The Church of England Pensions Board is committed to protecting your personal data. Personal data is any information that can identify you.
This privacy notice explains what you can expect when we collect and process your personal information under the UK GDPR.
1. Data controller
The data controller is the Church of England Pensions Board, whose registered address is 29 Great Smith Street, London, SW1P 3PS.
2. Why we collect and use your personal data
From November 2023 we are putting forward a proposal to rethink how the Church best supports future cohorts of clergy with retirement housing. This is to enable choice and put individuals in the driving seat of their retirement housing plan through the introduction of new services, resources and choices across ministry. We hope this will support a smoother transition to retirement.
We will publish discussion materials online, share links to this with individuals/groups and invite feedback against a series of questions. We will also provide opportunities for people to write in and ask questions about our ideas, through a group inbox.
We therefore need to collect and hold your personal information to:
- Contact you about the conversation
- Collect and review your feedback - using this to pull together themes to inform future proposals.
- Help ensure that we hear from as diverse a range of views as possible. Therefore, when you respond to our questions, we will ask for some demographic data about you including age, role within the Church and Diocese.
- Respond to your enquiries where you write in and ask a question.
3. The categories of personal data we collect
Information we will use to contact you:
Your name, email address and/or physical address
Information we will collect when you submit your response to the conversation:
- Your role within the Church
- Your location e.g. within a Diocese
- Your age to help us understand more about your distance to go to retirement (we will group ages in brackets)
- Your name and email address, if responding on behalf of a Church organisation
Information you would share as part of submitting a question to us:
Your name and email address
Information you might choose to share in sending enquiries or feedback to us:
Details of your personal family and social circumstances such as your marriage or civil partnership status or health information. We are not specifically requesting this personal data, but may use it to help us understand your feedback and/or respond to your query.
Special categories of information that may include:
Religious belief, including from your title or role which will indicate if you are member of clergy
Health data or other information about your personal circumstances (e.g. if you are married or in a partnership, which might include you sharing something about your sexual orientation) that you choose to share with us in submitting your feedback.
4. The lawful bases for using your information
We hope to receive responses/feedback from lots of different people, undertaking different roles within the Church including serving clergy, retirees, Diocesan colleagues, ordinands etc. We might also receive feedback from family members, friends, or those who support clergy in their ministry.
To help ensure different groups have lots of opportunity to respond, we will send links to the discussion materials via established networks, and also directly email/write to:
- Residents within Church retirement housing
- Active members for the clergy pension scheme (CEFPS)
Where you respond to the conversation, we will collect and use your personal information under the following lawful bases:
- Consent: where you share information with us by completing the online questionnaire and/or in contacting us about a specific query. You have the right to withdraw your consent at any time by contacting the Pensions Board using the details provided in Section 9 below.
Special category data
- Explicit consent: to allow us to process information about your role with the Church, which may reveal something about your religious belief or any other sensitive information you disclose (e.g. health)
5. Who we collect from or share your information with
We will use contact data already held by the Pensions Board to alert individuals to this conversation process and encourage participation.
We will collect your personal information from you when you submit a response or send an enquiry.
In connection with the processing set out in section 2, we may share your information with certain third parties, including:
- With specialist research partners (if needed) to help us interpret responses in the around, which may include colleagues within the Data Services team within the NCIs. Once we collect your information it may be used by other NCIs, where necessary and lawful, to provide a complete service to you. We will link your information together to save you providing your information more than once.
We do not use your personal information to carry out any automated decision making.
We do not transfer your personal information outside the United Kingdom.
6. How long we keep your information
We will only hold records of your personal information for as long as we need to, to help with analysis of the responses to the conversation and future planning. Identifiable responses may be held for 1 year after the conclusion of the conversation process and then destroyed. Anonymised reports that summarise all responses will be retained permanently for archiving purposes.
The email inbox for the conversation process will be closed and information deleted by March 2025.
7. Security of your personal data
We commit to ensuring that your personal information is secure. We limit access to personal information on a need to know basis and test our security practices and technologies. We require employees and temporary workers to follow policies and procedures and complete mandatory annual training to understand the importance of protecting personal information and information security.
We have contractual agreements with all our advisers and external suppliers which set out how they keep personal information secure and destroy or return it safely.
If the security of your personal information is breached, we will endeavour to limit the damage. In the case of a high-risk breach, and depending on the circumstances, we will tell you about the breach and any remedial actions to prevent further damage. We will report any qualifying breaches of the security of personal information to the Information Commissioner’s Office, or a local privacy regulator (where appropriate).
8. Your rights
Subject to exemptions, you have the following rights:
- The right to withdraw your consent and any time up until the point at which it is anonymised.
- The right to be informed about any personal information we collect and use about you;
- The right to access and request a copy of your personal information which we hold about you;
- The right to request that we correct any personal information if it is found to be inaccurate, incomplete or out of date;
- The right to request your personal information is erased where it is no longer necessary for us to keep such information;
- The right to request a restriction is placed on further processing, for example where there is a dispute in relation to the accuracy or processing of your personal information
To exercise these rights please contact the Data Protection Team using the contact information provided below. The NCIs Individual Rights Policy is available on request.
9. Complaints or concerns
If you have any queries about the ways in which we use your personal information and why we do so, please contact [email protected].
If you have any concerns or queries about how the Pensions Board handles your personal information, please contact our Data Protection Officer through our Data Protection Team at:
- Email: [email protected]
- Tel: 020 7898 1114
- Online: churchofengland.org/national-church-institutions-data-protection
You have the right to make a complaint at any time to the UK’s privacy regulator, the Information Commissioner.
If you are based in the EU, you can lodge a complaint with your local privacy regulator, which is based in the country or territory where you live, work or the alleged infringement took place.