The Parochial Church Council (PCC) is our church’s governing body and also the board of trustees which oversees the church’s charitable works and money. It carries out its work in an open and transparent basis while ensuring it complies fully with its legal, spiritual and moral responsibilities. As such, it sets out its approach to a number of essential areas in a series of regularly reviewed policies, which are set out below.

The following policy was agreed at the Parochial Church Council (PCC) meeting held on 19th September 2019.

  1. We are committed to:

    • The care, nurture of, and respectful pastoral ministry with, all children and all adults

    • The safeguarding and protection of all children, young people and adults when they are vulnerable

    • The establishing of safe, caring communities which provide a loving environment where there is a culture of ‘informed vigilance’ as to the dangers of abuse.

  2. We will carefully select and train all those with any responsibility within the Church, in line with safer recruitment principles, including the use of Disclosure and Barring Service criminal records checks.

  3. We will respond without delay to every complaint made which suggests that an adult, child or young person may have been harmed, co-operating with the police and local authority in any investigation and we will have a clear reporting procedure in place.

  4. We will seek to work with anyone who has suffered abuse, developing with him or her an appropriate ministry of informed pastoral care.

  5. We will seek to challenge any abuse of power, especially by anyone in a position of trust.

  6. We will seek to offer pastoral care and support, including supervision and referral to the proper authorities, to any member of our church community known to have offended against a child, young person or vulnerable adult.

  7. In all these principles we will follow statute, guidance and recognised good practice, in particular the Parish Safeguarding Book (2018 edition)

  8. We will advise the Diocese which Registered Body we use to process applications for Disclosure and Barring Service criminal records checks.

  9. We will advise the Diocesan Safeguarding Adviser if we receive a Disclosure which is ‘blemished’ or ‘positive’.

  10. We will review this policy annually, check that our policies are up to date, and supply a copy of the updated policy statement to the Diocesan Safeguarding Adviser.


Our Safeguarding Officer is:

Patricia Devlin

safeguarding@​hughenden​parish​church.​org.uk

Ut efficitur justo ex, eu semper lorem imperdiet at. Nullam elementum bibendum quam vitae pretium. Etiam tempor, tortor semper ullamcorper volutpat, arcu libero scelerisque sem, et fringilla velit nisi id est. Quisque nec massa id augue sagittis pellentesque at vel ipsum. Sed enim enim, accumsan eu massa ut, vestibulum tempus sem. Duis orci libero, tempus id rhoncus at, viverra vel risus. Nam eget risus et nunc tempor finibus a ac felis. Curabitur enim metus, bibendum a ullamcorper ultrices, convallis vel nibh. Sed egestas non turpis nec dignissim. Fusce non ex libero. Donec sit amet eleifend magna.

Ut efficitur justo ex, eu semper lorem imperdiet at. Nullam elementum bibendum quam vitae pretium. Etiam tempor, tortor semper ullamcorper volutpat, arcu libero scelerisque sem, et fringilla velit nisi id est. Quisque nec massa id augue sagittis pellentesque at vel ipsum. Sed enim enim, accumsan eu massa ut, vestibulum tempus sem. Duis orci libero, tempus id rhoncus at, viverra vel risus. Nam eget risus et nunc tempor finibus a ac felis. Curabitur enim metus, bibendum a ullamcorper ultrices, convallis vel nibh. Sed egestas non turpis nec dignissim. Fusce non ex libero. Donec sit amet eleifend magna.

Ut efficitur justo ex, eu semper lorem imperdiet at. Nullam elementum bibendum quam vitae pretium. Etiam tempor, tortor semper ullamcorper volutpat, arcu libero scelerisque sem, et fringilla velit nisi id est. Quisque nec massa id augue sagittis pellentesque at vel ipsum. Sed enim enim, accumsan eu massa ut, vestibulum tempus sem. Duis orci libero, tempus id rhoncus at, viverra vel risus. Nam eget risus et nunc tempor finibus a ac felis. Curabitur enim metus, bibendum a ullamcorper ultrices, convallis vel nibh. Sed egestas non turpis nec dignissim. Fusce non ex libero. Donec sit amet eleifend magna.

Ut efficitur justo ex, eu semper lorem imperdiet at. Nullam elementum bibendum quam vitae pretium. Etiam tempor, tortor semper ullamcorper volutpat, arcu libero scelerisque sem, et fringilla velit nisi id est. Quisque nec massa id augue sagittis pellentesque at vel ipsum. Sed enim enim, accumsan eu massa ut, vestibulum tempus sem. Duis orci libero, tempus id rhoncus at, viverra vel risus. Nam eget risus et nunc tempor finibus a ac felis. Curabitur enim metus, bibendum a ullamcorper ultrices, convallis vel nibh. Sed egestas non turpis nec dignissim. Fusce non ex libero. Donec sit amet eleifend magna.

