Building Management Portal – Privacy Notice
This privacy notice is provided by the Cathedral and Church Buildings Department to explain what to expect when we collect and process your personal information in accordance with the UK GDPR.
Data controller(s)
The data controller is:
The Church Commissioners for EnglandChurch House
Great Smith Street
London
SW1P 3AZ
For further information on the Church Commissioners for England please go to:
https://www.churchofengland.org/about/leadership-and-governance/national-church-institutions
Why we collect and use your personal data
Personal information is collected for the following purposes:
- To administer and manage applications and casework relating to works on church buildings, their contents, and churchyards through the Building Management Portal.
- To provide secure, role-based access for those involved in progressing applications, including collaboration and workflow tracking.
- To produce, store, and manage documentation connected to these processes, including legally required forms and records.
- Maintaining our own accounts and records.
The categories of personal data we collect
The information we process for these purposes may include:
- Name
- Email address
- Title
- Address
- Telephone number
- User account identifiers and access information needed to link your CofE Portal account to the Building Management Portal.
- Role and permissions information (for example, role types and links to relevant dioceses/church buildings) to ensure appropriate access to cases and system functions.
- Application and casework content you submit or upload (including supporting documents, images, statements, and legally required forms), which may contain personal contact details where required for legal and administrative purposes.
We also process “special categories” of information that may include:
- Religion
The lawful basis for using your information
Personal data
- Legal obligation – we need to process your information to comply with the law.
- Public task – we need to process your information to undertake a duty or task in the public interest.
Special categories
- Substantial public interest.
- Legal claims – we may need to process your information where it is necessary to do so for the establishment, exercise, or defence of legal claims or in connection with judicial process.
- Archiving – we may process your information for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, including the organisation, preservation of, and controlled access to segments of the Church’s history.
We do not rely on consent for registration or access to the system (users self-register via the CofE Portal and connect their account to the Building Management Portal).
Who we collect from or share your information with
We collect your information from:
- You, when you register for and use the Building Management Portal.
- The CofE Portal identity service, to authenticate users and connect accounts to the Building Management Portal.
- The Contact Management System, via an API, to verify roles and assign permissions.
- The Church Heritage Record (CHR), via an API, where it is linked to the Building Management Portal.
We will not share your data with any other third parties except where specified here. We will be sharing your information with:
- Other authorised users of the Building Management Portal where necessary to progress applications and casework.
- Service providers supporting the delivery and operation of the system, including:
- Cloudflare (caching and web application firewall services).
- Email delivery provider, Brevo, used to send service notifications.
- Hosting, development, support, and security testing suppliers supporting the platform.
Your personal data will not be sent to countries outside the UK/EEA.
Public access during certain case stages
Where required by the Faculty Jurisdiction Rules, the petition and associated documents (including designs, plans, photographs and other supporting material) are made available for public inspection until the petition has been determined; where the petition and documents are submitted through an online system, they are also made publicly available for inspection online until the petition has been determined.
https://www.legislation.gov.uk/uksi/2015/1568/article/5.7/made
These documents may include personal data where individuals are named within the petition or legal forms (for example, where an individual is listed as a petitioner or contact). The information made available online mirrors the information that would be available to inspect in person under the same process.
Public availability of applications are published through the Building Management Portal at:
https://buildings.churchofengland.org/public-notices
How long do we keep your information?
We will keep your data for 25 years, due to legal requirements, including the need to retain legal forms and associated records which may contain personal contact details as part of the official archive.
Any material transferred to the official archive will be retained indefinitely as part of the Church’s archival record.
Automated decision-making
We do not use automated decision-making (including profiling) to make decisions which produce legal effects or similarly significantly affect you.
Your rights
You have the following rights regarding your personal data:
- The right to be informed about any data we hold about you.
- The right to request a copy of your personal data which we hold about you.
- The right to request that we correct any personal data if it is found to be inaccurate or out of date.
- The right to request your personal data is erased where it is no longer necessary for us to retain such data.
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.
- The right to object to the processing of your personal data (where applicable).
- The right to obtain and reuse your personal data to move, copy, or transfer it from one IT system to another (where applicable).
To exercise these rights, please contact the Data Protection Team using the contact information provided below. The NCIs Individual Rights Policy is available on request.
Complaints or concerns
If you have any queries regarding this processing activity, please contact, in the first instance:
If you have any concerns or queries about how the Cathedral and Church Buildings Department handle your personal data, please contact the Data Protection Officer at:
https://www.churchofengland.org/terms-and-conditions/national-church-institutions-data-protection
Tel: 020 7898 1114.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO) online at:
https://ico.org.uk/make-a-complaint/data-protection-complaints/data-protection-complaints/
Or by phone on 0303 123 1113 (local rate).