What needs to be included in our Privacy Notice?

Under the General Data Protection Regulation (GDPR), every PCC needs a data Privacy Notice.

Whether or not you use the Safeguarding Hub, the PCC's Privacy Notice should cover the processing of data in accordance with the Church of England's Safer Recruitment and People Management Guidance.

The Parish Resources website provides some very helpful information for parishes, including a template Privacy Notice.

The following table suggests some information that you might consider including in the PCC's Privacy Notice.

Privacy Notice Section	Suggested Information
Why we collect and use your personal data?	The Church of England requires us to collect personal data for anyone who has a safeguarding role or any other church role that involves substantial contact with children or vulnerable adults.
The categories of personal data we collect are:	We collect: Your name Records relating to your recruitment to any church roles that involve substantial contact with children or vulnerable adults A record of any DBS certificates A record of any safeguarding training that you have undertaken Any other information required by the Church of England's Safer Recruitment and People Management Guidance
The lawful basis for processing your personal data	We collect and process this data as part of our legitimate activities as a not-for-profit body.
Where we collected your data from	We collect this data from: You The Diocese of Xxx Anyone you asked us to contact for a reference
Processing your data	Some of this data is securely processed in a Safeguarding Hub developed by Clearly Simpler Limited.
Sharing personal data	We may share this data with the Diocese of Xxx.
How long do we keep data?	We keep data in accordance with the guidance set out in the guide “Keep or Bin: The Care of Your Parish Records”: See the records management guides issued by The Church of England.