5.1 We will only use your Personal Data within the Order for the purposes for which it was obtained, unless you have explicitly agreed that we may share your Personal Data with another organisation or unless we are otherwise permitted or required to under the Data Protection Rules or order of a Court or other competent regulatory body or as set out in this Notice.
5.2 We may share your information with other Members of the Church seeking relief and any ecclesiastical body enjoying canonical jurisdiction or powers of governance as detailed in the Code of Canon law or the Apostolic Constitution Pastor Bonus.
5.3 We may share your information with government bodies for tax purposes or law enforcement agencies for the prevention and detection of crime.
5.4 Sometimes the Order contracts with third parties whom we ask to Process Personal Data on our behalf (e.g. IT consultants or distributors of our magazine and calendar). We require these third parties to comply strictly with our instructions and with the GDPR.
5.5 We also may be required to share your Personal Data so that the Order can benefit from Gift Aid Declarations you have made e.g. with HMRC.
5.6 We have in place administrative, technical and physical measures designed to guard against and minimise the risk of loss, misuse or unauthorised processing or disclosure of the Personal Data that we hold.
5.7 In the course of Processing your Personal Data, or disclosing it to the recipients referred to above, we may transfer it to countries which are outside the European Economic Area (EEA), some of which may not have laws which provide the same level of protection to your Personal Data as laws inside the EEA. In such cases we will take steps to ensure that the transfers comply with the GDPR and that your Personal Data is appropriately protected. We do so by taking the following measures:
5.7.1 putting in place a contract with the recipient that means they must protect the personal information to the same standards as is required in the EEA;
5.7.2 transferring it to a non-EEA country with privacy laws that give the same protection as the EEA;
5.7.3 transferring it to organisations that are part of Privacy Shield (or any successor or replacement scheme). This is a framework that sets privacy standards for data sent between the US and EU countries to ensure that those standards are similar to what are used within the EEA;
5.7.4 transferring it to organisations or countries that have other approved certification schemes or codes in place; or
5.7.5 relying on another appropriate ground under applicable data protection laws.