the following categories is held and processed:
- Membership Records
- Contact information as supplied on the relevant application form or as updated by the individual.
- Financial Information
- Details of Bank Accounts; payments received or made; Gift Aid declarations and records.
- Contact Preferences
- Acceptable and preferred method of communication from the Community (mail, telephone, email).
- General Information
Membership of working groups or committees; attendance at events
Personal data on Supporters is limited to contact information only
The legal basis for processing personal data is the legitimate interest of the Community to administer its membership records, to maintain its financial records (including the processing of Gift Aid); to provide news and information about the Community, events and activities; to fundraise; to promote
the interests of the Community; and to manage volunteers.
Contact preferences are processed by consent of the individual.
Sharing Personal Data
Personal data will be treated as strictly confidential and will only be shared with other Members, Associates and Friends of the Community for purposes connected with the Community and with employees of the Community as necessary for them to carry out their duties.
Contact information only will be shared with authorised representatives of the Community including Associate Advisory Group (AAG) Representatives. In the case of messages circulated by email, representatives will where possible use the mail service operated by the Community administrative office to send them out.
With consent of the individual, contact information will be published in the Community’s Year Book. Data will only be shared with third parties with the explicit consent of the individual.
Questions about the data and its use.
If an individual has questions about their data, and what the Community does with it, they should contact the Leader of the Community at the above address.
Rights of the individual.
An individual has a number of rights under Data Protection legislation:
(a) Right to know what data is held
An individual has a right to know what personal data is held about them.
(b) Right to request a copy of the data the Community holds
An individual can ask for a copy of the data the Community holds about them. This is called a “subject access request”.
If an individual makes a “subject access request”, the Community will give an individual a copy of the data the Community holds about them.
The Community will do this within one month. The Community will normally give an individual the data in a computer file.
(c) Right to object
An individual can object if the individual thinks the Community is using the data in the wrong way.
An individual can also object if that individual thinks the Community does not have “lawful grounds” for using the data.
The Community will give an individual a statement explaining why the Community uses the data and explaining the “lawful grounds”.
If an individual is still not happy, that individual can complain to the Information Commissioner’s Office (https://ico.org.uk/make-a-complaint/)
If the Community is using the data in the wrong way, the Community will stop immediately and stop it happening again.
(d) Right to have data corrected
If an individual thinks that there is a mistake in their data, the Community should be told. An individual has a right to have it corrected.
The Community may need to check what is the correct data but will put right any mistakes as soon as possible.
(e) Right to be forgotten
The Community will remove data immediately on request of the individual or their legal representative. Otherwise, data will be removed 2 years after the last contact with the individual. This does not apply to Gift Aid declarations and records which the Community is legally obliged to retain for six years after the calendar year to which it relates.
If anything happened to data that could be a risk to an individual, the Community will do its best to
inform those concerned.
Data Controller: The Business Director of the Iona Community.
Nominated Director: Rev Dr R J Reid