Test & Protect Privacy Notice


You are giving your personal data to The Trustees of the General Assembly of the Church of Scotland as the Data Controller.

Type of data collected

You are being asked to supply your name and contact telephone number. If you do not have a telephone number, you have the option to provide your postal address or e-mail address

Lawful basis for collecting this data

The purpose of processing the personal data we ask for is to assist with the NHS Scotland Test and Protect Strategy. Under the Data Protection Act 2018 and General Data Protection Regulations (GDPR), the legal basis for this processing is:

  • Article 6/1d – Processing is necessary in order to protect the vital interests of the data subject.
  • Article 9/2i – Processing is necessary for reasons of public interest in the area of public health.

Your personal data will not be used for any other purpose without your permission, except in the context of fulfilling a legal obligation to which The Church of Scotland is subject. If you do not provide the personal data requested, we cannot register your attendance at the Church and will be unable to share your name with NHS Scotland if a relevant case of infection occurs.

Data retention period

Your personal data will be retained for up to 28 days and will then be disposed of securely.

Data Subjects

Personal data processing is performed for Church of Scotland ministers, Stevenston High Kirk employees, volunteers, congregation, and for visitors.

Sharing Your Personal Data

The purpose of the sharing is to assist with the NHS Scotland Test and Test Strategy. Your personal data will not be used for any other purpose or shared with a third party unless doing so is necessary in order to comply with a legal obligation or in order to protect your vital interests or those of another data subject.

Data Transfers

Your personal data will not be transferred outside the European Economic Area (EEA).

Your rights

Under the Data Protection Act 2018, you have the following rights:

  • The right to be informed.
  • The right to access your personal data.
  • The right to rectification.
  • The right to erasure.
  • The right to restrict processing
  • The right to object to processing.
  • The right to data portability.
  • Rights in relation to automated decision-making.

If you wish to invoke any of your rights, including for the purpose of a Subject Access Request (SAR), send your written request to :

Data Protection Officer, Church of Scotland, 121 George Street, Edinburgh, EH2 4YN, or lawdept@churchofscotland.org.uk

You may also advise us of an incident involving personal data or a data breach using the same contact information.

Complaint procedure

You have the right to make a complaint about our processing of your personal data to the Information Commissioner’s Office (ICO) as the independent regulator in the UK. You can contact the ICO at :

www.ico.org.uk, or

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF