Data Protection and Privacy Policies

St Luke’s Church

Data Protection Policy


From the 25th May 2018, The Data Protection (Jersey) Law 2018 is in force. Under the terms of the Regulation we are required to inform you about your personal data that we hold and how and by whom it can be accessed.

St Luke’s Church:

  • Will comply with General Data Protection Regulation (GDPR) 2018, as enshrined in The Data Protection (Jersey) Law 2018 and Data Protection Authority (Jersey) Law 2018. The new law enhances the existing law and:
    • Expands liability to all organisations that deal with personal data
    • Introduces data breach notification within 72 hours to the local DP Authority
    • Introduces increased fines – up to 4% of global annual turnover or EUR 20million (whichever is the highest)


  • Will provide a Privacy Notice, as required or requested, which forms part of this Policy and should be read in conjunction with it. Our Policy parameters may be summarised as follows:
    • How we collect information about you
    • What personal information we might collect from you
    • How we use this information
    • How we protect your personal information
    • How we keep your information up to date.


Definitions and further information

You may find the explanations below helpful

Permission to store and process your data
In order to manage your relationship with St Luke’s, we need to record personal data. The information we collect is limited to what is necessary for the administration of St Luke’s work and commitments. We are happy to consider any requests you have in relation to your data.

What is personal data?
Personal data is data which can be used to identify you. This includes your name and address, email address, and contact telephone numbers. In order to be clear about what information you are happy for us to hold, we will make available a Consent Form which we request is completed and returned to the Data Controller. If you are in a position of leadership within the Church, we may display a picture to help others to identify you.

Where is the data stored?
Your information is stored physically, electronically on the office computer system and ‘in the cloud’ under the control of the Data Controller.

How will your data be used?
Your data will primarily be used for the purpose of managing your commitments to St Luke’s. We will contact you to inform you of upcoming events and other announcements directly relevant to these commitments.

Once these commitments have lapsed, information concerning you will be removed from the database as soon as practically possible. Unless you have been remunerated by the Church in any capacity, when Employment Laws will take priority, the period will not exceed 6 months.

Personal data will not be shared with third parties, except where required by law or authorised by the member.

You are responsible for ensuring that if your personal data changes, you should inform the Data Controller accordingly.
What is a Data Controller?
A Data Controller is someone who is responsible for your data and who must make sure that your data is processed according to the law. For example, they are responsible for making sure that the information held about you is accurate and that it is kept secure.

Whilst the Vicar is the data controller for the purposes of The Data Protection (Jersey) Law 2018, please contact the Parish Administrator at  if you have any questions regarding your data.

Further changes
This policy will be reviewed from time to time to take into account legislative changes and practical experience.                                                                                                                


Last updated:  22 May 2018