Dorking Methodist Church and Christian Centre
Data Protection Statement
What personal information we might need and why
We may collect and process the following examples of personal information, although we may, at times, also need to collect other personal information that is not listed here;
We may use/process this information to;
We have appropriate measures in place to protect your information. We will handle and protect your information in line with our Data Protection Procedures and the following data protection principles.
1. Personal data will be processed fairly and lawfully.
2. Personal data will be obtained only for one or more specified and lawful purpose(s) and will not be processed in a manner that is not compatible with that purpose(s).
3. Personal data will be adequate, relevant and not excessive in relation to the purpose(s) for which they are processed.
4. Personal data will be accurate and where necessary, kept up to date.
5. Personal data will not be kept for longer than is necessary.
6. Personal data will be processed in accordance with the data subject’s rights under the GDPR.
7. Appropriate technical and organisational measures are in place to protect personal data from unauthorised or unlawful processing and from accidental loss, damage or destruction.
Accessing your information (Subject Access Requests)
Under the GDPR, you are entitled to ask for a copy of the personal information that we hold about you and to have any inaccuracies in your personal information corrected. When you submit a request for your personal information, you are entitled to:
Sharing your personal information
We may need to share your information with third parties, particularly for employees. This may be for a variety of reasons but will always be to enable us to undertake our statutory functions or to comply with our legal obligations. When your personal information is shared it will be done so in line with the GDPR. You are entitled to know why and how we are sharing your personal information (as noted above) and the organisation or individual receiving your personal information will be required to protect your information in line with the GDPR. This is most likely to be in situations such as for employee’s pay and will never be to Third Parties for marketing purposes.