St. Luke’s GDPR Statement and Data Privacy Policy

St. Luke’s Fontainebleau, GDPR Statement

The General Data Protection Regulation came into force on May 25th 2018. This EU wide regulation was implemented to enhance the protection of personal data.

By completing this enrolment form for St Luke’s Sunday School, you accept that your personal data may be added to the general St. Luke’s mailing list for information purposes only.

Should you wish to access, rectify, delete or restrict the use of the data held, please contact the Data Protection Officer via our website.

St. Luke’s Data Protection Officer contact: [email protected]

DATA PRIVACY POLICY

St. Luke’s Church Fontainebleau (St. Luke’s), formerly Eglise Anglicane de Fontainebleau (created as an association in 1992), became an independant chaplaincy in 2011, is also known as Anglican Church of St. Luke Fontainebleau. St. Luke’s, (we, our, us) is a not for profit organisation under French 1901 Law and operates in the Fontainebleau region.

St. Luke’s relies on personal data supplied by members so that it can provide services for its members who are interested in the activities of the parish and its various groups, all in accordance with the doctrine of the Church of England, Diocese in Europe.

As an organisation, we undertake to meet the requirements of the General Data Protection Regulation (GDPR) (EU) 2016/6791 and all other relevant legislation.

All members and prospective members of St. Luke’s should be aware of the data privacy policy set out below.

Data collected by St. Luke’s

In order to be able to offer information relating to all the pastoral and social events to our members and to provide them with copies of the Church Directory, St. Luke’s needs to collect and retain information provided in the Welcome Form, the Sunday School enrolment form and the Membership application form respectively. Such information, hereafter called the Membership data, will include, but is not limited to, name, child’s name and date of birth, address, telephone number(s) and email address.

When collating the information provided via the various forms (and in particular the Sunday School enrolment form), St. Luke’s may also collect personal data such as dietary requirements and emergency contact details and, where appropriate, special category personal data relating to health issues.

Our legal ground for processing personal data for the purposes of communicating with our wide membership is St. Luke’s legitimate interest in providing information relating to the activities of the parish and its various groups, all in accordance with the doctrine of the Church of England, Diocese in Europe.

When collecting data linked to donations to charitable organisations, we store the related personal data, including addresses in order to be able to provide the relevant tax receipts. Our legal ground for processing any financial data is consent.

Our legal ground for processing any health related personal data for participants at our social functions is consent.

Our legal ground for publishing the Electoral Roll is consent.

How the data is stored

St. Luke’s is committed to ensuring that the Membership data is held securely. In order to prevent unauthorised access or disclosure, we have in place suitable procedures to safeguard and secure the information collected.

Data breaches

In the unlikely event of a breach of any personal data, St. Luke’s will, if there is a high risk of individual(s) being adversely affected, notify the relevant individual(s) as soon as reasonably possible.

Sharing data

St. Luke’s website is hosted by WordPress.com which is owned by a company called Automatic with headquarters in San Francisco, USA. Our email service provider is Google Mail, based in Mountain View, California, USA.

We have agreements in place with these organisations which mean they can only handle personal data in accordance with our written instructions. These organisations cannot use your personal data for any other purposes (unless required by law).

St. Luke’s does not sell or share personal data with any third party for their own marketing or research purposes.

Third party websites

The St. Luke’s Fontainebleau website contains links to other websites of interest. However, once you have used these links to leave the St. Luke’s Fontainebleau website, we have no control over that/those other website(s) and cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites.

You should look at the data privacy statement applicable to the website in question.

Data retention

St. Luke’s holds personal data in respect of members, lapsed members and for general contacts. The retention of personal data for these four categories is as follows:

– Members

For current members of St. Luke’s any personal data will be retained until such time as they cease to be a member.

– Lapsed members

St. Luke’s will retain the personal data of lapsed members for a period of three (3) years from the date that membership lapsed. This will allow sufficient time to reinstate the membership of a lapsed member who wishes to return as a member. After three (3) years personal data of lapsed members will be removed from the Membership List and any paper documentation securely destroyed.

– Other Internal mailing lists

Any and all personal data relating to people who are not members or lapsed members of St. Luke’s but who nevertheless wish to receive information relating to the activities of the parish and its various groups shall be retained until such persons exercice their right to be forgotten.

– General contacts

Any personal data relating to partners, suppliers, relevant organisations and other people we work with will be retained whilst it is considered to be potentially relevant to St. Luke’s. When no longer considered to be potentially relevant the personal data will be removed from any database and any paper documentation securely destroyed.

Rights of Individuals

All members and others whose personal data St. Luke’s holds have the right to access, rectify, delete or restrict the use of the data held.

All members and others whose personal data St. Luke’s holds have the right to object to any processing based on legitimate interests or public interests.

If a member or other individual wishes to have personal data removed, thus exercising their right to be forgotten, St. Luke’s will ensure that this is completed within four weeks.

Any requests to exercise any of these rights or any other rights which individuals may have should be sent to the Data Protection Officer.

Responding to requests

St. Luke’s will endeavour to respond to any data protection enquiries or requests within two weeks of receipt of request. If it will take longer than a month to respond, we will let you know.

Contacting St. Luke’s

If you have any query in respect of this data privacy policy or relating to data protection more generally please contact the Data Protection Officer.

St. Luke’s may change this policy from time to time by updating this page. You should therefore check this page periodically to ensure that you are happy with the changes.

This Data Privacy Policy was last updated in March 2019.