Our Privacy Notice

This notice governs the handling of personal data by the Birmingham Diocesan Board of Finance (BDBF), both where the information has been supplied by the data subject and where it has been provided to us by a third party for the purposes of undertaking diocesan duties. We are committed to respecting the privacy of all individuals for whom we hold personal data

01. Personal data

Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the UK General Data Protection Regulation (the “UK GDPR”).

02. Data Controller

The BDBF is the data controller. This means it decides how your personal data is processed and for what purposes.

03. The legal basis for processing your personal data

The legal bases on which the BDBF will process personal information are:

  • Legitimate Interest
  • Compliance with a legal obligation
  • To fulfil contractual obligations
  • Consent
  • Vital interest
  • Public task

04. When we will process your data

  • Most of the processing of your personal data will be for the BDBF’s legitimate interests (or the legitimate interest of a third party, such as another organisation within the Church of England)
  • Some processing will be carried out because of a legal obligation to do so. This includes the legal processes of the Church of England and Canon Law and also secular statutory requirements
  • We will process data if it is necessary to fulfil a contract with you
  • We will process your data to respond to requests from you to receive particular information.
  • We will process data to assist you in fulfilling your role in the Church of England Birmingham, including pastoral and administrative support
  • Religious organisations are also permitted to process information about your religious beliefs to administer membership or contact details
  • We will process your data if you have given your explicit consent, for example so that we can keep you informed about news, events and activities.

05. How we process your personal data

The BDBF complies with its obligations under the “UK GDPR” by:

  • keeping personal data up to date
  • storing and destroying it securely
  • not collecting or retaining excessive amounts of data
  • protecting personal data from loss, misuse, unauthorised access and disclosure
  • ensuring that appropriate technical measures are in place to protect personal data.

06. How we use your personal data

We use your personal data for the following purposes:

  • For the purposes of sending you/keeping you informed of the diocesan news/information which you have requested and that may be of interest to you including diocesan campaigns, activities, fundraising activities
  • For the purposes of keeping you informed of diocesan information that we believe is important to the role you hold within the diocese either in our local communities, or within our central diocesan offices
  • For the purposes of administering meetings and other such arrangements as fall within the Synodical governance framework of the Church and which ensure we are able to meet all legal and statutory obligations including the Church Representation Rules
  • For the purposes of evaluating our projects and wider impact
  • To seek your views or comments
  • To manage BDBF employees and volunteers (including HR records and payroll and pension requirements and records)
  • To process a grant or application for a role
  • To maintain BDBF accounts and records (including the processing of gift aid applications)
  • To maintain our records of all clergy and readers, and parochial Church Officers (including PCC secretaries, treasurers, churchwardens, those with specifically nominated parish roles)
  • To maintain BDBF required records of mandatory training with regard to safeguarding, and other safeguarding and personnel records as set out in law and the Church of England’s national requirements
  • To manage safeguarding including DBS and safer recruitment, working with individuals within a safeguarding context within the church; and within statutory and legislative requirements
  • To carry out comprehensive safeguarding procedures (including due diligence and complaints handling) in accordance with best safeguarding practice from time to time with the aim of ensuring that all children and adults-at-risk are provided with safe environments
  • To fundraise and promote the interests of the charity
  • To notify you of changes to our services and offices
  • To enable us to provide a church body voluntary service for the benefit of the public within the diocese.

The data we process is likely to constitute sensitive personal data because, as central diocesan offices the fact that we process your data at all may be suggestive of your religious beliefs. We may also, if you provide the information, process other categories of sensitive personal data such as racial or ethnic origin; and , where relevant, mental and physical health, details of injuries, medication/treatment received, and criminal records, fines and other similar judicial records.

07. Marketing permissions and seeking consent

Whilst there may be an expectation that people involved in the life of Church of England Birmingham would expect to receive information from us, for example about activities and events; the BDBF is required through data regulations to ensure that we ask for your permission to do so in certain marketing-related circumstances; and to ensure that we make you aware of your rights in doing so.

  • Email and text : We will ask for your permission to contact you in this way -
  • Postal marketing: From time to time we may send you information about the diocese and its work unless you have told us you would prefer not to receive this information by post
  • Bulletins and newsletters: We will normally require you personally to opt into electronically sent information such as newsletters (always with the option to opt out if you change your mind). This ensures that you are able to manage the information you wish to receive

08. Sharing your personal data

Personal data will be treated confidentially and will only be shared for lawful purposes. See Annex A for examples of those with whom we will share data where it is appropriate to do so.

09. Retention of personal data

The BDBF keeps data in accordance with the requirements set out in law, statutory guidance and the national church. The national church guidance on retention periods can be found here.

10. Your rights and your personal data

Unless subject to a UK GDPR exemption, you have the following rights with respect to your personal data:

  • The right to request a copy of your personal data which the BDBF holds about you
  • The right to request that the BDBF corrects any personal data if it is found to be inaccurate or out of date
  • The right to request your personal data is erased where it is no longer necessary for the BDBF to retain such data
  • The right to withdraw your consent to the processing at any time
  • The right to request that the BDBF provide the data subject with his/her personal data and, where possible, to transmit that data directly to another data controller, (known as the right to data portability) The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing
  • The right to object to the processing of personal data, (where applicable)
  • The right to lodge a complaint with the Information Commissioners Office.

11. Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, we will provide a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. If necessary, we will seek your prior consent to the new processing.

12. Data Processors

A number of organisations may process data for BDBF. These include:

  • PC Support and AirIT (for IT help and support to BDBF employees)
  • Thirtyone:eight (for DBS processes)
  • Church Commissioners (for Clergy stipend and payroll)
  • The Church of England Pensions Board (pensions for Clergy and BDBF employees)
  • Aviva (for BDBF employees)
  • MailChimp – electronic networking for newsletters and bulletins; where individuals directly manage their own consent and what information they wish to receive from the BDBF
  • Pathways Moodle Learning Platform (including Airtable)
  • Moorepay (for BDBF employee HR records and payroll)
  • Smart Survey (for evaluation and surveying)

13. Contact Details and Reporting Concerns

To exercise all relevant rights, queries or complaints please contact:

Dr Jan Smart, Diocesan Secretary,
Church of England Birmingham
190 Corporation Street
Birmingham B4 6QD

Click to email. Tel: 0121 426 0400.

Alternatively, you can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

14. Changes to this Privacy Notice

The BDBF will review this privacy notice regularly and may update it at any time - for example in the event of legal changes; to improve how we manage data; or where an issue or concern has come to light that needs appropriate response. If there are any significant changes in the way the BDBF processes your personal information we will provide a prominent notice on our website or send you a notification.


Annex A

Those with whom data may be shared:

The Diocesan database (CMS) is a shared resource between: 

  • The office of the Bishop of Birmingham (Bishop’s Croft)
  • The office of the Bishop of Aston
  • The Archdeacon of Birmingham
  • The Archdeacon of Aston
  • The Chancellor for the Diocese of Birmingham
  • The Deputy Chancellor for the Diocese of Birmingham
  • The Diocesan Board of Finance
  • The Diocesan Board of Education
  • Birmingham Diocesan Academies Trust
  • The office of the Diocesan Registrar
  • Birmingham Cathedral
  • The clergy and DCC / PCC officers within the Diocese of Birmingham.

The contact details of petitioners and/or applicants on individual applications will be shared, through the Online Faculty System (OFS) with: 

  • The Archdeacon of Birmingham
  • The Archdeacon of Aston
  • The Chancellor for the Diocese of Birmingham
  • The Deputy Chancellor for the Diocese of Birmingham
  • The office of the Diocesan Registrar
  • Statutory Consultees (The Church Buildings Council, Historic England, national Amenity Societies and local authorities)
  • Others in order to facilitate the consideration of applications for either a Faculty or a Matter not requiring a Faculty under the Faculty Jurisdiction Rules.

Clergy contact details will be shared with:

  • The Bishop’s Office
  •  Periodically to Crockford’s Clerical Directory
  • When necessary, by the Diocesan Property Team to its representatives for the purpose of undertaking works of repair / maintenance of Cathedral / Diocesan clergy housing and the letting of Diocesan properties
  • To the relevant local authority (in respect of Council Tax) and utility companies (in respect of supplies of energy to the property)
  • National Church Offices and Church Commissioners with regard to pensions, stipend and payroll.

Other Third Parties in compliance with the BDBF’s responsibilities

  • Specifically named individuals
    •  clergy/reader/ details where these related to those undertaking ministerial development reviews and support.
  • Legal and statutory bodies, in compliance with the range of our legal responsibilities; including those involving  
    • land/glebe, property purchases and sales, tenancy arrangements
    • employment
    • HMRC
    • those involved with safeguarding issues, including Police, Probation, Social Care and Children’s Services
    • Charity Commission
    • National Church Officers and other Diocesan Officers
    • Insurers
    • Legal advisers as appropriate.
  • National Church and Other Dioceses 
    • in line with national safeguarding requirements
    • Ministry Division and National Church Institutions as appropriate
    • stipend/payroll and pensions
  • Parishes within Birmingham Diocese
    • Safeguarding Training Records
    • Safeguarding information
  • Church Commissioners
    • Pensions Board re BDBF and clergy pensions and other pension providers as appropriate.
  • The Central Readers Council
    • Readers’ details
  • Contractors and insurers 
    • with regard to BDBF appointed contractors where this relates to the provision of services to properties for emergency and maintenance purposes.
  • Contracted IT providers
    • for general technical support.
  • Other Service and System Providers
  • Thirtyone:eight (DBS checking)
  • Mailchimp (electronic communications)
  • Cognito (on-line booking)
  • Smart Survey (project evaluation)
  • Payroll System Providers - Xledger (finance system – employee expenses)
  • Aviva (pensions)
  • STRIPE (on-line payments merchant)
  • Pathways Learning Platform
  • Clearly Simpler Limited (safeguarding dashboards)
  • Ineqe Group Ltd (safeguarding auditors)
Privacy Notice | Powered by Church Edit