Chester Cathedral is committed to protecting your privacy and security. This policy explains how and why we use your personal data, to ensure you remain informed and in control of your information.
From Thursday 10 May 2018, Chester Cathedral will amend how we ask interested parties to “opt-in” to marketing communications. This is due to a change to data protection regulations which govern how we can communicate with you (the General Data Protection Regulation) coming into force on Friday 25 May 2018.
You can decide not to receive communications or change how we contact you at any time. If you wish to do so please contact us by emailing firstname.lastname@example.org or writing to us at 9 Abbey Square, Chester CH1 2HU.
We will never sell your personal data, and will only ever share it with organisations we work with where necessary and if its privacy and security are guaranteed (as outlined below).
Any questions you have in relation to this policy or how we use your personal data should be addressed to The Data Protection Officer, Chester Cathedral, 9 Abbey Square, Chester CH1 2HU
Your personal data (i.e. any information which identifies you, or which can be identified as relating to you personally) will be collected and used by The Chapter of Chester and Chester Cathedral Enterprises Limited, a private limited company with registration number 01382905 and data controller number Z1005068 and Z1005071 respectively.
Both The Chapter of Chester Cathedral and Chester Cathedral Enterprises Limited (together referred to as “Chester Cathedral”) are based at 9 Abbey Square, Chester CH1 2HU. For the purposes of data protection law, Chester Cathedral will be the controller.
Personal data you provide
We collect data you provide to us. This includes information you give when signing up for our electronic newsletter, giving by Gift Aid, purchasing a ticket for an event or placing an order on our online shop. For example:
Information created by your involvement with Chester Cathedral
Your activities and involvement with Chester Cathedral will result in personal data being created. This could include details of how you’ve helped us by volunteering or being involved with our fundraising and activities.
If you decide to donate to us, and share your details, then we will keep records of when and how much you give to a particular cause.
Sensitive personal data
We do not normally collect or store sensitive personal data such as information relating to health, beliefs or political affiliation. However, there are some situations where this may occur (e.g. if you volunteer or work for us or if you have an accident). Where this does occur we conduct an impact assessment, and take extra care to ensure your privacy rights are protected.
Accidents or incidents
If an accident or incident occurs on our property, at one of our events or involving one of our staff (including volunteers) then we’ll keep a record of this (which may include personal data and sensitive personal data).
If you are a volunteer then we may collect extra information about you (e.g. references, criminal records checks (when required), details of emergency contacts, medical conditions etc.). This information will be retained for legal reasons, to protect us (including in the event of an insurance or legal claim) and for safeguarding purposes.
We only ever use your personal data with your consent, or where it is necessary in order to:
In any event, we’ll only use your information for the purpose or purposes it was collected for:
We use personal data to communicate with people, to promote Chester Cathedral and to help with fundraising. This includes keeping you up to date with our news, updates, events and fundraising information. For further information on this please see Section 5 (Marketing).
We use personal data for administrative purposes. This includes:
We will never sell your personal data. If you have opted-in to marketing, we may contact you with information about our partners, but these communications will always come from Chester Cathedral and are usually incorporated into our own marketing materials (e.g. our printed and electronic newsletters).
We may share personal data with subcontractors or suppliers who provide us with services. For example, if you order something from the cathedral shop, your name and address will be shared with the delivery company. However, these activities will be carried out under a contract which imposes strict requirements on our supplier to keep your information confidential and secure.
We may, from time-to-time, allow our partners to analyse our data to understand our visitors, where they come from and what events or products interest them. At no time, do we share full personal details with these organisations, and none of this activity enables our partner to identify an individual.
Occasionally, where we partner with other organisations, we may also share information with them (for example, if you register to attend an event being jointly organised by us and another charity). We will only share information when necessary, and at no point are they permitted to use or store your information.
We have always sought an “opt-in” for most communications. This includes all our marketing communications.
We would also offer you the choice as to how you wish to receive these messages, though currently, we will only communicate with you – in marketing terms – by email.
You can decide not to receive communications or change how we contact you at any time. If you wish to do so please contact us by emailing
email@example.com, writing to us at 9 Abbey Square, Chester CH1 2HU, or by clicking unsubscribe within any newsletter we send you. You can also “opt-out” of receiving anything from us by visiting our website and using our ‘Sign-Up’ page.
What does ‘marketing’ mean?
Marketing does not just mean offering things for sale, but also includes news and information about:
When you receive a communication, we collect information about you respond to or interact with that communication, and this may affect how we communicate with you in future.
We carry out visitor surveys to determine the success of our work and to allow us to develop as an organisation. Understanding our visitors and supporters, their motivations and what they care about helps us provide a better experience (e.g. through more relevant communications). Face-to-face research is undertaken on our behalf by Fuze Research Limited, Heron’s Way, Chester Business Park, Chester CH4 9QR, a private limited company with registration number 08178561 and data controller number ZA238044.
