General Data Protection Rules
New General Data Protection Rules
A big change towards the UK's data privacy law will come into effect on 25th May 2018. The General Data Protection Regulation (or GDPR for short) is a positive change towards giving you more control over how your data is used and how you are contacted.
Sukkat Shalom Reform Synagogue (SSRS)
[In respect to personal data held by the synagogue]
Version 1 – Dated 4th May 2018
1. We take the privacy of our synagogue member’s personal information very seriously and we take reasonable care to comply with the requirements of the UK Data Protection Act 1998 (‘the Act’). The general data protection regulation (GDPR) is a new EU law that will come into effect on 25 May 2018 to replace the current Data Protection Act. It's the biggest overhaul of data protection legislation for over 25 years, and will introduce new requirements for how organisations process personal data. This data relates to the personal information you (our members) supply to the synagogue in order to be a member of SSRS. It also relates to what we save on our database and also in regard to what we use on our website and Facebook page. For the rest of this document the synagogue will be referred to as SSRS.
2. We are aware that religious beliefs are considered sensitive personal data. It follows that all of the data that we hold on our Jewish members is sensitive as it is an indication of their religious beliefs.
3. For the purpose of the Act, the Data Controller is the Chair of Council of SSRS. The current main Data Processor is the Administrator of SSRS. The address of the synagogue is 1 Victory Road, Wanstead, London, E11 1UL.
4. This document will be given to all new members on joining the synagogue, mailed to all existing members as of 8th May 2018 and it will be posted on our website.
5. The synagogue will be operating under “Legitimate Interest” in regard to all data held and used by the synagogue. With the exception of the data required by consent. (See item 10)
2. Your Personal Data
1. The information we gather from you will include your name, address, email address, phone numbers, dates of birth, subscription rates, arrears and any other personal information you submit to SSRS on joining and over time. We require this information in order that we can identify who you are, where you live, how we can contact you and other information that is required for membership of the synagogue i.e. proof of Jewishness or conversion.
2. We also gather information about your children under the age of 21 years old which we need to hold in order to deliver the objectives of SSRS e.g. the advancement of Judaism through educational activities, Bar or Bat Mitzvah and future potential membership of the synagogue.
3. We share your data with Reform Judaism for the purposes of demographic and statistical information, as well as to ensure that you are aware of their youth programmes and other major events. You have the right to opt out of this sharing of information (with Reform Judaism) by completing the attached form re consent.
4. In respect of fees we pay to the Jewish Joint Burial Society on your behalf, your membership information (names, dates of birth, address, names and details of children under the age of 21 years old) is shared with them to allow them to carry out their duties.
5. As part of your membership you will be on our mailing list and we will send you newsletters (Shema), calendars, birthday cards and announcements by email, post or flyer from time to time. These are the primary means of keeping in touch with you.
6. SSRS issues statements on data & photographic use via our Membership Forms, Marriage Application Documents, and our Annual Trustees Report. Should you not wish your photograph to be used in the Shema (Newsletter), on our website or on our Facebook page please complete this part of the attached consent form.
7. Issues regarding data on our Council Members is discussed with the Council Members each year after the Annual General Meeting. They can choose what they wish to disclose in the Shema and on our website, as well as what information we can disclose to our members and some outside organisations by completing a consent form. On leaving Council every Council member is required to delete and destroy any contact information and data on members from their mobile phones, computers, laptops and tablets etc. unless further use is authorised by the synagogue Council.
8. As part of your membership we will use the Information we hold to draw up and circulate lists of names towards the fulfilment of the key objectives of SSRS to practice and develop Judaism, e.g. wardens list for yahrzeit purposes and to promote the safety of SSRS members, e.g. the security rota.
9. We will not sell, distribute or disclose your Information without your consent, or unless required or permitted to do so, by law. Required sensitive personal information will be held by the synagogue Administrator, the Rabbi and other synagogue officers as required. This information is kept secure by those who are in possession of it.
10. We ask all Council members and staff to shred all documents that contain member’s data when it is no longer needed and when they are no longer on Council.
11. We use Sage for all accounting purposes. On Sage we hold all of our member’s subscription history, addresses etc. Sage is currently processed by an employee of Away with Tax and monitored by the synagogue Administrator.
12. Where a members has submitted a Gift Aid form to the synagogue we divulge information to Her Majesty’s Revenue Collectors about membership fees and donations paid to the synagogue.
