Truro Cathedral is committed to protecting your privacy. This document explains how we use any personal information we collect about you and how we protect that information.
Who are we?
Truro Cathedral is the data controller. This means it decides how your personal data is processed and for what purposes. Truro Cathedral comprises Truro Cathedral (HMRC Charity Reference Number X7943) and Truro Cathedral Limited (company registration number 04917372).
Your personal data
What is it and what do we collect?
Personal data is information that can identify you. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. This can include information such as name, address, email address, and any other information you provide when contacting us or filling in forms on our website – for example when asking or registering about our events, subscribing to newsletters, making a donation or ordering products from our shop. If you contact us, we may keep a record of that correspondence or interaction.
We will also collect data on how you use our emails – whether you open them, and which links you click on. When using our website your IP address and details of which version of web browser you used is also collected and other statistical data about our users’ browsing actions.
For more information about Cookies please visit www.aboutcookies.org or www.allaboutcookies.org. You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.
Personal data created by your involvement with us
Your activities and involvement with us will result in personal data being created. This could include details of how you’ve helped us by volunteering or being involved with our campaigns and activities. If you decide to donate to us then we’ll keep records of when and how much you give to a particular cause.
Information we generate
We conduct research and analysis on the information we hold, which can in turn generate personal data. For example, by analysing your interests and involvement with our work we may be able to build a profile which helps us decide which of our communications are likely to interest you. The Profiling section gives more detail about how we use information for profiling and targeted advertising, including giving you more relevant digital content.
Information from third parties
We may buy anonymous external data (e.g. census data, Experian MOSAIC, TGI) and combine it with your personal data at an aggregated level to build profiles which help us work out what you’re most likely to want to hear from us about and how.
Sensitive personal data
At times we’ll collect sensitive personal data for Equal Opportunities monitoring and safeguarding purposes.
Volunteers and staff
If you’re a volunteer or staff member then we may collect extra information about you (e.g. references, criminal records checks, details of emergency contacts, medical conditions etc.). This information will be retained for legal or contractual reasons, to protect us (including in the event of an insurance or legal claim) and for safeguarding purposes.
How do we process your personal data?
Truro Cathedral complies with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for the following purposes: -
- To administer membership and supporter records;
- To fundraise and promote the interests of the cathedral;
- To manage our employees and volunteers;
- To maintain our own accounts and records (including the processing of gift aid);
- To inform you of news, events, activities, appeals and services running at Truro Cathedral you have requested, or we feel may be of interest to you;
- To fulfil contracts made with you e.g. online purchases and bursaries
- To keep records of your contact preferences
- To enable us to provide a voluntary service for the benefit of the public
- We may share your contact details with the Diocesan office where we hold jointly run services, events or activities so they can keep you informed about news in the diocese and events, activities and services that will be occurring in the diocese and in which you may be interested.
What is the legal basis for processing your personal data?
We process personal information for certain legitimate business purposes, which are not limited to but include some or all or of the following:
- Where the processing enables us to enhance, modify, personalise or otherwise improve our services and communications for the benefit of our supporters and visitors.
- To identify and prevent fraud
- To enhance the security of our network and information systems
- To better understand how people interact with our websites
- To provide postal communications which we think will be of interest to you - keeping you informed about news, events, fundraising activities, appeals and services at Truro Cathedral.
- To determine the effectiveness of promotional campaigns and advertising
- To contact supporters via surveys to conduct research about their opinions of current activities and services of Truro Cathedral or other potential new activities or services
We also process personal information for certain other obligations, where processing is;
- necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement;
- necessary for the performance of a contract or to take steps to enter into a contract
- necessary for compliance with a legal obligation;
- is necessary to protect the vital interests of a data subject or another person.
- necessary for the performance of a task carried out in the public interest or in the exercise of the official authority vested in the data controller
- carried out by a not-for-profit body with a political, philosophical, religious or trade union aim provided: -
- the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes); and
- there is no disclosure to a third party without consent.
We know it’s important to our supporters to use our resources in a responsible and cost-effective way. So we may use automated profiling and targeting to help us understand our supporters and make sure that:
- our communications and services (e.g. our website) are relevant, personalised and interesting to you
- our services meet the needs of our supporters
- we use our resources responsibly and keep our costs down
We may also gather additional information about you from external sources, for example: updates to address and contact information, or publicly available information regarding your wealth, earnings and employment at an aggregate level. We may use this information to assess your capacity to support us and invite you to do so.
This analysis may be carried out by us or by third party organisations working for us. We may also host encrypted personal data on third party websites (e.g. social media platforms) to ensure that you only see relevant, personalised and interesting content from those organisations.
Whenever we process data for these purposes we will ensure that we always keep your Personal Data rights in high regard and take account of these rights. You have the right to object to this processing if you wish and if you wish to do so please contact us at the details at the end of this policy. Please bear in mind that if you object this may affect our ability to carry out the tasks above for your benefit.
Sharing your personal data
We will not, under any circumstances, share or sell your personal data with any third party for their own marketing purposes. We may share your data with third parties where they are processing your personal data on behalf of Truro Cathedral (for example, in the distribution of a mailing).
Where your data is processed outside of the EU on Truro Cathedral's behalf, this is only done where we have established that adequate safeguards are in place; for example, participation with the EU-US Privacy Shield Framework.
We may also share your personal data where we are required to do so by law, for example to make a Gift Aid claim to HMRC.
How long do we keep your personal data?
We keep data in accordance with the guidance set out in the guide “Chapter and Verse: The Care of Cathedral Records” which is available from the Church of England website https://www.churchofengland.org/more/libraries-and-archives/records-management-guides
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: -
- The right to request a copy of your personal data which Truro Cathedral holds about you;
- The right to request that Truro Cathedral corrects any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary for Truro Cathedral to retain such data;
- The right to withdraw your consent to the processing at any time
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data
- The right to lodge a complaint with the Information Commissioners Office.
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
To exercise all relevant rights, queries or complaints please in the first instance contact Truro Cathedral at firstname.lastname@example.org or on 01872 276782.
We hope to be able to resolve any complaints about our privacy notice directly with you. However, if you feel this has not been achieved, you can contact the Information Commissioners Office (ICO) on 0303 123 1113 or online at https://ico.org.uk/global/contact-us/email/ or by post to the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.