Use of Personal Information

Carluke: St John's Church of Scotland (St John's) recognises and accepts its responsibilities under the Data Protection Act 1998 (the Act). It will handle all personal information in accordance with the eight Data Protection Principles as given by the Act. For the purposes of the Act, the Data Controller is the Clerk to the Presbytery of Lanark.


The Eight Data Protection Principles

  1. Personal data shall be processed fairly and lawfully and
    1. at least one of the conditions in Schedule 2 is met and
    2. in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
  2. Personal Data shall only be obtained for one or more specified and lawful purposes and not processed in any manner incompatible with that purpose or purposes.
  3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes to which they are processed.
  4. Personal data shall be accurate and where necessary kept up to date.
  5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
  6. Personal data shall be processed in accordance with the rights of data subjects under the Act.
  7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction or damage to personal data.
  8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection.

With reference to Principle 1(a), above, the condition in Schedule 2 met is Condition 1: The data subject has given his/her consent to the processing.

With reference to Principle 1(b), above, the condition in Schedule 3 met is Condition 4: The processing is carried out in the course of its legitimate activities by St John's, which (i) is not established or conducted for profit, and (ii) exists for religious purposes, is carried out with appropriate safeguards for the rights and freedoms of data subjects, relates only to individuals who either are members of the body or association or have regular contact with it in connection with its purposes, and does not involve disclosure of the personal data to a third party without the consent of the data subject.

With reference to Principle 2, above, personal data is obtained for the purposes of maintaining membership lists, communicating with data subjects, maintaining a register of persons entitled, through Safeguarding, to work with children and/or vulnerable adults and to allow for the reclamation of Income Tax under the Gift Aid Scheme.

With reference to Principle 7, above, personal data is held in password-protected databases on password protected computers OR in paper records, stored in secure locations.


How We Use Personal Information

Data subjects Personal data held Persons with access to data
For all Members, Adherents and Friends* of the congregation Title, Forename, Surname, Address (including postcode) Minister, Roll Keeper, Session Clerks, Church Secretary, Magazine deliverers
In addition:
For Elders, Board members and office-bearers in any group associated with the congregation
Office held, Phone number, Email address Minister, Session Clerks, Church Secretary, Members of relevant group
In addition:
For Members making an offering by FWO/Gift Aid
Banking Information as required to reclaim Income Tax through Gift Aid FWO Convenor and Treasurer ONLY
In addition:
For Individuals who are working with young people or vulnerable adults
Disclosure information as required for PVG registration Safeguarding Co-ordinator ONLY
For members of associated organisations (eg BB, Guild) Title, Forename, Surname, Address (including postcode) Leaders of associated organisations
In addition:
For pre-adult members of associated organisations
Guardian contact details, Diet and Health issues (eg allergies) Leaders of associated organisations

* Friends are past members who have expressed a wish to remain in contact with St John's



CCTV is in use, both externally and internally, for reasons of security and safety. Video is stored for approximately two weeks before being overwritten, unviewed, except where an incident has occurred.