13. We keep backups of member’s data on two hard drives. One is kept at the home of our Administrator and one is kept in the shul secure archive.
14. We do not retain member’s bank details on our database apart from the day of the month that the payments are made. However, any member that is employed by the synagogue or spends money on the synagogues behalf will have their bank details recorded on Sage. This is to enable repeat payments to be made more easily.
15. We regularly ask members via our newsletter (Shema), subscription demands & Trustees Report to revise the information we hold on them in order that the information we hold is accurate. Should members not keep us informed of changes to addresses, phone numbers, new births, divorce or separation etc. we cannot be held responsible for acting on old data. Some personal information will be saved in emails that are archived.
3. Updating your Information and Retention
1. If you feel that any of your information is inaccurate or if it changes, please notify the synagogue Administrator by email at firstname.lastname@example.org. This includes addresses, phone numbers, email addresses, divorce and separation, new births, marriages, Conversions etc.
2. We will retain personal information for the legally required period, e.g. 7 years for Charity Commission requirements and HM Revenue and Customs (HMRC). The synagogue’s policy is to file and hold secure all membership papers and documents for those members that have ceased membership, indefinitely in our secure archive store. There are several reasons for this. Many members return to the synagogue and it is easier to re instate them if we have the documents. Children of the deceased members may wish to join the synagogue and we may have documents that they need in order to join. Some members documentation is attached to a living member, etc.
3. A member that has terminated their membership can request to have their membership documents destroyed by contacting the Data Processor at email@example.com. Should this be requested it will present problems should they wish to consider re-joining the synagogue sometime in the future. All financial data held on Sage is retained by the synagogue.
4. Any information held by the synagogue regarding arrears will be retained and passed on to another synagogues if they request it as part of their membership documentation.
5. We keep the membership records of all members who die in a secure archive. There are several reasons for this. Children of the deceased members may wish to join the synagogue and we may have documents that they need in order to join. Non-member children of members may wish to access some of the information that we have on their parents. We also retain dates of death for Yahrzeits purposes. This in order that we can inform members, friends of the deceased and family members of the deceased the anniversary of the date of death.
6. We keep a paper record of 21-year olds that do not join the synagogue on reaching the age of 21 years. This record usually forms part of their parent’s membership documents and cannot be removed. We also use this information to try and encourage the children to join the synagogue.
4. Access to personal data
1. You have the right to obtain confirmation that your data is being processed, access to your personal data and to information corresponding to that in this privacy notice.
2. This information will be provided free of charge except where excessive, repeated or duplicaterequests are made. In such a case a fee of £15.00 to cover the costs of administration will be made. Such information will generally be provided electronically or by mail within one month of the request.
5. Links to Third Parties’ Sites
1. We may provide links to other websites however we do not place personal data on our website other than dates of weddings, births & deaths. We do also include photographs and information regarding family events etc. We do not accept responsibility for the protection of any data included on our website and on social media sites. Once placed on the internet photographs are difficult to remove.
6. Internet and Data Storage, CCTV
7. Complaints about a data breach
1. When we receive a complaint from a person re their data we will make up a file containing the details of the complaint. This will normally contain the identity of the complainant and any other individuals involved in the complaint.
2. We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
3. We will keep personal information contained in complaint files in line with our Grievance Policy. Information relating to a complaint will be retained for at least two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
8. Data breach
1. In case of a personal data breach that is likely to result in a risk to people’s rights and freedoms, SSRS will adhere to the mandatory regulation to report it to the Information Commissioner’s Office (ICO) within 72 hours.
2. High risk situations would be where there is the potential of people suffering significant detrimental effect such as discrimination, damage to reputation, financial loss, or any other significant economic or social disadvantage. You will need to notify the relevant supervisory authority about a loss of personal details where the breach leaves individuals open to identity theft.
3. A breach notification must contain the nature of the personal data breach including, where possible:
The categories and approximate number of individuals concerned
The categories and approximate number of personal data records concerned
The name and contact details of our data protection officer (if SSRS has one) or other contact point where more information can be obtained
A description of the likely consequences of the personal data breach
Description of the measures taken, or proposed to be taken, to deal with the personal data breach and, where appropriate, of the measures taken to mitigate any possible adverse effects.
2. Further information about the new GDPR can be found on the ICO’s website or through the link: