You are giving your personal data to The Trustees of the General Assembly of the Church of Scotland as the Data Controller.
Type of data collected
You are being asked to supply your name and contact telephone number. If you do not have a telephone number, you have the option to provide your postal address or e-mail address
Lawful basis for collecting this data
The purpose of processing the personal data we ask for is to assist with the NHS Scotland Test and Protect Strategy. Under the Data Protection Act 2018 and General Data Protection Regulations (GDPR), the legal basis for this processing is:
- Article 6/1d – Processing is necessary in order to protect the vital interests of the data subject.
- Article 9/2i – Processing is necessary for reasons of public interest in the area of public health.
Your personal data will not be used for any other purpose without your permission, except in the context of fulfilling a legal obligation to which The Church of Scotland is subject. If you do not provide the personal data requested, we cannot register your attendance at the Church and will be unable to share your name with NHS Scotland if a relevant case of infection occurs.
Data retention period
Your personal data will be retained for up to 28 days and will then be disposed of securely.
Personal data processing is performed for Church of Scotland ministers, Stevenston High Kirk employees, volunteers, congregation, and for visitors.
Sharing Your Personal Data
The purpose of the sharing is to assist with the NHS Scotland Test and Test Strategy. Your personal data will not be used for any other purpose or shared with a third party unless doing so is necessary in order to comply with a legal obligation or in order to protect your vital interests or those of another data subject.
Your personal data will not be transferred outside the European Economic Area (EEA).
Under the Data Protection Act 2018, you have the following rights:
- The right to be informed.
- The right to access your personal data.
- The right to rectification.
- The right to erasure.
- The right to restrict processing
- The right to object to processing.
- The right to data portability.
- Rights in relation to automated decision-making.
If you wish to invoke any of your rights, including for the purpose of a Subject Access Request (SAR), send your written request to :
Data Protection Officer, Church of Scotland, 121 George Street, Edinburgh, EH2 4YN, or firstname.lastname@example.org
You may also advise us of an incident involving personal data or a data breach using the same contact information.
You have the right to make a complaint about our processing of your personal data to the Information Commissioner’s Office (ICO) as the independent regulator in the UK. You can contact the ICO at :
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF