Privacy Policy
1. INTRODUCTION
Chester Cathedral is committed to protecting your privacy and security. This policy explains how and why we use your personal data, to ensure you remain informed and in control of your information.
From Thursday 10 May 2018, Chester Cathedral will amend how we ask interested parties to “opt-in” to marketing communications. This is due to a change to data protection regulations which govern how we can communicate with you (the General Data Protection Regulation) coming into force on Friday 25 May 2018.
You can decide not to receive communications or change how we contact you at any time. If you wish to do so please contact us by emailing dataprotection@chestercathedral.com or writing to us at 9 Abbey Square, Chester CH1 2HU.
We will never sell your personal data, and will only ever share it with organisations we work with where necessary and if its privacy and security are guaranteed (as outlined below).
Questions?
Any questions you have in relation to this policy or how we use your personal data should be addressed to The Data Protection Officer, Chester Cathedral, 9 Abbey Square, Chester CH1 2HU
2. ABOUT US
Your personal data (i.e. any information which identifies you, or which can be identified as relating to you personally) will be collected and used by The Chapter of Chester and Chester Cathedral Enterprises Limited, a private limited company with registration number 01382905 and data controller number Z1005068 and Z1005071 respectively.
Both The Chapter of Chester Cathedral and Chester Cathedral Enterprises Limited (together referred to as “Chester Cathedral”) are based at 9 Abbey Square, Chester CH1 2HU. For the purposes of data protection law, Chester Cathedral will be the controller.
3. WHAT INFORMATION WE COLLECT
Personal data you provide
We collect data you provide to us. This includes information you give when signing up for our electronic newsletter, giving by Gift Aid, purchasing a ticket for an event or placing an order on our online shop. For example:
- personal details (name, email, address, telephone etc.) when you purchase tickets for an event;
- financial information (payment information such as credit/debit card or direct debit details, and whether donations are gift-aided. Please see section 8 for more information on payment security).
Information created by your involvement with Chester Cathedral
Your activities and involvement with Chester Cathedral will result in personal data being created. This could include details of how you’ve helped us by volunteering or being involved with our fundraising and activities.
If you decide to donate to us, and share your details, then we will keep records of when and how much you give to a particular cause.
Sensitive personal data
We do not normally collect or store sensitive personal data such as information relating to health, beliefs or political affiliation. However, there are some situations where this may occur (e.g. if you volunteer or work for us or if you have an accident). Where this does occur we conduct an impact assessment, and take extra care to ensure your privacy rights are protected.
Accidents or incidents
If an accident or incident occurs on our property, at one of our events or involving one of our staff (including volunteers) then we’ll keep a record of this (which may include personal data and sensitive personal data).
Volunteer
If you are a volunteer then we may collect extra information about you (e.g. references, criminal records checks (when required), details of emergency contacts, medical conditions etc.). This information will be retained for legal reasons, to protect us (including in the event of an insurance or legal claim) and for safeguarding purposes.
Confidential Declarations
Applications [for paid or voluntary roles] that meet the criteria for an Enhanced Disclosure and Barring check will be required to complete a Church of England Confidential Declaration Form at the shortlisting stage. A separate Privacy Notice outlining the processing of data contained within that form will accompany the Confidential Declaration Form.
4. HOW WE USE INFORMATION
We only ever use your personal data with your consent, or where it is necessary in order to:
- enter into, or perform, a contract with you;
- comply with a legal duty;
- protect your vital interests;
- for our own (or a third party’s) lawful interests, provided your rights don’t override the these
In any event, we’ll only use your information for the purpose or purposes it was collected for:
Marketing
We use personal data to communicate with people, to promote Chester Cathedral and to help with fundraising. This includes keeping you up to date with our news, updates, events and fundraising information. For further information on this please see Section 5 (Marketing).
Administration
We use personal data for administrative purposes. This includes:
- receiving donations (e.g. direct debits or gift-aid instructions);
- maintaining databases of our volunteers and Cathedral Role;
- fulfilling orders for goods or services (whether placed online, over the phone or in person);
- helping us respect your choices and preferences (e.g. if you ask not to receive marketing material, we’ll keep a record of this).
5. DISCLOSING AND SHARING DATA
We will never sell your personal data. If you have opted-in to marketing, we may contact you with information about our partners, but these communications will always come from Chester Cathedral and are usually incorporated into our own marketing materials (e.g. our printed and electronic newsletters).
We may share personal data with subcontractors or suppliers who provide us with services. For example, if you order something from the cathedral shop, your name and address will be shared with the delivery company. However, these activities will be carried out under a contract which imposes strict requirements on our supplier to keep your information confidential and secure.
We may, from time-to-time, allow our partners to analyse our data to understand our visitors, where they come from and what events or products interest them. At no time, do we share full personal details with these organisations, and none of this activity enables our partner to identify an individual.
Occasionally, where we partner with other organisations, we may also share information with them (for example, if you register to attend an event being jointly organised by us and another charity). We will only share information when necessary, and at no point are they permitted to use or store your information.
6. MARKETING
We have always sought an “opt-in” for most communications. This includes all our marketing communications.
We would also offer you the choice as to how you wish to receive these messages, though currently, we will only communicate with you – in marketing terms – by email.
You can decide not to receive communications or change how we contact you at any time. If you wish to do so please contact us by emailing
dataprotection@chestercathedral.com, writing to us at 9 Abbey Square, Chester CH1 2HU, or by clicking unsubscribe within any newsletter we send you. You can also “opt-out” of receiving anything from us by visiting our website and using our ‘Sign-Up’ page.
What does ‘marketing’ mean?
Marketing does not just mean offering things for sale, but also includes news and information about:
- Chester Cathedral, our campaigns and community work
- volunteering opportunities and how you can help the cathedral
- appeals and fundraising (including donations and also competitions)
- our events, activities and local groups;
- products, services and offers
- leaving a legacy
- taking part in projects
When you receive a communication, we collect information about you respond to or interact with that communication, and this may affect how we communicate with you in future.
7. RESEARCH AND ANALYSIS
We carry out visitor surveys to determine the success of our work and to allow us to develop as an organisation. Understanding our visitors and supporters, their motivations and what they care about helps us provide a better experience (e.g. through more relevant communications). Face-to-face research is undertaken on our behalf by Fuze Research Limited, Heron’s Way, Chester Business Park, Chester CH4 9QR, a private limited company with registration number 08178561 and data controller number ZA238044.
None of our activity enables us to identify an individual.
Comment cards are produced and evaluated internally by Chester Cathedral. Use of a comment card can be done without submitting any personal information.
8. YOUNG PEOPLE
Photographs, pictures, stories and competitions
We want young people to engage with Chester Cathedral and to share their photographs, stories and pictures. If we publish your child’s picture, photo or story, we’ll usually include their first name and age with it. If they write an article or story for us, we might also include their surname alongside it.
If your child enters a competition and is one of the lucky winners or runners-up, we’ll publish their name and winning entry alongside the other winners.
We may publish these items on our website, newsletter and social media.
Parental permission: If your child is under 18 then we’ll need permission from you as their parent or guardian for them to enter one of our competitions or to share a picture, photograph or story with us.
With regard school or other visits, we would always seek both parental and school permission to use a picture, photograph or story.
Information for parents
We take great care to protect and respect the rights of individuals in relation to their personal data, especially in the case of children. If your child is under 18, we’ll only use his or her personal data with your consent. This means that, for example, if your child wants to have his or her name or picture featured in one of our youth magazines, we’ll need you to confirm you’re happy for us to do so.
9. HOW WE PROTECT DATA
We employ a variety of physical and technical measures to keep your data safe and to prevent unauthorised access to, or use or disclosure of your personal information.
Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means). Our staff receive data protection training and we have a set of detailed data protection procedures which personnel are required to follow when handling personal data.
Payment security
All electronic Chester Cathedral forms that request financial data will use the Secure Sockets Layer (SSL) protocol to encrypt the data between your browser and our servers.
If you use a credit card to donate, purchase something on-line we will pass your credit card details securely to our payment provider. Other payment methods (e.g. ApplePay) are handled in a similar manner. Chester Cathedral complies with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council, and will never store card details.
Of course, we cannot guarantee the security of your home computer or the internet, and any online communications (e.g. information provided by email or our website) are at the user’s own risk.
