This Privacy Notice sets out how the entities that make up Chichester Cathedral (as defined below) collect, use, and share the information that you provide to us (“your personal data”) and how we protect your rights.
In this Privacy Notice “the Chichester Cathedral Entities” or “Entities of Chichester Cathedral” means the following organisations (together referred to as “we” or “us”):
- The Chapter of Chichester Cathedral (“Cathedral Chapter”) an ecclesiastical charity with Ecclesiastical Charity Registration Number X6489;
- Chichester Cathedral Restoration and Development Trust (“Cathedral Trust”) a charitable incorporated organisation with registration number 1156729;
- Chichester Cathedral Friends(“Friends”), a charitable incorporated organisation - with registration number 1158498; and
- Chichester Cathedral Enterprises Limited (“Enterprises”), a company with company number 01171418.
Under data protection law, we are joint controllers of your personal data, which means that we jointly determine how we process your personal data. For more information, see section 7 below on how we share your personal data.
Personal data is any information that relates to an individual. We may process your personal data in the following scenarios, where:
- You have signed up to receive communications from the Entities of Chichester Cathedral via our website, digital platform (including donation point or tablet within the Cathedral) or hardcopy form;
- You make a donation to one of the Chichester Cathedral Entities;
- You make a Gift Aid declaration in relation to one of the Chichester Cathedral Entities;
- You are considering becoming or are a Member of the Friends;
- You are considering becoming or are a Member of a committee, group or governing body involved in the life of one of the Chichester Cathedral Entities (i.e. Chapter, Trustees, Community Committee);
- You are considering becoming or a Volunteer for one of the Chichester Cathedral Entities;
- (Repeated from line 4)A Lasting Power of Attorney (LPoA) over your affairs is notified to any one of us;
- You purchase a ticket to an event from one of the Chichester Cathedral Entities;
- You are on the Electoral Roll;
- You purchase a stay at Chichester Cathedral accommodation, or hire our commercial venues or spaces;
In these scenarios, we may collect one or more of the following categories of personal data relating to you:
- first name
- postal address including post code
- telephone number (landline and/or mobile)
- Date of birth
- email address
- details of your college, university or school
- bank details
- records of financial transactions including one-off and regular donations
- annual subscription amount
- method of payment for your annual subscription and donations
- the date you became a member
- your opt-in to our sharing requests
- donation details
- correspondence with you (for example, to discuss the reason for your donation)
- signature on our standard Gift Aid form
- details about an event you have signed up for
- dietary requirements (if you have registered for an event that involves the provision of food)
- information about any publications to which you have contributed
- Relationships/marital status
We use your personal data to administer the different Chichester Cathedral Entities effectively and efficiently, to send you information about your membership of and one or more of the Chichester Cathedral Entities and to send you information about Chichester Cathedral and activities and events taking place at or in connection with the Cathedral. In particular, we may use your personal data to:
- write to you about matters relating to Chichester Cathedral or any of the Chichester Cathedral Entities
- send you the Cathedral’s quarterly newsletter, and information about events and activities taking place at the Cathedral or within the diocese
- email you the Cathedral’s monthly newsletter, and information about events and activities taking place at the Cathedral or within the diocese
- remind you that your annual subscription to the Friends is becoming due if you pay it otherwise than by bank STO
- invite you to attend the Chichester Cathedral Friends Annual General Meeting
- process your donation(s)
- acknowledge your donation(s)
- claim Gift Aid from HMRC
- if required by HMRC, provide evidence to HMRC that you have made a Gift Aid declaration
- provide an event organiser with your data in connection with your attendance at an event
- provide an event organiser, and booking information, with your data in connection to your accommodation or event/hire reservation/booking
- if appropriate, provide an event organiser with your dietary requirements
- contact you if an event you have booked changes or is cancelled or if there is a query about your booking
- process a refund if an event or other purchase is cancelled
- streamline our communications with you by ensuring that duplication is minimised as far as possible between the different Chichester Cathedral Entities
- obtain information about you that assists us to work with you as efficiently as possible
We will only use your personal data when the law allows us to (i.e. where we have a ‘lawful basis’). Most commonly, we will use your personal data in the following circumstances:
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. For example, we have a legitimate interest in sharing your personal data between each of the Chichester Cathedral Entities where this assists us to streamline our communications with you by ensuring that duplication is avoided or minimised as far as possible.
- Where it is necessary for the performance of a contract with you, for instance where you purchase a ticket for an event or make another booking with Enterprises.
- Where it is necessary to comply with a legal obligation on us (for example, reporting to HM Revenue and Customs in order to make a submission in connection with Gift Aid).
- Less commonly, we may ask for your consent to use your personal data for a specific purpose, for instance where we require your consent to send you fundraising or direct marketing messages by email.
- If we process your special category personal data (for example, information relating to your health or ethnicity), we typically rely on your explicit consent or a condition for processing which is available to not-for-profit organisations.
You may unsubscribe from our email communications via the link in any email that you receive from any Chichester Cathedral Entity.