Ut efficitur justo ex, eu semper lorem imperdiet at. Nullam elementum bibendum quam vitae pretium. Etiam tempor, tortor semper ullamcorper volutpat, arcu libero scelerisque sem, et fringilla velit nisi id est. Quisque nec massa id augue sagittis pellentesque at vel ipsum. Sed enim enim, accumsan eu massa ut, vestibulum tempus sem. Duis orci libero, tempus id rhoncus at, viverra vel risus. Nam eget risus et nunc tempor finibus a ac felis. Curabitur enim metus, bibendum a ullamcorper ultrices, convallis vel nibh. Sed egestas non turpis nec dignissim. Fusce non ex libero. Donec sit amet eleifend magna.

The following policy was agreed at the Parochial Church Council (PCC) meeting held on 19th September 2019.

This policy applies to all members of the PCC, the Standing Committee and any other committees or working parties set up by the PCC.

Introduction

A conflict of interest is any situation in which a member’s personal interests or loyalties could prevent, or could be seen to prevent, the member from making a decision only in the best interests of the PCC. Such a situation may arise either:

  1. where there is a potential financial benefit to a member, whether directly or indirectly through a connected person (such as a close family member or business partner);

  2. or
  3. where a member’s duty to the PCC may compete with a duty of loyalty he or she owes to another organization or person (eg by virtue of being a trustee or committee member of a body which has an interest in the matter).

The Policy

  • It is desirable that any conflicts of interest are declared to the Chair of the meeting as soon as the agenda is circulated. They must also be declared at the meeting when the relevant agenda item is reached.

  • Where a conflict of interest arises in connection with a personal benefit, the member concerned must withdraw from the meeting and not take part in any discussions relating to it.

  • Where a conflict of loyalty arises, the PCC will consider what level of participation, if any, is acceptable on the part of the conflicted member, having regard to the duty to act in the best interests of the PCC. However, the normal expectation will be that the conflicted member should withdraw from the meeting during discussion of the item of business in question.

  • A member need not withdraw from a meeting if his or her interest (whether financial or non-financial) is common to a group of persons and is neither (i) significant nor (ii) substantially greater than the interests of other members of that group.

  • The existence of a conflict of interest must be recorded in the minutes, together with the decision as to how it should be dealt with.

  1. Purpose of this policy

    This policy sets the Church’s understanding of data protection and the policies the Church uses to ensure compliance with the Data Protection Act 2018, which encompasses the General Data Protection Regulation (GDPR). It applies to the office holders of St Michael and All Angels Church, Hughenden and of the Church’s Parochial Church Council (PCC) - referred to in this policy as “the Church” - and to all subcontractors and volunteers.

  2. Why the Church needs this policy

    The Data Protection Act 2018 places a responsibility on all organisations that handle personal data to protect that information. It also states that such organisations may need to be registered with the Information Commissioner’s Office to do so although our Church is exempt from this as it:

    1. Is a not-for-profit organisation.

    2. Only processes information necessary to establish or maintain membership or support.

    3. Only processes information necessary to provide or administer activities for people who are members of the organisation or have regular contact with it.

    4. Only shares the information with people and organisations necessary to carry out the organisation’s activities.

    5. Only keeps the information while the individual is a member or supporter or as long as necessary for member/supporter administration.

    6. Does not use Closed Circuit Television devices for crime prevention.

  3. Why the Church collects information

    The Church may collect data on individuals for the following purposes:

    1. Accounts and records.

    2. Advertising, marketing and public relations.

    3. Officer holder, subcontractor and volunteer administration.

    4. Administration of membership records, including the generation of the Church’s Electoral Roll.

    5. Fundraising, including the generation of Gift Aid returns to HM Revenue & Customs.

    6. Realising the objectives of a charitable organisation or voluntary body.

  4. How the Church collects information

    The Church may collect personal information when individuals contact with it, such as when they:

    1. Visit our website.

    2. Register their details using a paper form or via an electronic form on our website.

    3. Make a donation, by completion of offering envelopes or by electronic means.

    4. Register for a course or other Church event.

    5. Communicate with the Church, such as face-to-face or by email, letter and telephone.

    6. Access social media platforms, such as Facebook.

  5. What the Church does with collected information

    The Church processes and stores information in the form of paper and computer records; its preferred method of storing personal information is in its computer database called ChurchSuite. Data security and privacy information about ChurchSuite can be found on the ChurchSuite website: www.churchsuite.com


Policy statements - how the Church will handle and protect personal information

  1. The Church complies with all aspects of data protection legislation, adhering to the eight principles of the GDPR. These principles specify the legal conditions that must be satisfied in relation to obtaining, handling, processing, transportation and storage of personal data.

  2. The Church will not pass personal data to third parties without the explicit consent of individuals, except when permitted by law under the following exceptional circumstances:

    1. Where the Church is legally compelled to do so.

    2. Where there is a duty to the public to disclose.

    3. Where disclosure is required to protect your interest.

    4. Where disclosure is made at an individual’s own request or with their consent.

  3. The Church will use a standard statement whenever personal data is collected. Individuals submitting their information on a paper or electronic forms will be required to date the form (whether in writing or by electronic date stamp) to indicate they have given their consent. If individuals provide their personal data verbally, such as in person or over the telephone, the person receiving the information will read out the statement and record the date when the individual’s consent was given. The statement for use is:

    I consent that this information may be used to contact me about St Michael & All Angels Church activities, used for church administration purposes and stored in computerised or paper formats. I am aware that, in compliance with the Data Protection Act 2018, the Church will store my information securely and will never pass it to a third party without my explicit permission. I am aware that I can contact any of the Church’s officers or administrators at any time to withdraw this consent and to ask that any information held about me is permanently destroyed.