None of our activity enables us to identify an individual.
Comment cards are produced and evaluated internally by Chester Cathedral. Use of a comment card can be done without submitting any personal information.
Photographs, pictures, stories and competitions
We want young people to engage with Chester Cathedral and to share their photographs, stories and pictures. If we publish your child’s picture, photo or story, we’ll usually include their first name and age with it. If they write an article or story for us, we might also include their surname alongside it.
If your child enters a competition and is one of the lucky winners or runners-up, we’ll publish their name and winning entry alongside the other winners.
We may publish these items on our website, newsletter and social media.
Parental permission: If your child is under 18 then we’ll need permission from you as their parent or guardian for them to enter one of our competitions or to share a picture, photograph or story with us.
With regard school or other visits, we would always seek both parental and school permission to use a picture, photograph or story.
Information for parents
We take great care to protect and respect the rights of individuals in relation to their personal data, especially in the case of children. If your child is under 18, we’ll only use his or her personal data with your consent. This means that, for example, if your child wants to have his or her name or picture featured in one of our youth magazines, we’ll need you to confirm you’re happy for us to do so.
We employ a variety of physical and technical measures to keep your data safe and to prevent unauthorised access to, or use or disclosure of your personal information.
Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means). Our staff receive data protection training and we have a set of detailed data protection procedures which personnel are required to follow when handling personal data.
All electronic Chester Cathedral forms that request financial data will use the Secure Sockets Layer (SSL) protocol to encrypt the data between your browser and our servers.
If you use a credit card to donate, purchase something on-line we will pass your credit card details securely to our payment provider. Other payment methods (e.g. ApplePay) are handled in a similar manner. Chester Cathedral complies with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council, and will never store card details.
Of course, we cannot guarantee the security of your home computer or the internet, and any online communications (e.g. information provided by email or our website) are at the user’s own risk.
The cathedral and much of the cathedral estate have CCTV and you may be recorded when you visit them. CCTV is there to help provide security and to protect both you and Chester Cathedral. CCTV will only be viewed when necessary (e.g. to detect or prevent crime) and footage is only stored temporarily. Unless it is flagged for review CCTV will be recorded over.
Chester Cathedral complies with the Information Commissioner’s Office CCTV Code of Practice, and we put up notices so you know when CCTV is in use.
Where we store information
Chester Cathedral’s operations are based in the UK and we store our data within the European Union. Suppliers who process data on our behalf are based within the European Union. This processing is carried out under a contract which imposes strict requirements on our supplier to keep your information confidential and secure.
How long we store information
We will only use and store information for so long as it is required for the purposes it was collected for. How long information will be stored for depends on the information in question and what it is being used for. For example, if you ask us not to send you marketing emails, we will stop sending you emails for marketing purposes (though we’ll keep a record of your preference not to be emailed).
We continually review what information we hold and delete what is no longer required. We never store payment card information.
We want to ensure you remain in control of your personal data. Part of this is making sure you understand your legal rights, which are as follows:
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so.
If you would like further information on your rights or wish to exercise them, please write to our Data Protection Officer, Chester Cathedral, 9 Abbey Square, Chester CH1 2HU or email firstname.lastname@example.org
If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to the UK Information Commissioner’s Office which regulates and enforces data protection law in the UK. Details of how to do this can be found at www.ico.org.uk
Our website uses local storage (such as cookies) to provide you with the best possible experience and to allow you to make use of certain functionality (such as being able to shop online). You may amend your cookie preferences when visiting our website, and may amend your preference during your visit.
What Cookies Does Our Site Use?
|Name of Cookie||Purpose & Type||Strictly Necessary|
|PHPSESSID||This allocates a user a session ID used id used to identify session data about the user, this includes but not limited to;
To store a simple message when a form is submitted that can be displayed on a different page.
For example, if an enquiry form is completed incorrectly, a message will be stored and presented to the user to indicate the errors in the submission.
When an enquiry form is submitted successfully, a message is stored and presented to the user thanking them for their enquiry.
No personal information is stored in this cookie.
Also used to store a the logged in user’s username and a 128bit encrypted key. This information is required to allow a user to stay logged in to a web site without needing to submit their username and password for each page visited. Without this cookie, a user is unable to proceed to areas of the web site that require authenticated access.
|_gat||Used to distinguish users and track user behavior on the website. https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage||yes|
|_ga||Used to distinguish users and track user behavior https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage||yes|
|_gid||Used to throttle request rate for the website i.e. responsible for regulating the rate at which application)processing is conducted.
Links to other sites
Our website contains hyperlinks to many other websites. We are not responsible for the content or functionality of any of those external websites (but please let us know if a link is not working by using the ‘Contact us’ page on the website).
When purchasing goods or services from any of the businesses that our site links to, you will be entering into a contract with them (agreeing to their terms and conditions) and not with Chester Cathedral.