Safeguarding Privacy Notice

Lichfield Diocesan Board of Finance Safeguarding Privacy Notice

The Lichfield Diocesan Board of Finance (LDBF) is committed to protecting your personal data. Personal data is any information relating to an identified or identifiable person.

This privacy notice explains what to expect when the LDBF collects your personal information. There are several policies and procedures which support this privacy notice, these are listed in Section 11 below.

Data controller

The data controller is:

Lichfield Diocesan Board of Finance, St Mary’s House, The Close, Lichfield, WS13 7LD.

Why we collect and use your personal data

We collect and use your personal information to carry out our safeguarding responsibilities including the following activities:

Undertaking risk assessments;
Investigating safeguarding allegations;
Maintaining records and case files regarding safeguarding incidents and/or investigations;
Providing training;
Providing support to individuals involved in safeguarding cases; including assessing the need for counselling;
Ensuring the safety of those that work for or are employed by the institutional Church of England, including contractors and office holders, members of the Church of England and the public;
Providing advice to Church of England bodies regarding managing safeguarding incidents or cases;
Liaising with and responding to public, statutory and regulatory enquiries (including legal and independent reviews and inquiries), local authorities and courts and tribunals;
Being involved in litigation, dispute resolution and judicial process (including liaison with external advisers);
Publishing resources, reports and reviews;
Undertaking research and statistical analysis; and
Managing archived records for historical and research reasons, including the management and administration of access our collections.

The categories of personal data we collect:

The types of information we process include:

Name;
Title;
Marital status;
Gender;
Nationality;
Job title/position;
Dates (birth, joined, ordination, education, death etc.);
Contact information – work and personal (Address; phone numbers);
Honours;
Family names and details, including wider family;
Lifestyle and social circumstances;
Socio-economic details;
Employment and appointments;
Education details;
Training attendance/certification; and
Housing needs;

Special categories of information may include:

race;
ethnic origin;
politics;
religion;
trade union membership;
health;
sex life; or
sexual orientation; and
criminal allegations, proceedings or convictions, including DBS status;

Information about:

current, retired and prospective clergy;
employees (see wording below);
volunteers;
individuals involved in or connected with legal claims, inquiries, reviews and dispute resolution;
professional advisers and consultants;
individuals whose safety has been put at risk;
children and parents/ carers;
complaints of misconduct and unlawful acts;
details of misconduct and unlawful acts e.g. the nature of any allegations; and
individuals who may pose a risk.

The following types of documents or correspondence may be processed:

Records of alerts, notifications, concerns or allegations;
Disciplinary, case and personal files;
Risk Assessments;
Confidential declaration forms;
Recruitment documentation e.g. DBS checks;
Training records;
Referrals;
Self-referrals;
Minutes of meetings;
Correspondence, including letters, emails etc.;
Telephone call notes;
Records of enquiries, advice sought or provided;
Records provided by the police or statutory agencies; and
Notifications to external parties e.g. police, local authorities, the Charity Commission, insurers etc.

The lawful basis for using your information

We collect and use personal data as explained below.

Consent – we will obtain your consent to process your data for assessing and providing counselling and support.
Legitimate interest – we may need to process your information to undertake safeguarding tasks, including doing all that we reasonably can to ensure that no-one is at risk of harm during Church of England activities.

Legitimate Interest Assessment

We have undertaken a Legitimate Interest Assessment, and the summary below sets out why we have a legitimate interest.

We have a specific purpose with a defined benefit	The processing is an essential part of the Church of England’s response to the dealing with safeguarding matters to protect individuals from harm, in particular those that are the most vulnerable, (children and/or vulnerable adults).
The processing is necessary to achieve the defined benefit.	The processing is necessary to investigate an allegation/concern effectively or help improve safe working practices in and around Church activities and ensure that the Church is a safe place for everybody.
The purpose is balanced against, and does not override, the interests, rights and freedoms of data subjects.	There is the risk of significant harm to others if unsuitable individuals are appointed to positions of authority and responsibility where they can be trusted by others. Similarly, there is a risk of harm to individuals where safe working practices are not adopted or cannot be reviewed and improved. The duty to protect individuals from harm, overrides any risks to the rights and freedoms of data subjects as appropriate safeguards have been put in place.

