Southwell Minster respects your privacy and is committed to protecting your personal data. This notice will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.
It is important that you read this privacy notice so that you are fully aware of how and why we are using your data.
Southwell Minster comprises of the Chapter of the Cathedral, the PCC of Southwell Minster, The Friends of Southwell Minster, The Trustees and Management Committee of Sacrista Prebend, Potwell Dyke and Higgon Meade. These bodies are the controllers and are responsible for your personal data. When we mention ‘Southwell Minster’, ‘we’, ‘us’ or ‘our’ in this notice, we are referring to the relevant body in this group responsible for processing your data. The Chapter of Southwell Minster is the controller and responsible for the protection of your data. If you have any queries regarding this information, please contact the Cathedral Administrator, Adele Poulson on administrator@southwell minster.org.uk or on 01636 817285.
The data we collect about you
Personal data or personal information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed. We may collect, use, store and transfer different kinds of personal data about you which may include:
- Identity data including first name, last name, marital status, date of birth.
- Contact data including email address, delivery address, home address and telephone number.
- Financial data including bank account and payment card details.
- Transaction data including details about payments to and from you and details about products or services you have purchased from us.
- Marketing and communications data including your preferences in receiving marketing from us and your communication preferences.
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but does not directly or indirectly reveal your identity and as such is not considered personal data in law. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. We do not collect any special categories of personal data about you for example your race, ethnicity or religious beliefs.
How is your personal data collected?
We use different methods to collect data from and about you including through:
You may give us your identity, contact and financial data by filling in forms or by correspondence with us by post, phone, email or otherwise. This includes person data you provide when you:
- Apply for or buy our products or services
- Subscribe to our services or publications
- Volunteer for services
- Request marketing to be sent to you
- Enter a competition, promotion or survey
- Give us feedback
How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract, we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests and your interests and rights to do so but will not override those interests.
- Where we need to comply with a legal or regulatory obligation.
Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending you marketing communications or newsletters. You have the right to withdraw your consent at any time by contacting us.
We use your personal data (for example, phone numbers, email and postal addresses) for the following purposes: –
- To enable us to provide a range of services for the benefit of the public;
- To administer membership records;
- To fundraise and promote the interests of the cathedral;
- To manage our employees and volunteers;
- To maintain our own accounts and records (including the processing of gift aid applications);
- To inform you of news, events, activities and services
Our processing also includes the use of CCTV systems for the prevention of crime.
You can opt out of receiving marketing messages or information from us at any time by contacting us. However, this will not apply to your personal data provided to us as a result of the purchase or provision of products or services by the cathedral.
Change of purpose
We will only use your data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Disclosures of your personal data
We may have to share your personal data to allow us to fulfil the service or contract with you. This may include professional advisers including banking, legal, insurance and accounting services. Sometime this may involve the transfer of data outside the European Economic Area and this legislation. However, we ensure that a similar level of protect is afforded to the protection of your data.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those who have a business to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure of the data, the purposes for which we process the data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we must keep certain data about our customers for six years after they cease to become customers.
In certain circumstances we may anonymise your personal data for research or statistical reasons in which case we may use this information indefinitely without further notice to you.
No fee is required to access your personal data to exercise any other rights in relation to your data. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. If you request your personal data, we may need to request information from you to help us confirm your identity and ensure your right to access the data. This is a security measure to ensure that the data isn’t disclosed to any person who has no right to it.
We will try and respond to all legitimate requests within one month. If the request is more complicated it may take longer but we will keep you informed.
Your legal rights
You have the right to:
- Request access to your data
- Request the correction of the personal data we hold about you, to ensure data is complete and accurate
- Request erasure of your personal data unless this would be in breach of specific legal reasons for keeping it
- Object to the processing of your data
- Request the restriction of the processing of your data
- Request the transfer of your data to a third party
- Withdraw the consent to us using your personal data although this doesn’t affect the lawfulness of any processing carried out before you withdraw you consent