The Iona Community (“the Community”) takes the security and accuracy of personal data seriously. It complies with its obligations under the UK General Data Protection Regulation (GDPR) by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. This Policy Statement refers to such data held by the Community on Members of the Iona Community.
Personal Data Held and Processed
Personal data in the following categories is held and processed:
- Membership Records
- Information as supplied to the Leader(s) of the Community as part of the New Members’ Programme and/or the annual “With Us” process. Contact details as provided by the most recent of such processes or as notified by the Member to the Leader of the Community or to the Office (address above).
- Financial Information
- Details of Bank Account(s); payments and pledges received or made; Gift Aid declarations and records.
- Contact Preferences
- Acceptable and preferred method of communication from the Community (mail, telephone, text, email) as notified to the Office.
- General Information
- Membership of working groups or committees; attendance at events; information on specific areas of interest or expertise relevant to the Objects of the Community.
The legal basis for processing personal data is the legitimate interest of the Community to administer its membership records, to maintain its financial records (including the processing of Gift Aid); to provide news and information about the Community, events and activities; to fundraise; to promote the interests of the Community; and to manage volunteers.
Contact preferences are processed by consent of the Member.
Sharing Personal Data
Personal data will be treated as strictly confidential and will only be shared with other Members, Associates and Friends of the Community for purposes connected with the Community and with employees of the Community as necessary for them to carry out their duties.
Contact information only will be shared with authorised representatives of the Community. With the consent of the Member, contact information will be published in the Community’s Year Book and restricted areas of the Community’s websites.
Other data will only be shared with third parties with the explicit consent of the Member.
Questions About the Data and Its Use
If a Member has questions about their data, and what the Community does with it, they should contact the Leader of the Community at the above address.
Rights of the Member.
A Member has a number of rights under GDPR:
(a) Right to know what data is held
A Member has a right to know what personal data is held about them.
(b) Right to request a copy of the data the Community holds
A Member can ask for a copy of the data the Community holds about them. This is called a “subject access request”.
If a Member makes a “subject access request”, the Community will give the Member a copy of the data the Community holds about them.
The Community will do this within one month. The Community will normally give the Member the data in a computer file.
(c) Right to object
A Member can object if the Member thinks the Community is using the data in the wrong way. A Member can also object if that Member thinks the Community does not have “lawful grounds” for using the data.
The Community will give a Member a statement explaining why the Community uses the data and explaining the “lawful grounds”.
If a Member is still not happy, that Member can complain to the Information Commissioner’s Office (https://ico.org.uk/make-a-complaint/)
If the Community is using the data in the wrong way, the Community will stop immediately and stop it happening again.
(d) Right to have data corrected
If a Member thinks that there is a mistake in their data, the Community should be told. The Member has a right to have it corrected.
The Community may need to check what is the correct data but will put right any mistakes as soon as possible.
(e) Right to be forgotten
The Community will remove data immediately on request of a Member or their legal representative.
Otherwise, data will be removed two years after the last contact with the Member. This does not apply to Gift Aid declarations and records which the Community is legally obliged to retain for six years after the calendar year to which it relates. Other financial information may be held for up to six years.
The fact of Membership of the Community by an individual, details of any Offices or positions held and of major contributions to the life and work of the Community are a matter of historical and public interest and such data will be retained by the Community indefinitely as a legitimate interest of the Community.
If anything happened to data that could be a risk to a Member, the Community will do its best to inform
Data Controller: The Executive Director of the Iona Community.
Nominated Director: Rev Dr R J Reid