You may make a request to withdraw your consent, or for us to remove your personal data at any time by using the contact details set out in section 13 below.
Data is shared between the Chichester Cathedral Entities via a database system called thankQ (“the Cathedral Entities Platform”) to enable us communicate and interact with worshippers, volunteers, supporters, donors, Friends and the general public and to fulfil the charitable objectives of the Cathedral Entities.
All the information we collect from you is held in computerised records, within thankQ. If you provide information to us on paper, we transfer it to our computerised records and destroy the paper hardcopy. Our computerised records are secured by a system of user identifications and passwords allocated to authorised users. Only authorised users can access your personal data.
To find out more about security features of thankQ, please see their website.
Membership, Donations & Gift Aid
We use thankQ to keep track of your membership subscription payments to the Chichester Cathedral Friends, Gift Aid declarations (if you have made them) and to record any donations you may have made. If you have made a Gift Aid declaration we use this application to communicate directly electronically with HMRC to claim Gift Aid when it is due. We do not have access to your tax records held by HMRC. We keep a scanned copy of your Gift Aid declaration on thankQ with access restricted to authorised users.
We use a number of third party sites to facilitate online giving. These include Just Giving, Thyngs and the Charities Aid Foundation (CAF) Online. When you make a donation or gift through these platforms, they act as a Controller. When they pass on your data to us, via charity reporting, we also become a Controller with respect to that data.
We use a third-party system called TicketSource to sell tickets to Chichester Cathedral events. When you purchase a ticket from TicketSource (which can be done online, by phone, or in person from the Cathedral Shop) we collect your contact information, which tickets you purchased, how much you paid for them and how you paid for them. This information is held securely by TicketSource. TicketSource is the Data Processor acting on behalf of the Event Organiser (the Cathedral Entities) who are the Data Controllers. It is the Event Organiser who decides what happens to your Personal Data. We make this information available to our in-house team to assist with event management. We will cross reference this information with the information we hold on our database to verify information and update our records. When purchasing a ticket, you will be asked if you wish to receive information from the Entities of Chichester Cathedral.
For our on-site accommodation, we use a third-party system called FreetoBook. FreetoBook are Joint Controllers of your data, processed and stored on behalf of the Entities of Chichester Cathedral. FreetoBook combine the interactions of a number of third party sites used by the Cathedral Entities, including Booking.com (and Agoda and Cottages.com), as well as Air BnB. In these cases, the platforms act as sole Controllers of your data. In relation to the Cathedral Entities’ property management, this occurs through Henry Adams who are also sole Controllers of data.
The Chichester Cathedral Entities may communicate with you in a number of ways, including by post, email or SMS (in-line with the preferences you have agreed to when you consent to receive information from us).
When we communicate with you by email, we sometimes use a third-party system called Mailchimp. In this circumstance, we act as the Data Controller, and Mailchimp as the Data Processor. The same relationship is adopted for Mailing Houses, for when we contact you by post. In the latter example, all files are provided to the Mailing House encrypted, with password protection. Each organisation will also have their own data policies and security measures.
We rely on you to keep us notified of changes to the information we hold about you. You can tell us about changes by telephone, email or by letter and we will record changes in our databases as soon as we can (see Section 13).
From time to time we will send you a copy of the information we hold about you and ask you to verify it. At any time you may ask us to provide you with a copy of the information we hold about you and we will respond as promptly as we can.
The Chichester Cathedral Entities share information about you between ourselves via a shared platform called thankQ (“the Cathedral Entities Platform”). Any information stored on the Cathedral Entities Platform is governed by a data sharing agreement (“the Data Sharing Agreement”) between the Chichester Cathedral Entities to ensure that your information is processed lawfully and securely Your personal data is shared to improve the way Chichester Cathedral Entities communicate and interact with you. Section 2 (above) details the categories of personal data which are shared. The Chichester Cathedral Entities are Joint Controllers and share joint responsibility for the information that they share with each other about you. Please contact us if you require further information about our Data Sharing Agreement or how we share your personal data between us.
None of the Chichester Cathedral Entities will sell your contact information to any person or organisation.
If you are a Member, or part of a group, committee or governing body of one of the Chichester Cathedral Entities your information may be stored on the Cathedral Entities Platform and made accessible to the other Chichester Cathedral Entities, so that, for instance, you can receive the Cathedral’s e-Newsletter and other items of news about the Cathedral and its activities. The above also applies if you have consented to receive information from Chichester Cathedral Entities via our website or hard copy.
If you have signed a Gift Aid declaration, we will tell HMRC that we have a signed Gift Aid declaration on file and when we make our routine Gift Aid claims we will tell HMRC if we have received a subscription payment or donation from you, when it was received and the amount we received. HMRC may ask to see a copy of your Gift Aid declaration as part of their audit procedure. If this happens, we will provide the copy to HMRC. We will notify you, but we will not seek your permission.
If you buy a ticket for a Chichester CathedralEvent, book our accommodation or hire our venues, we will not share any information collected about you or your purchases with any organisation outside the Chichester Cathedral Entities except for suppliers or third party sites which are processing your personal data on our behalf.
