Data Protection Policy

The Church of Scotland is a charity registered in the UK and, as such, we adhere to all data protection laws, including but not limited to the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018. We are providing you with this information to comply with data protection laws and to ensure that you are fully informed, and we are transparent in how we collect and use your personal data.

 

The Church processes personal information in the course of its legitimate activities, with appropriate safeguards in place, as a not-for-profit body with a religious aim and on the basis that the processing relates solely to members, former members or people who have regular contact with us, and that this information is not disclosed to any third party without the individual's consent.

​

The Church also process information where this is necessary for compliance with our legal obligations; where processing is necessary for the purposes of our legitimate interests and such interests are not overridden by individual's interests or fundamental rights and freedoms; where (in relation to the processing of personal data relating to criminal convictions and offences or related security measures in a safeguarding context) the processing meets a condition in Part 1, 2 or 3 of Schedule 1 of the Data Protection Act 2018; where the processing is for reasons of substantial public interest and necessary for the purpose of protecting an individual from neglect or physical, mental or emotional harm; and where you have given consent to the processing of your information for a particular purpose. A privacy notice will be provided at the point of collection of the data, it will also be published on the website for individuals to view at ease.