For a copy of the full Legitimate Interest Assessment, please Angela Bruno, whose details are set out at section 10 below.

Legal obligation – we may need to process your information in order to comply with a legal obligation, such as under the Inquiries Act 2005 which may compel us to provide personal data for the purposes of a statutory inquiry, or a referral to the Disclosure and Barring Service under the Safeguarding Vulnerable Groups Act 2006, or an order of a court or tribunal.

Special categories & criminal information

Explicit Consent – we will obtain your explicit written consent to process your data to assess the need for, and the provision of counselling and support, and to share it with 3rd parties.

Substantial public interest (protecting the public against dishonesty etc.) – we may need to process your information where necessary for the protection of members of the public generally against seriously improper conduct, and from any failures in connection with, the Church of England’s activities, or for safeguarding purposes.

This lawful basis is applied in the UK only, with reference to the GDPR Article 9(2)(g), and the Data Protection Act 2018 Schedule 1 Part 2, paragraph 11 and paragraph 18.

Legal claims – we may need to process your information where there is a legal claim, or in connection with a judicial process.
Archiving - we may keep your information for archiving purposes in the public interest, and for scientific or historical research purposes or statistical purposes.

Who we collect from or share your information with:

Where necessary (or required), we collect from or share information with:

Parishes e.g. Parochial Church Councils (PCCs) and relevant PCC members, diocesan bodies, bishops’ offices and cathedrals.

Links to these documents can be found in Section 11 of this document.

candidates, prospective employees, employees or other staff members (including contractors, workers, consultants and volunteers, including members of any “Core Group”)
legal representatives
parties and individuals involved in or connected with legal claims, inquiries, reviews and dispute resolution (including mediation and arbitration)
healthcare, social and welfare organisations or providers of health, social care or welfare services
educational institutions
governance bodies and committees
3rd party data processors
local and central government
both houses of parliament and members of parliament
regulatory and statutory bodies
law enforcement and prosecuting authorities
courts and tribunals and providers of legal services
members of the judiciary
charitable, religious and voluntary organisations
survey and research organisations
statutory, public, regulatory or other legal or independent reviews or inquiries, including any “lessons learned” reviews

Data transfers outside the EEA

The LDBF does not share your information with countries outside of the UK or EEA routinely. If required to do so to meet our purpose, we will put in place the necessary safeguards.

How long do we keep your information?

There’s often a legal and/or business reason for keeping your information for a set period, as stated in our retention schedule. We retain safeguarding records in line with national guidance.

Security

We are committed to ensuring that your personal data is secure. We limit access to data on a need to know basis and test our security practices and technologies.

If a data breach does occur, we will do everything in our power to limit the damage. In the case of a high-risk data breach, and depending on the circumstances, we will inform you about the breach and any remedial actions to prevent any further damage. We will also inform the Information Commissioner’s Office of any qualifying data breaches.

Your personal data will not be used for any automated decision making

Your rights

You have the following rights regarding your personal data, subject to exemptions:

The right to request a copy of your personal data
The right to rectify your data if you think it is inaccurate or incomplete
The right to request that your data being erased, in certain circumstances
The right to restrict processing of your data, in certain circumstances
The right to request that we transfer your data to you or another organisation, in certain circumstances
The right to object to our processing of your data if the process forms part of our public tasks, or is in our legitimate interests
The right to withdraw your consent at any time
The right to request that we transfer your data to you or another organisation, in certain circumstances (only applies to data held online)

To exercise these rights please contact Angela Bruno using the contact information provided below.

Complaints or concerns

If you have any concerns or queries about how the LDBF handle your personal data, please contact:

Mrs Angela Bruno, St Mary’s House, The Close, Lichfield, WS13 7LD, angela.bruno@lichfield.anglican.org, 01543 306220.

You have the right to make a complaint at any time to the Information Commissioner at https://ico.org.uk/concerns/ or Information Commissioner's Office, Wycliffe House, Water Lane Wilmslow Cheshire SK9 5AF, Tel: 0303 123 1113.