Privacy Notice for the Parochial Church Council of the Parish of Cromer (Cromer PCC)

Cromer PCC is a Registered Charity (No. 1135323)

  1. What is the lawful basis for processing your personal data?
    • Cromer PCC uses personal data for a number of purposes, as set out above, and has identified a lawful basis for processing the information in each case. These are ‘Contract’, ‘Legitimate Interest’, ‘Legal obligation’ and ‘Consent’, and examples of where each applies are as follows:
      • Examples where ‘Contract’ applies
        • the management of its employees.
      • Examples where ‘Legitimate interest’ applies:
        • when you ask us to contact you in connection with a course, event, activity or service and we communicate with you about that event, activity or service both before the event and in follow up afterwards;
        • when you have asked a question or made a comment or suggestion and we use your contact details to respond to you;
        • when you sign up to serve on a rota, join a Small Group, become involved in a ministry or other mission or serving opportunity and we use your personal information to provide, organise and enable that activity;
        • when we need to communicate with you about any security-related or technical matter relating to your personal information.
      • Examples where ‘Legal obligation’ applies
        • when you exercise your rights under Data Protection law;
        • for maintaining the Electoral Roll;
        • for processing and reporting financial information relating to the Gift Aid scheme and other giving for up to 6 years from the end of the tax year in which a financial transaction was processed;
        • where we are required to maintain attendance records at groups or events for safeguarding purposes.
      • Examples where ‘Consent’ applies
        • in relation to sharing your personal information in the Church Directory;
        • when you have subscribed to one of our mailing lists and explicitly consented to receiving emails or postal communications as part of the sign-up process. You can unsubscribe at any time by emailing This email address is being protected from spambots. You need JavaScript enabled to view it. or phoning the Church Office (01263 512000) or by using the unsubscribe link in the footer of emails;
        • when, before establishing a connection with Cromer Church, you have completed a Keeping in Touch, Welcome, Sign-Up, Enquiry or similar form and indicated that you are willing for Cromer Church to contact you.
        • (Cromer PCC is not-for-profit body with a religious aim and, as such, processes some special and normally prohibited categories of personal data relating to religious beliefs. This processing is carried out in the course of its legitimate activities and relates only to members or former members (or those who have regular contact with Cromer Church in connection with its purposes). This information is never disclosed to a third party without consent.
  2. Who are we?
    • Cromer PCC is the data controller. This means that it decides how personal data is processed and for what purposes. For information stored in ChurchSuite, our Church Management System, ChurchSuite processes data on our behalf, in accordance with their privacy and security policies. For information stored in Google’s G-Suite system, which provides our email and online filing system, Google processes data on our behalf, in accordance with their privacy and security policies. MailChimp and Stripe provide mailing list and card payment support, and process data on our behalf, in accordance with their privacy and security policies.
  3. Your personal data - what is it?
    • Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into their possession. The processing of personal data is governed by the General Data Protection Regulation (GDPR).
  4. How do we process your personal data?
    • Cromer PCC complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining data that we don’t need; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. Cromer PCC uses personal data for the following purposes:
      • to provide a voluntary service for the benefit of the public as specified in our constitution, including fundraising and promoting the interests of Cromer Church as a charity;
      • to manage its employees;
      • to support and organise the efforts of its volunteers;
      • to support the organisation and operation of its teams and groups;
      • to maintain and administer its accounts, records of giving and the Gift Aid scheme;
      • to maintain and administer the Electoral Roll;
      • to maintain and administer the Cromer Church Directory;
      • to keep those connected with Cromer Church informed about news, events, activities, groups, courses and services;
      • to enable the Repps Deanery and the Diocese of Norwich to keep those connected with Cromer Church informed about news, events, activities, groups, courses and services in the wider church.
  5. Sharing your personal data
    • Cromer PCC treats all personal data as strictly confidential and will only share it within Cromer Church for purposes connected with the ministry, mission, practical organisation and day-to-day running of Cromer Church, as set out above. We take security very seriously and will take all reasonable steps to keep personal data safe. We will only share personal data with third parties, outside Cromer Church, with the explicit consent of the data subject except where required or allowed to do so by law.
  6. How long do we keep your personal data?
    • We keep data in accordance with the guidance set out in “Keep or Bin: Care of Your Parish Records” which is available from the Church of England website. Details about retention periods can be found in the Record Management Guides on the Church of England website at: www.churchofengland.org/more/libraries-and-archives/records-management-guides. Specifically, we retain electoral roll and Directory data while they are current and for five years for research and statistics purpose only; Gift Aid declarations and associated paperwork for up to 6 years after the tax year to which they relate; and registers (baptisms, marriages, funerals) and safeguarding records permanently.
  7. Your rights and your personal data
    • Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
      • the right to request a copy of the personal data that Cromer PCC holds about you;
      • the right to request that Cromer PCC corrects any personal data if it is found to be inaccurate or out of date;
      • the right to request that your personal data be erased where it is no longer necessary for Cromer PCC to retain such data;
      • the right to withdraw your consent to the processing of your data at any time. All processing of your personal data will cease once you have withdrawn consent, other than where this is required or allowed by law, but this will not affect any personal data that has already been processed prior to this point;
      • the right to request that Cromer PCC provide you with your personal data and, where possible, to transmit that data directly to another data controller, known as the right to data portability. [This only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means.]
      • the right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction be placed on further processing;
      • the right to object to the processing of personal data. [This only applies where processing is based on legitimate interests, direct marketing and processing for the purposes of scientific/historical research and statistics.]
        • the right to lodge a complaint with the Information Commissioners Office.
  8. Further processing
    • If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
  9. Contact Details
    • To withdraw your consent for processing your data, please email This email address is being protected from spambots. You need JavaScript enabled to view it. or contact the Church Office (01263 512000). All processing of your personal data will cease once you have withdrawn consent, other than where this is required or allowed by law, or where another lawful basis for processing applies, but this will not affect any personal data that has already been processed prior to this point.
    • To exercise your other rights, ask a question or make a complaint, please contact the Data Protection Lead (This email address is being protected from spambots. You need JavaScript enabled to view it.) or the Church Office (01263 512000)
    • You can contact the Information Commissioner’s Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

We welcome feedback about our website, including feedback about this privacy notice.