The Egyptian Christian Orthodox Association for The Midlands recognises that treating personal data in a correct, fair and lawful manner is vital. The Association, its employees and volunteers take data protection very seriously. Protecting personal data has to be treated with confidentiality and integrity.
This privacy notice aims to give you information on how The Egyptian Christian Orthodox Association for The Midlands collects and processes your personal data, including any data you may provide through our website, social media platforms, mobile applications, computer software, post and any other means of interaction.
2. Who are we?
The Diocese of the Midlands, known as the Egyptian Christian Orthodox Association for the Midlands (charity no. 515637) and also known as the “Coptic Orthodox Church”, registered at Blythe Gate, Blythe Valley Park, Solihull, West Midlands, B90 8AH. Our purpose is to promote the Christian Religion of the Coptic Orthodox Church in the Midlands and throughout the United Kingdom. The Egyptian Christian Orthodox Association for the Midlands, the Coptic Orthodox Church and the Coptic Orthodox Diocese of Midlands are thereafter referred to as “the Charity”, “the Association”, “the Diocese”, “we” or “us” throughout this statement. This privacy notice protects the data of all churches, ministries, clergy, staff, volunteers and servants within the Diocese as detailed on its website and in the charity services register.
As Data Controller the Charity decides how your personal data is processed and for what purposes. Your personal data will be stored in one place on our servers. The Coptic Orthodox Church will be Data Controller for the purposes of operating and discharging its functions at parish and diocesan level.
3. Purpose of our Privacy Notice Statement
Under the Data Protection Act and the General Data Protection Regulation (2018), we are required to explain to you why we are asking for information about you, how we intend to use the information you provide to us and whether we will share this information with anyone else. We take data protection very seriously.
4. Personal Data – What is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”). All the information we collect about you will be stored and used by the Charity in accordance with this privacy statement and in accordance with your rights as described in Section 11 of this statement under the Data Protection Act and the GDPR.
4.1 Special categories of personal data
Some of the information which we collect to fulfil our public sector equality duties as well as deliver regulatory objectives will be special categories of personal data (also called sensitive personal data) to which greater protection is provided by the data protection laws. The information which falls within this category includes information about:
- Disability and health
- A person’s racial or ethnic origin
- Religious or philosophical beliefs
- Political opinions or background
5. Audience of this Privacy Statement
This privacy statement is targeted at all individuals we interact with:
- Members of our parishes and congregations within the Coptic Orthodox Diocese of the Midlands
- Employed and voluntary staff working for the Charity.
- Persons who wish to join the Coptic Orthodox Church or receive information about forthcoming events.
- Donors to the Charity.
6. How do we process your personal data?
The Executive Committee of the Association, share responsibility of controller of the above mentioned churches and they do comply with their obligations under ‘the GDPR’ by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We collect and process your personal data:
- When you complete an online form, update your details on an official website(s), update your information on Social Media platform(s) or any affiliated website(s) belonging to us.
- When you communicate or submit information to us through third party applications, software or websites.
- When you submit an online or a manual application or form.
- When you complete a survey initiated by the Charity.
- When you contact us via social media, email, post, telephone or fax.
- When you provide us with your details and details about you or your family such as name, address,
- contact number, email address, and other social media applications used.
- Information which may be provided to us from other parishes.
- From persons duly authorised by you to provide information on your behalf.
- When you contact us by telephone.
- When you provide services to us or undertake activities which form part of your obligations under the terms of your appointment or our contractual terms.
- Through cookies on our website(s) and application(s).
We use your personal data for the purposes of:
- The administration of membership records
- The facilitation and provision of pastoral care and church services for members of our congregations and beneficiaries of the Charity.
- To enable us to provide voluntary services for the benefit of the public and the congregation
- To meet health and safety obligations for any event or service operated by the charity.
- The promotion of spiritual and social events, activities, services and news at a parish and a diocesan level.
- To operate Sunday School and Youth Ministry services;
- To operate Christmas and Easter plays and Drama performances;
- The advancement of the evangelical work both at a parish and a diocesan level.
- Representation of the Coptic Orthodox Church to local and national government levels.
- Representation of the Coptic Orthodox Church to other denominations, religions and charities at both a parish and a diocesan level.
- Fundraising and maintenance of our own accounts and records (including the processing of gift aid applications).
- The management of our employees, volunteers, deacons and executive committee.
- To manage all Association related activities done via computer software, mobile applications and social media platforms, such as; ZOOM, Kahoot, WhatsApp and other similar social media platforms.
- To operate our website and deliver the services that individuals have requested.
- To register for events organised or hosted at diocesan or parish levels such as conferences, retreats, trips, galas, performances, liturgies, etc…
- To operate all other services listed in the services register of the charity.
7. The data we collect about you
- Identity Data includes first name, initials, surname, marital status, title, date of birth, gender, photograph, video footage and any other biographical data you may provide us.
- Profile Data includes your username and password, any unique codes and transactions made by you.
- Contact Data includes billing address, postal address, email address and telephone numbers.