If you are on the mailing list of Parish and Village Newsletter Editors we will share your email address (if we have it) via the Cathedral Entities Platform so that you can receive the Cathedral’s e-Newsletter and other items of news about the Cathedral and its activities. We will also share your email address (if we have it) via the Cathedral Entities Platform so that you can receive news and information about the different activities of the different Cathedral Entities as appropriate.
We also reserve the right to disclose your personal data to third parties:
- in the event that any one of the Chichester Cathedral Entities acquire or dispose of any business or assets, in which case we will disclose your personal data to the prospective transferor or transferee or such business or assets;
- if substantially all of the assets of one or more of the Chichester Cathedral Entities are acquired by a third party, your personal data held may be one of the transferred assets;
- for auditing purposes;
- if any of us is under any legal or regulatory obligation to do so e.g. to comply with legal process or requests from government authorities;
- to permit any of us to pursue available remedies or limit the damages that we may sustain; and
- in connection with any legal proceedings or prospective legal proceedings, in order to establish, exercise or defend our or a third party’s legal rights.
Under data protection laws, you have rights relating to your personal data. You may exercise any of the following rights against any one or more of the Chichester Cathedral Entities:
- Ask us for confirmation of what personal data we hold about you, and to request a copy of that information. If we are satisfied that you have a legal entitlement to see this personal data, and we are able to confirm your identity, we will provide you with this personal data.
- Withdraw your consent at any time if we have relied on consent as the lawful ground to use your personal data.
- Request that we delete the personal data we hold about you, as far as we are legally required to do so.
- Ask that we correct any personal data that we hold about you which you believe to be inaccurate.
- Object to the processing of your personal data where we: (i) process on the basis of the legitimate interests ground; (ii) use the personal data for direct marketing; or (iii) use the personal data for statistical purposes.
- Ask for the provision of your personal data in a machine-readable format to either yourself or a third party, provided that the personal data in question has been provided to us by you, and is being processed by us: (i) in reliance on your consent; or (ii) because it is necessary for the performance of a contract to which you are party; and in either instance, we are processing it using automated means.
- Ask for processing of your personal data to be restricted if there is disagreement about its accuracy or legitimate use.
To exercise these rights, contact us via the “Contact Us” set out in section 13 below. Please be aware that any one of the Chichester Cathedral Entities may be unable to comply with requests that you make in connection with the above rights in certain circumstances, such as if we are legally prevented from doing so or can rely on an applicable exemption.
Please note that you also have the right to lodge a complaint with the Information Commissioner’s Office at www.ico.org.uk/concerns. Please always consider raising your concern with us first by contacting us using the contact details in section 13 below.
Where your personal data is transferred, stored, and/or otherwise processed outside the UK or EU in a country which does not offer an equivalent standard of protection to the UK or EU, we will take all reasonable steps necessary to ensure that the recipient implements appropriate safeguards (such as relying on standard contractual clauses approved by the European Commission) designed to protect your personal data.
If you have any questions about the transfer of your personal data, please contact us using the details at section 13.
If you consent to receive communications from the Entities of Chichester Cathedral, we will keep your information in-line with the terms of agreement at the point of consent. You have the right to access, adapt or withdraw your consent at any time. We will review this consent every two years, in-line with guidance issued by the ICO, which may in-turn result in us contacting you directly to update your information.
If you are a member of the Chichester Cathedral Friendswe will delete your information, and subscription payment information, relating to your membership in accordance with the Charity Commission rules (that all data will be kept for a minimum of six financial years). You cease to be a member if you contact us and tell us that you no longer wish to be a member, if you die or if you stop paying your annual subscription.
If you have signed a Gift Aid declaration we will keep your payment and/or membership records for the following six years after the end of the period that includes the last donation to which they relate, or at least 12 months after you claim for the last donation to which the declaration relates if this is later. We also occasionally get requests from executors of wills, or HMRC for information about Gift Aid we may have claimed.
If you have bought tickets for an event from any of the Chichester Cathedral Entities we will delete your contact and payment information from the TicketSource database as soon as we can after you cease to be a member.
If you are on our mailing list of Parish and Village Newsletter Editors we will keep your record until you or someone else with authority to do so informs us of a change.
If we have shared your contact information with the other Chichester Cathedral Entities via the Cathedral Entities Platform (thankQ) we will ensure that your records are deleted from that Platform after an appropriate period after you have ceased to be a member of the Cathedral or Friends.
We may change this Privacy Notice at any time by posting a new version on the Chichester Cathedral Website
If we update this Privacy Notice in a way that significantly changes how we use your personal data, we will bring these changes to your attention where reasonably possible. Otherwise, we recommend that you periodically review this Privacy Notice to be aware of any other revisions.
If you have any questions about this Privacy Notice, you can reach all of the Cathedral entities in the following ways:
- Post: Chichester Cathedral, The Royal Chantry, Cathedral Cloisters, Chichester, PO19 1PX
- Telephone: 01243 812980
Please leave a message if we don’t answer and we will call back