CCTV
The cathedral and much of the cathedral estate have CCTV and you may be recorded when you visit them. CCTV is there to help provide security and to protect both you and Chester Cathedral. CCTV will only be viewed when necessary (e.g. to detect or prevent crime) and footage is only stored temporarily. Unless it is flagged for review CCTV will be recorded over.
Chester Cathedral complies with the Information Commissioner’s Office CCTV Code of Practice, and we put up notices so you know when CCTV is in use.
10. STORAGE
Where we store information
Chester Cathedral’s operations are based in the UK and we store our data within the European Union. Suppliers who process data on our behalf are based within the European Union. This processing is carried out under a contract which imposes strict requirements on our supplier to keep your information confidential and secure.
How long we store information
We will only use and store information for so long as it is required for the purposes it was collected for. How long information will be stored for depends on the information in question and what it is being used for. For example, if you ask us not to send you marketing emails, we will stop sending you emails for marketing purposes (though we’ll keep a record of your preference not to be emailed).
We continually review what information we hold and delete what is no longer required. We never store payment card information.
11. KEEPING YOU IN CONTROL
We want to ensure you remain in control of your personal data. Part of this is making sure you understand your legal rights, which are as follows:
- the right to confirmation as to whether or not we have your personal data and, if we do, to obtain a copy of the personal information we hold (this is known as subject access request);
- the right to have your data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason);
- the right to have inaccurate data rectified;
- the right to object to your data being used for marketing or profiling; and
- where technically feasible, you have the right to personal data you have provided to us which we process automatically on the basis of your consent or the performance of a contract. This information will be provided in a common electronic format.
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so.
If you would like further information on your rights or wish to exercise them, please write to our Data Protection Officer, Chester Cathedral, 9 Abbey Square, Chester CH1 2HU or email dataprotection@chestercathedral.com
If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to the UK Information Commissioner’s Office which regulates and enforces data protection law in the UK. Details of how to do this can be found at www.ico.org.uk
12. COOKIES AND LINKS TO OTHER SITES
Cookies
Our website uses local storage (such as cookies) to provide you with the best possible experience and to allow you to make use of certain functionality (such as being able to shop online). You may amend your cookie preferences when visiting our website, and may amend your preference during your visit.
What Cookies Does Our Site Use?
- The following first party Cookies may be placed on your computer or device:
| Name of Cookie | Purpose & Type | Strictly Necessary |
|---|---|---|
| PHPSESSID | This allocates a user a session ID used id used to identify session data about the user, this includes but not limited to; To store a simple message when a form is submitted that can be displayed on a different page. For example, if an enquiry form is completed incorrectly, a message will be stored and presented to the user to indicate the errors in the submission. When an enquiry form is submitted successfully, a message is stored and presented to the user thanking them for their enquiry. No personal information is stored in this cookie. Also used to store a the logged in user’s username and a 128bit encrypted key. This information is required to allow a user to stay logged in to a web site without needing to submit their username and password for each page visited. Without this cookie, a user is unable to proceed to areas of the web site that require authenticated access. | yes |
| _gat | Used to distinguish users and track user behavior on the website. https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage | yes |
| _ga | Used to distinguish users and track user behavior https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage | yes |
| _gid | Used to throttle request rate for the website i.e. responsible for regulating the rate at which application)processing is conducted. https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage | yes |
Links to other sites
Our website contains hyperlinks to many other websites. We are not responsible for the content or functionality of any of those external websites (but please let us know if a link is not working by using the ‘Contact us’ page on the website).
If an external website requests personal information from you (e.g. in connection with an order for goods or services), the information you provide will not be covered by Chester Cathedral’s Privacy Policy. We suggest you read the privacy policy of any website before providing any personal information.
When purchasing goods or services from any of the businesses that our site links to, you will be entering into a contract with them (agreeing to their terms and conditions) and not with Chester Cathedral.
13. CHANGES TO THIS PRIVACY POLICY
We will amend this Privacy Policy from time to time to ensure it remains up-to-date and accurately reflects how and why we use your personal data. The current version of our Privacy Policy will always be posted on our website.
This Privacy Policy was last updated on 30 March 2023.