- Financial Data includes bank account and/or payment card details.
- Transaction Data includes details about payments to and from you and other details of booked events, trips, conferences and details of products or services you have purchased from us or gifts you have donated to us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website or other platforms, software and applications managed by The Association.
- Aggregated Data such as statistical or demographic data that we may collect and use for any purpose required by The Association to fulfil its services. Aggregated data will not necessarily reveal your identity; however, it might be derived from your personal data. If at any point, aggregated data will be combined with your personal data and might reveal your identity, The Association will treat it as personal data and will be protected under this privacy notice.
8. How is your personal data collected?
We will use different methods to collect your personal data. These are:
- Direct Interactions: you can provide your personal data by filling in a form, or communicating via post, email or phone or any other means of direct interaction.
- Automated interactions: you can provide your personal data by using our website(s), Application(s) or software, or any other electronic platform the charity uses to collect and process data.
Gathered personal data will be used for the purposes mentioned above in section 6
9. Data Processor(s)
Jiosdev LLC are a software developer contracted to develop mobile and web applications for the charity and therefore are acting as a third-party data processor, to enable the data controller (the Charity) to carry out its purposes and functions as detailed in this privacy statement.
10. Disclosure of your personal data
We will not share your data with any third parties outside of the Charity without your prior consent save for provisions under clauses 10.1, 10.2 & 10.3. Your personal data will be treated as strictly confidential and will only be processed by authorised members of our Charity for the carrying out of specific services or purposes connected with the Charity. Those authorised members will have received appropriate data protection training.
The information that you provide will be stored securely on our electronic systems. Our security measures and procedures reflect the seriousness with which we approach security and the value we attach to your information. These measures and procedures are audited and reviewed. Any payment transactions will be encrypted (using SSL technology).
10.1 Regulators and other legal obligations
We may also share your information with other bodies with official authority to fulfil our legal obligations. As a Charity whose employees and voluntary staff work with children, we are required by law to have the appropriate clearances to allow this to take place. All members of staff who work with children have their data recorded with the charity. It may be necessary to communicate with official bodies who are responsible for providing and supervising those clearances and to pass on such data as is necessary to fulfil our statutory obligations.
10.2 Other organisations
We may from time to time need to share or receive information about you from other organisations, such as:
- Other Coptic Orthodox parishes in the United Kingdom
- The police for the purpose of detection and prevention of crime
- Organisations with a function of auditing and/or administering public funds for the purpose of detection and prevention of fraud.
10.3 The public
If you are a member and have consented to be a contact point for one of the services of the Charity, some of your details may be available to the public to allow that function to take place.
If you operate in an official capacity for the Charity, or sit on certain committees, panels or advisory pool of experts, or have provided articles for publication on our website(s) some of your personal data may be publicly accessible.
In limited circumstances we may use your information for a purpose other than those set out in this policy. If we intend to do so, we will provide you with information relating to that other purpose before using it and will obtain your consent.
Your personal data will be treated as strictly confidential. If your personal data is exported from the ‘UkmidCopts’ App and is shared among Charity DPO, controllers and processors via email, the data files will be encrypted.
11. Your rights and your personal data
Unless subject to an exemption under ‘the GDPR’, you have the following rights with respect to your personal data: –
- The right to request a copy of your personal data which the above-mentioned churches holds about you.
- The right to request that the above-mentioned churches correct any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data to be erased where it is no longer necessary for the above-mentioned churches to retain such data.
- The right to withdraw your consent to the processing at any time;
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to lodge a complaint with the Information Commissioners Office (ICO).
12. How long do we keep your personal data?
The GDPR does not indicate how long we should keep personal data. It is up to the appointed Controllers to justify this based on the purposes of processing such data. Personal data might be kept for safeguarding or legal purposes.
If an individual is no longer an existing member of the congregation of the abovementioned churches, the Controllers might decide not to delete all his/her personal data, but they might need to keep some information to confirm that this relationship existed.
Our appointed Controllers will review whether they still need personal data every two years as a standard retention period and will decide whether to erase or anonymise it unless there is a clear justification for keeping it for longer.
Wherever possible, you will be given a mechanism to read and grant consent to this privacy notice including all the purposes mentioned in section 6. Where you do not grant consent, we will not be able to use your personal data, (in this case, you may not be able to access the services of the Charity at any level, including those listed in section 6) except in certain limited situations, such as where required to do so by law or to protect members of the public from serious harm.
If you do grant consent, please note you can withdraw your consent to all or any one of the purposes at any time by contacting our DPO. Please note that all processing of your personal data will cease once you have withdrawn consent, but this will not affect any personal data that has already been processed prior to this point.
14. Further Processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
15. Reviewing our Privacy Notice
This policy will be kept under review and if amended notification will be made to you if you have given us consent to contact you.
16. Contact Details
To exercise all relevant rights, queries, or complaints please in the first instance contact our Charity DPO at: dpo[at]ukmidcopts.org.
You can contact the Information Commissioners Office (ICO) on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or via post at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
Privacy statement version 7.0 | Last updated: 9th December 2022