Welcome to Ripon Cathedral’s Privacy Notice
Ripon Cathedral respects your privacy and is committed to protecting your personal data. This notice will inform you as to how we look after your personal data when you visit our website and tell you about your privacy rights and how the law protects you.
This privacy notice aims to give you information on how Ripon Cathedral collects and processes your personal data through your use of this website, including any data you may provide through this website when you purchase a product or service or offer to take part in an activity.
This website is not intended for children and we do not knowingly collect data relating to children.
It is important that you read this privacy notice so that you are fully aware of how and why we are using your data. This privacy notice supplements any other notices and is not intended to override them.
Ripon Cathedral comprises of the Chapter of Ripon Cathedral, the PCC of Ripon Cathedral, The Friends of Ripon Cathedral, The Trustees of Thorpe Prebend and Ripon Cathedral Development Campaign. These bodies are the controllers and are responsible for your personal data. When we mention ‘Ripon Cathedral’, ‘we’, ‘us’ or ‘our’ in this notice, we are referring to the relevant body in this group responsible for processing your data. The Chapter of Ripon Cathedral is the controller and responsible for this website.If you have any queries regarding this information, please contact the Director of Operations Julia Barker on email@example.com or on 01765 603462.
Changes to the privacy notice and your duty to inform us of change.
This is the first version of this notice in relation to the changes in the data protection law in the UK in May 2018. It may be updated in the future. We are currently working to make sure all our systems are compliant with the new legislation. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.
Third Party links
This website may include links to third-party websites, plug ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
The data we collect about you
Personal data or personal information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed.
We may collect, use, store and transfer different kinds of personal data about you which may include:
Identity data including first name, last name, marital status, date of birth
Contact data including email address, delivery address and telephone number.
Financial data including bank account and payment card details.
Transaction data including details about payments to and from you and details about products or services you have purchased from us.
Technical data including IP address, browser type and other technology on the devise you use to access this website.
Profile data including interests, preferences and survey responses
Usage data including information on how you use this website.
Marketing and communications data including your preferences in receiving marketing from us and your communication preferences.
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but does not directly or indirectly reveal your identity and as such is not considered personal data in law. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature.
We do not collect any special categories of personal data about you for example your race, ethnicity or religious beliefs.
How is your personal data collected?
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your identity, contact and financial data by filling in forms or by correspondence with us by post, phone, email or otherwise. This includes person data you provide when you:
• Apply for our products or services
• Subscribe to our services or publications
• Volunteer for services
• Request marketing to be sent to you
• Enter a competition, promotion or survey
• Give us feedback
Automated technologies or interactions
As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technology.
We may receive personal data about you from various third parties or publicly available sources for example analytics providers such as Google, advertising networks and search information providers.
How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
• Where we need to perform the contract, we are about to enter into or have entered into with you.
• Where it is necessary for our legitimate interests and your interests and rights do not override those interests
• Where we need to comply with a legal or regulatory obligation
Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending you marketing communications or newsletters. You have the right to withdraw your consent at any time by contacting us.
We use your personal data (for example, phone numbers, email and postal addresses) for the following purposes: –
• To enable us to provide a range of services for the benefit of the public;
• To administer membership records;
• To fundraise and promote the interests of the cathedral;
• To manage our employees and volunteers;
• To maintain our own accounts and records (including the processing of gift aid applications);
• To inform you of news, events, activities and services running at the cathedral;
Our processing also includes the use of CCTV systems for the prevention of crime.
You can opt out of receiving marketing messages or information from us at any time by contacting us. However, this will not apply to your personal data provided to us as a result of the purchase or provision of products or services by the cathedral.
Cookies are small files saved to the user’s computer’s hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors.
Other cookies may be stored to your computer’s hard drive by external vendors when this website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected.
Change of purpose
We will only use your data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Disclosures of your personal data
We may have to share your personal data to allow us to fulfil the service or contract with you. This may include professional advisers including banking, legal, insurance and accounting services.
Sometime this may involve the transfer of data outside the European Economic Area and this legislation. However, we ensure that a similar level of protect is afforded to the protection of your data.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or access in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those who have a business to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure of the data, the purposes for which we process the data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we must keep certain data about our customers for six years after they cease to become customers.
In certain circumstances we may anonymise your personal data for research or statistical reasons in which case we may use this information indefinitely without further notice to you.
No fee is required to access your personal data to exercise any other rights in relation to y your data. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with y your request in these circumstances.
If you request your personal data, we may need to request information from you to help us confirm your identity and ensure your right to access the data. This is a security measure to ensure that the data isn’t disclosed to any person who has no right to it.
We will try and respond to all legitimate requests within one month. If the request is more complicated it may take longer but we will keep you informed.
Your legal rights
You have the right to:
• Request access to your data
• Request the correction of the personal data we hold about you, to ensure data is complete and accurate
• Request erasure of your personal data unless this would be in breach of specific legal reasons for keeping it
• Object to the processing of your data
• Request the restriction of the processing of your data
• Request the transfer of your data to a third party
• Withdraw the consent to us using your personal data although this doesn’t affect the lawfulness of any processing carried out before you withdraw you consent