Your Personal Data: What is it and what do we collect?
Personal data is information that can identify you. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. This can include information such as name, address, email address and any other information you provide when contacting us or filling in forms on our website- for example when asking or registering about our events, subscribing to newsletters, making donations or ordering products from our shop. If you contact us, we may keep a record of that correspondence or interaction. We will also collect data on how you use our emails – whether you open them, and which links you click on. When using our website your IP address and details of which version of web browser you used is also collected and other statistical data about our users’ browsing actions.
For more information about Cookies please visit www.aboutcookies.org or www.allaboutcookies.org. You can set your browser not to accept cookies and the above websites tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.
Personal data created by your involvement with us
Your activities and involvement with us will result in personal data being created. This could include details of how you’ve helped us by volunteering or being involved with our campaigns and activities. If you decide to donate to us then we’ll keep records of when and how much you gave and what you gave for.
Information we generate
We conduct research and analysis on the information we hold, which can in turn generate personal data. For example by analysing your interest and involvement with our work we may be able to build a profile which helps us decide which of our communications are likely to interest you. The Profiling section gives more detail about how we use information for profiling and targeted advertising, including giving you more relevant digital content.
Information from third parties
We may buy anonymous external data (e.g. census data, Experian MOSAIC, TGI) and combine it with your personal data at an aggregated level to build profiles which help us work out what you’re most likely to want to hear from us about and how.
Sensitive personal data
At times we’ll collect sensitive personal data for Equal Opportunities monitoring and safeguarding purpose.
Volunteers and staff
If you’re a volunteer or staff member then we may collect extra information about you (e.g. references, criminal records checks, details of emergency contacts, medical conditions etc.) This information will be retained for legal or contractual reasons to protect us (including in the event of an insurance or legal claim) and for safeguarding purposes.
How we process your personal data
Liverpool Cathedral complies with its obligations under the General Data Protection Regulation (GDPR) by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure by ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for the following purposes:-
- To administer membership and supporter records;
- To fundraise and promote the interest of the cathedral
- To manage our employees and volunteers;
- To maintain our own accounts and records (including the processing of gift aid);
- To inform you of news, events, activities, appeals and services running at Liverpool Cathedral you have requested, or we feel may be of interest to you;
- To fulfil contracts made with you e.g. online purchases and bursaries;
- To keep records of your contact preferences;
- To enable us to provide a volunteer service for the benefit of the public
- We may share you contact details with the Diocese of Liverpool’s office where we hold jointly run services, events or activities so that they can keep you informed about news in the diocese and events, activities and services that will be occurring in the diocese and in which you may be interested.
What is the legal basis for processing your personal data?
We process personal information for legitimate business purposes, which are not limited to but include some or all of the following:
- Where the processing enables us to enhance, modify, personalise or otherwise improve our services
- To identify and prevent fraud
- To enhance the security of our network and information systems
- To better understand how people interact with our websites
- To provided postal communications which we think will be of interest to you – keeping you informed about news, events, fundraising activities, appeals and services at Liverpool Cathedral
- To determine the effectiveness of promotional campaigns and advertising
- To contact supporters via surveys to conduct research about their opinions of current activities and services of Liverpool Cathedral or other potential new activities or services
We also process personal information for certain other obligations, where processing is:
- Necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement;
- Necessary for the performance of a contract or to take steps to enter into a contract
- Necessary for compliance with a legal obligation
- Is necessary to protect the vital interests of a data subject or another person
- Necessary for the performance of a task carried out in the public interest or in the exercise of the official authority bested in the data controller
- Carried out by a not-for-profit body with a political, philosophical, religious or trade union aim provided:
- The processing relates only to members or former members (or those who have regular contact with it in connection with those purposes);
We know its importance to our supporters to use our resources in a responsible and cost-effective way. So we may use automated profiling and targeting to help us understand our supporters and make sure that:
- Our communications and services (e.g. our website) are relevant, personalised and interesting to you
- Our services meet the needs of our supporters
- We use our resources responsibly and keep our cost down
We may also gather additional information about you from external sources, for example: updates to address and contact information or publicly available information regarding your health, earnings and employment at an aggregate level. We may use this information to assess your capacity to support us and invite you to do so.
This analysis may be carried out by us or by third party organisations working for us. We may also host encrypted personal data on third party websites (e.g. social media platforms) to ensure you only see relevant, personalised and interesting content from those organisations.
Whenever we process data for these purposes we will ensure that we always keep your Personal Data rights in high regard and take account of these rights. You have the right to object to the processing of you wish and if you wish to do so please contact us at the details at the end of the policy. Please bear in mind that if you object this may affect our ability to carry out the tasks above for your benefit.
Sharing your personal data
We will not under any circumstances, share or sell your personal data with any third party for their own marketing purposes. We may share your data with third parties where they are processing your personal data on behalf of Liverpool Cathedral (for example, in the distribution of a mailing).
Where your data is processed outside the EU on Liverpool Cathedral’s behalf, this is only done where we have established that adequate safeguards are in place, for example, participation with the EU-US Privacy Shield Framework.
We may also share your personal data where we are required to do so by law, for example to make a Gift Aid claim to HMRC.
How long we keep your personal data
We keep data in accordance with the guidance set out in the guide “Chapter and Verse: The Care of Cathedral Records” which is available from the Church of England website https://www.churchofengland.org/more/libraries-and-archives/records-management-guides
Your rights and your personal data
Unless subject to an exemption under the GDPR you have the following rights with respect to your personal data:
- The right to request a copy of your personal date which Liverpool Cathedral holds about you;
- The right to request that Liverpool Cathedral corrects any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary for Liverpool Cathedral to retain such data;
- The right to withdraw your consent to the processing at any time;
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing
- The right to object to the processing of personal data
- The right to lodge a complaint with the Information Commissioners Office
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
To exercise all relevant rights, queries or complaints please in the first instance contact Liverpool Cathedral at GDPR@liverpoolcathedral.org.uk or 0151 705 2112
We hope to be able to resolve any complaints about our privacy notice directly with you. However, if you feel this has not been achieved, you can contact the Information Commissioners Office (ICO) on 0303 123 1113 or online at https://ico.org.uk/global/contact-us/email or by post to the ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF