Privacy & Legal

GENERAL DATA PROTECTION REGULATION (GDPR)

THE PARISH POLICY OF THE ANGLICAN CHURCH OF PAPHOS

The General Data Protection Regulation (GDPR) came into effect across the European Union on 25th May 2018.  The GDPR gives individuals more rights and protection in how their personal data is used by corporate organisations.  The Anglican Church in Cyprus and the Gulf is deemed to be such an organisation.  Personal data is deemed to be information relating to a living individual who can be identified directly from that data or indirectly by reference to other data held by an organisation.

Within the Diocese of Cyprus and the Gulf, the decision has been taken to comply with the guidelines issued by the Archbishops’ Council of the Church of England in 2017.  This document seeks to define how the guidelines relating to GDPR will be applied in The Anglican Church of Paphos.  The Parish must have a primary Data Controller.  In the Anglican Church of Paphos, this role is currently taken on by the Electoral Roll Officer, Gordon Redpath.  He can be contacted at acpdatacontroller@gmail.com  Members of the Parochial Church Council (PCC), as a whole, are deemed to be Data Controllers due to their access to data that is held by the Parish relating to individuals.  The Parish priest is also a separate data controller because the Incumbent and the PCC are defined as separate entities.

There are five underlying principles relating to the protection of data held by the Parish:

  1. Data will be processed lawfully, fairly and transparently. Processing is anything done with/to personal data, including storing it.  Any stored data must be held securely by the Parish Data Controllers.
  1. Data will only be used for a specific processing purpose that the data subject (the person about whom personal data are processed) has been made aware of and no other purpose without further consent.
  1. Data collected on a data subject should be adequate, relevant and limited, i.e. only the minimum amount of data should be kept for specific processing.
  1. Data held by the Parish must be accurate and where necessary kept up to date.
  1. Data should not be stored for longer than is necessary and that storage is safe and secure. For the Anglican Church of Paphos, data will be stored securely, primarily in the Church Office at Kato Paphos.

There are several legal bases for processing data within the Parish, of which the most important is the consent of the data subject for their data to be stored.  Other bases include legal obligation (such as processing Gift Aid where appropriate), contractual (e.g. the use of either St Stephen’s or St Luke’s by outside groups), or legitimate interest (routine Church management involving rotas, lists of group members etc).  For each area of data processing, there must be a clear need for carrying out that processing.

The Anglican Church of Paphos will obtain and securely store consent forms from people for data processing.  Such consent will include positive action by people so that they must opt in for data processing, as opposed to data being processed based on the assumption of consent.  This positive consent must be obtained before any data processing relating to individuals may be carried out.

There are several legal bases for processing data within the Parish, of which the most important is the consent of the data subject for their data to be stored.  Other bases include legal obligation (such as processing Gift Aid where appropriate), contractual (e.g. the use of either St Stephen’s or St Luke’s by outside groups), or legitimate interest (routine Church management involving rotas, lists of group members etc).  For each area of data processing, there must be a clear need for carrying out that processing.

The Anglican Church of Paphos will obtain and securely store consent forms from people for data processing.  Such consent will include positive action by people so that they must opt in for data processing, as opposed to data being processed based on the assumption of consent.  This positive consent must be obtained before any data processing relating to individuals may be carried out.

Data subjects have a number or rights relating to the processing of their personal data.  These rights include (but are not limited to): knowing how personal data is used by the Data Controllers; knowing exactly what data is held about them; correcting any errors with data held and, generally, the right if individuals so wish to ‘be forgotten’ (i.e. to have any and all data held to be removed from Parish records).  The PCC will make provision for anyone to exercise all these rights in relation to their personal data held by The Anglican Church of Paphos.

The Anglican Church of Paphos’ Parish primary Data Controller will, where necessary, provide evidence of accountability.  For example, where data is processed on the basis of consent, the primary Data Controller must store these written consents securely.  Each individual consent is for a specific purpose, therefore the primary Data Controller will record separate consents to cover different areas of data processing within the life of the Church.

Where data processing reveals religious belief, it becomes a specific category of data.  In this context, belief cannot be assumed simply because someone attends Church or Church events, becomes a friend of the Church or donates money to the Church.  Where someone is required to have affirmed belief (e.g. for processing onto the Electoral Roll) then this could be argued to reveal definite religious belief.

Periodically, the primary Data Controller, in conjunction with the PCC, will conduct an audit of data held on individuals: to review the continuing need to hold such data; to review data storage and to identify the basis that the Parish has for data storage.

A Data Privacy Notice is to be displayed by The Anglican Church of Paphos in each of the three churches and on the church website.  The format for this Notice forms part of this policy document.

It should be noted that some data processing may not require specific consent, if such data is part of the normal management of the Church, e.g. lists of members of various groups.  In this instance, it must be kept in mind that it is important that the right of an individual to have such data removed from Parish records remains paramount.

Legal Information Relating to this Website

The websites and the domain names “paphosanglicanchurch.org” and “yourcypruswedding.org” are owned and operated by the Anglican Church of Paphos (the Church) a part of the Anglican Diocese of Cyprus and the Gulf (the Diocese).

Ownership
These websites, including any and all trade marks, logos, design, text and graphics, are owned by and remains the property of the Church. We may include third party materials from time to time, which remain the property of their respective owners. Nothing in these terms of use shall be construed as conferring any licence or right to use any trade mark, copyright or other right of the Church, the Diocese or any third party.

Ownership extends to all code excluding that which is available under existing open license agreements.

Use of materials
Where we have indicated that you may download material from this site, you may only download and use them as indicated, or to raise awareness about the Anglican Church of Paphos, Anglican Church Weddings in Paphos or the Diocese of Cyprus and the Gulf. You may not use any element of this site for personal gain or commercial purposes, neither may you copy, transmit, store or disseminate any element of this site, unless we have clearly indicated.

Responsibility for use
To the extent permitted at law, the Church and Diocese do not accept responsibility or liability for any loss or damage that may occur in connection with this site, including any interruption or delays.

Both the Church and the Diocese do not make any representations nor give any warranties concerning this site, and does not warrant that its contents are virus free. To the extent permitted at law, we do not accept responsibility or liability for infection by virus or other contamination resulting from your use of this site.

Unlawful use
You may only use this site for lawful purposes and you may not inhibit the use of this site by any third party.

You agree to abide by all applicable laws, regulations and codes of conduct and to be solely responsible for all things arising from your use of this site.

You may not submit, publish, post, distribute or transmit any defamatory, offensive, infringing, obscene, indecent or other unlawful or objectionable material or information.

Your Privacy

These websites provide extensive links to other independent sites. This policy applies only to user accesses to www.paphosanglicanchurch.org and www.yourcypruswedding.org. We are not responsible for the privacy policies and practices of other websites and their owners or operators.

Data collected
As with the vast majority of websites,we automatically log certain information about every request made of it (see below for more details). This information is used for system administration, for bug tracking, and for producing usage statistics. The logged information will be kept but reviewed periodically.

Data may on occasion be passed to the administrators of other systems to enable investigation of problems accessing this site. Otherwise the logged information is not passed to any third party except if required by law. Summary statistics are extracted from this data and some of these may be made publicly available, but those that are do not include information from which individuals could be identified.

Where forms are provided on this site, the pages containing these forms include information on how data submitted on them will be processed and used.

Cookies
This site uses “cookies” to remember certain data that has been input by the user. You can disable cookies on your web browser.

Logged data
The following data is logged for each request:

  • The name or network address of the computer making the request. In some circumstances it may be possible to infer from this the identity of the person making the request. Note that the data recorded may be that of a web proxy rather than that of the originating client.
  • The date and time of connection.
  • The HTTP request, which contains the identification of the document requested.
  • The status code of the request.
  • The number of data bytes sent in response.
  • The contents of the HTTP Referrer header .
  • The content of the HTTP User-Agent header.
  • Logging of additional data may be enabled temporarily for specific purposes.

Images in this website

The Church and Diocese have made their best efforts to ensure that appropriate permissions and, where appropriate, waivers of copyright have been given for all images used in this website. Alternatively images are the property of the Anglican Church in Paphos or the Diocese of Cyprus and the Gulf.

Furthermore, the use of images of individuals, groups, congregations and events in this website is governed by the Diocesan Policy on Vulnerable People.

Should you have any complaints regarding the imagery used in the website, or wish for any image to be removed because it contains an unauthorised image of yourself, please either contact the Church Office or send an email to the info@paphosanglicanchurch.org.

Registered Office

The Anglican Church of Paphos
PO Box 61083
8130 Kato Paphos
Cyprus

Governing law

The Diocese headquarters are based in Cyprus and these terms shall be governed by and construed in accordance with European Law and you agree to submit to the exclusive jurisdiction of the appropriate courts.

Revisions of these terms of use

The Church and Diocese reserves the right to change these terms of use at any time. You will be bound by any such revisions and should therefore visit this page from time to time to review the terms of use.