Manchester Cathedral is committed to respecting your privacy and protecting your personal information; the Cathedral Chapter welcomes the improvements to data protection brought about by the General Data Protection Regulation 2016/679 (the “GDPR”) in May 2018. This Privacy Notice explains the reasons why Manchester Cathedral collects personal information, the types of personal information collected, how it is used and your legal rights regarding this use. This Privacy Notice is not intended for children.
Who are we?
The Dean and Canons of the Cathedral and Collegiate Church of St Mary, St Denys and St George in Manchester (known as “Manchester Cathedral”) is the data controller. This means that Manchester Cathedral decides how your personal data is processed and for what purposes. Manchester Cathedral comprises a number of legal entities: Dean and Canons Manchester Cathedral; Manchester Cathedral Hire Ltd.; Manchester Cathedral Development Trust (MCDT); Friends of Manchester Cathedral; Dean of Manchester Crosland Fund; Manchester Cathedral Visitor Centre; Manchester Cathedral Ventures Ltd. and Volition.
Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the GDPR.
How do we collect personal data?
Generally, Manchester Cathedral receives personal data from the individual directly. We recognise the need to collect data in an appropriate way for the situation so utilise different methods, namely online; email; paper documents; telephone and on some occasions whilst you are visiting the Cathedral or attending a service. When collecting personal data online we use third-party providers embedded securely on our website (Jotform and Campaign Monitor and Prestashop) and data protection agreements are in place; these providers have adopted GDPR best practices and policies can be reviewed on their respective websites. Visitors to Manchester Cathedral should be aware that CCTV cameras are located around the building for the purposes of prevention and detection of crime. Photographs and recordings are occasionally taken at Cathedral services and events – on these occasions attendees are informed by way of clear signage and by messaging inside the order of service.
What personal information do we collect?
For most purposes we need to collect your name and contact details. There are times when we need to collect additional information for example:
Automated technologies or interactions
Why do we process your personal data?
Manchester Cathedral complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. We use your personal data for the following purposes:
Our processing also includes the use of CCTV systems for the prevention and detection of crime.
What is the legal basis for processing your personal data?
Sharing your personal data
Your personal data will be treated as strictly confidential and will only be shared within Manchester Cathedral in order to carry out a function or service as outlined above or for legitimate purposes connected with Manchester Cathedral. We will only share your data with third parties outside of Manchester Cathedral with your prior consent. We will never sell your data to third parties.
How long do we keep your personal data?
We keep data in accordance with the guidance set out in the Church of England Record Centre Records Management Guide “Chapter and Verse: The Care of Cathedral Records” which is available from the Church of England website . Specifically, we retain Cathedral Community data while it is still current; gift aid declarations and all other financial paperwork for up to 6 years after the calendar year to which they relate; and parish registers (baptisms, marriages, funerals etc.) permanently. Personnel records relating to clergy and employees are presently being held indefinitely for safeguarding investigation purposes relating to the Independent Inquiry into Child Sexual Abuse (IICSA).
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
To exercise all relevant rights, queries of complaints please in the first instance contact the Cathedral Administrator on 0161 833 2220 or via email or at Manchester Cathedral Office, Manchester Cathedral, Victoria Street, Manchester, M3 1SX. We hope to be able to resolve any complaints about our Privacy Notice directly with you. However, if you feel this has not been achieved, you can contact the Information Commissioner’s Office on 0303 123 1113 or via email at https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.