Data protection privacy statement
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulations and subsequent UK legislation and regulations.
Who are the Central Finance Board of the Methodist Church?
The Central Finance Board of the Methodist Church (the CFB) is a data controller, responsible for implementation of legal obligations (contact details at the end of this notice). This means the CFB decides how your personal data is processed and for what purposes. The CFB will review this statement from time to time and any such changes will be published on our website. Not withstanding any change to this policy, we will continue to process your personal data in accordance with your rights and our obligations in law.
How do we process your personal data?
We collect data necessary for the CFB to pursue its stated objectives. Predominantly, we offer funds which are available for investment by Methodist Churches and Charities eligible to invest in accordance with our governing document. We interact with organisations we do business with. We recruit and employ staff in the course of our work.
We take the security of all the data we hold very seriously. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.
When and how we share personal data and locations of processing
We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.
Personal data held by us may be transferred to:
- Third party organisations that provide functionality, data processing or IT services to us
- We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud based software as a service providers, identity management, website hosting and management, data analysis, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centres. Currently these are all located in the UK.
- Third party organisations that we work with in providing goods, services or information
- Auditors and other professional advisers
- Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation
- Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.
Individuals’ rights and how to exercise them
Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights. Where we decide how and why personal data is processed, we are a data controller and include further information about the rights that individuals have and how to exercise them below.
Access to personal data
You have a right of access to your personal data held by us as a data controller. This right may be exercised by emailing us at firstname.lastname@example.org. There is presently no fee for a general subject access request but if we deem any subject access request to be excessive, we reserve the right to charge a fee in line with the GDPR regulations.
We will aim to respond to any requests for information promptly, and in any event within the legally required time limits (currently one month).As part of our checking procedures it will be necessary to request evidence of identity before providing information to data subjects.
Amendment of personal data
To update personal data submitted to us, you may email us at email@example.com.
When practically possible, once we are informed that any personal data processed by us is no longer accurate, we will make corrections (where appropriate) based on your updated information.
Withdrawal of consent
Where we process personal data based on consent, individuals have a right to withdraw consent at any time. We do not generally process personal data based on consent (as we can usually rely on another legal basis). To withdraw consent to our processing of your personal data please email us at firstname.lastname@example.org or, to stop receiving an email from a CFB or Epworth marketing list, please click on the unsubscribe link in the relevant email received from us.
Other data subject rights
This privacy statement is intended to provide information about what personal data we collect about you and how it is used. As well as rights of access and amendment referred to above, individuals may have other rights in relation to the personal data we hold, such as a right to erasure/deletion, to restrict or object to our processing of personal data and the right to data portability.
If you wish to exercise any of these rights, please send an email to email@example.com.
We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please send an email with the details of your complaint to firstname.lastname@example.org. We will look into and respond to any complaints we receive.
You also have the right to lodge a complaint with the Information Commissioner's Office (“ICO”) (the UK data protection regulator). For further information on your rights and how to complain to the ICO, please refer to the ICO website which can be found at the following link:
Data controller and contact information
The data controller is the Central Finance Board of the Methodist Church whose offices are as set out below.
If you have any questions about this privacy statement or how and why we process personal data, please contact us at:
Data Protection Officer
The Central Finance Board of the Methodist Church
9 Bonhill Street
Phone: 020 74896 3600
This privacy statement was last updated on 1 May 2018.