  4. The Church will permit access to individual’s own personal data upon request at no charge. Such requests should be made to the Church’s Administrator or Data Protection Officer. If a Church officer holder, subcontractor or volunteer receives such a request, they must pass it on to the Administrator without delay.

  5. The Church will update individuals’ information when notified, typically through the My ChurchSuite tool.

  6. The Church will delete all paper and electronic records about an individual when that individual, or their empowered representative, asks the Church to do so or when the the Church no longer has a need to retain that information. This will apply unless that information is a legal record, such as an entry in the Church’s registers.

  7. The Church will do its best to ensure all officer holders, subcontractors and volunteers are conversant with data protection legislation and practice. All people with access to personal data, other than data which individuals agree to share with the Church’s community, will be required to confirm that they have read, understood and will comply with this policy. They will be required to re-confirm this every 3 years or whenever there is a material change to this policy.


Who will have access to personal data

  1. Individuals will be able to share as much, or as little, of their personal contact information with other church members as they would like, setting that level of access using their individual ChurchSuite login.

  2. Individuals who are church officer holders or who hold voluntary roles within the church will be asked to confirm their consent before their contact information is published or displayed.

  3. Where individuals provide their own contact information for publication (such as on a poster, for a notice in the pew newsletter or for an article in Outlook magazine), their consent for particular publication will be implied.

  4. Where individuals provide their bank account details, for the purposes of receiving reimbursement for expenses paid, their consent to share that information with the Church’s bank will be implied.

  5. The Church will control access to the main ChurchSuite database by:

    1. Providing individual logins and requiring people to set their own, strong passwords.

    2. Providing access to the various modules within the database on a “need to access” basis only; the modules containing Children’s and Giving information will have additional password controls applied. Examples of people who may need access to the main database include the Ministry Team, the Church Administrator, members of the PCC and rota coordinators.

    3. Controlling access via a Data Controller and other specified administrators, who will be the only people who can access and set these security parameters.


Oversight of personal data

  1. The PCC will appoint a Data Controller whose role is to:

    1. Maintain a record of who has access to which elements of personal data, including paper records.

    2. Implement controlled access to personal data.

  2. The PCC will appoint a Data Protection Officer whose role is to:

    1. Review and update this policy as required, such as if the applicable data protection legislation is updated or at the direction of the PCC.

    2. Handle and investigate any discovered, alleged or reported misuse or mishandling of personal data by the Church.

    3. Conduct an audit of the Church’s personal data handling policies, procedures and practices at least once every 2 years or sooner if requested by the PCC.


This document, version 1 of the Data Protection and Privacy Policy, was approved and adopted by the Parochial Church Council on 14 June 2018

Additional guidance to Church officers, subcontractors and volunteers

This guidance expands on, but does not supersede, the statements set out in the main Data Protection and Privacy Policy

  • All personal data held must be secured against unauthorised access and theft:

    • IT systems used to process information should be made as secure as possible from unauthorised access, including via the Internet, and should have anti-virus software installed that automatically installs updates as soon as they are available.

    • Church PCs should be password protected and are locked or logged off when individuals are away from their desk.

    • Paper records should be locked away when not in use.

  • Information about any individual that enables that individual to be identified should not be given to any person outside the Church without the express permission of the individual concerned.

  • If emails are being sent to multiple addressees, blind copies (using the BCC line) should be used to avoid sharing individuals’ email addresses.

  • Consent should be obtained from individuals before their information is put on the website or in a publication. This can be implied if someone if providing their contact details for a notice or Outlook article but, if that person provides another individual’s contact information, the consent of that other individual should be checked.

  • Personal data should be securely deleted or destroyed when it is no longer required. As a guideline, information about a person should be archived a maximum of 18 months after not having contact with an individual and deleted 1 year after archival (or sooner if the individual requests it).

  • Personal data should not be accepted from another organisation without the consent of the individual concerned.

Ut efficitur justo ex, eu semper lorem imperdiet at. Nullam elementum bibendum quam vitae pretium. Etiam tempor, tortor semper ullamcorper volutpat, arcu libero scelerisque sem, et fringilla velit nisi id est. Quisque nec massa id augue sagittis pellentesque at vel ipsum. Sed enim enim, accumsan eu massa ut, vestibulum tempus sem. Duis orci libero, tempus id rhoncus at, viverra vel risus. Nam eget risus et nunc tempor finibus a ac felis. Curabitur enim metus, bibendum a ullamcorper ultrices, convallis vel nibh. Sed egestas non turpis nec dignissim. Fusce non ex libero. Donec sit amet eleifend magna.