- How is “Lincoln Cathedral” comprised?
- Where do we collect personal information from you and how?
- What personal information do we collect from you?
- How do we use your personal information?
- Legal basis for using your personal information
- Keeping your personal information secure
- How long do we keep your information?
- Your rights
- How to contact us
1) How is “Lincoln Cathedral” comprised?
Lincoln Cathedral is comprised of:
- The Corporate Body of Lincoln Cathedral (Ecclesiastical Exempt Charity, HMRC charity reference number X7802)
- Lincoln Cathedral Music Fund (Registered charity number 1033089)
- Lincoln Cathedral Learning, Arts, Culture and Events CIO (Registered charity number 1175597)
- Lincoln Minster Shops Ltd. (Company registration number 01015279)
- Lincoln Cathedral Quarry Ltd. (Company registration number 04634976)
Your personal information is shared between the different entities that form “Lincoln Cathedral” who act as joint controllers. All roles and responsibilities for compliance with the Data Protection Act 2018 rest with The Corporate Body of Lincoln Cathedral. The main point of contact for any of the entities that form “Lincoln Cathedral” can be found in section 10 below.
2) Where do we collect personal information from you and how?
We may collect personal information from you when:
- You make a safeguarding disclosure to us (please view the separate Safeguarding Privacy Notice)
- You complete a data collection form either online or a hard copy to join a subscription
- You make an enquiry via our website, a paper form, an email, letter or by telephone
- You make a purchase through our online shop
- You make a purchase at our Entry Desk or Shop
- You donate online or in person
- You accept cookies via our website
- You open or click on emails we send you
- You apply to volunteer at the Cathedral
- You apply to work at the Cathedral
- You apply to join the Cathedral Roll
3) What personal information do we collect from you?
We may collect the following personal information from you:
- Email Address
- Mobile Number
- Telephone Number
- Your bank account/bank card details when donating or purchase online, as well as in person at the Cathedral, or by paying rent
- Technical information about your device and operating system
- Your Date of Birth
- For staff, volunteers and tenants, we may collect additional types of information from you in order to comply with statutory requirements.
4) How do we use your personal information?
We use your personal information to:
- Provide you with information about products or services you have requested from us, or which we feel may interest you within your consented contact preferences. We may also use your data to carry out our obligations to you from any contract entered into between you and us.
- We may share your data with third parties where they are processing your personal data on behalf of Lincoln Cathedral.
- We may also share your personal data where we are required to do so by law.
- We will never sell or rent your personal data to third parties for their own marketing, market research or commercial purposes, but we may share your data between Cathedral entities.
- We do not store your full payment details when you make donations or payments via our website using our payment providers.
- We will continue to use your data for as long as you are in contact with us. If we lose touch, your data will be removed from our systems after three years from your last inbound contact, other than where we have a statutory requirement to store it for longer.
- Should you ask us to delete your personal information we will do so, other than where we have a statutory requirement to hold it for a set period of time.
For more information about how our payment processors use your data, please view the appropriate privacy notice:
- Online Donations by Direct Debit (GoCardless): https://gocardless.com/privacy/payers/
- Online Donations by card (Stripe): https://stripe.com/gb/privacy
- Online Shop Purchases (PayPal): https://www.paypal.com/uk/webapps/mpp/ua/privacy-full
- Ticketing (Eventbrite): https://www.eventbrite.co.uk/support/articles/en_US/Troubleshooting/eventbrite-privacy-policy?lg=en_GB
- Ticketing (Access Group): https://www.theaccessgroup.com/privacy-and-legal/
- Ticketing (OPAYO) https://www.opayo.co.uk/policies/privacy-policy
- Ticketing, Welcome Desk and Cathedral Shop (WorldPay/FIS Global) https://www.fisglobal.com/en/merchant-solutions-worldpay/worldpay-privacy-policy
5) Legal basis for using your personal information
There are six ways that we may have a legal basis to use your personal information, these are:
- Express consent – where you have expressly provided your consent to Lincoln Cathedral to be contacted for a specific purpose e.g. by subscribing to a defined mailing list or area of interest
- Fulfilling a contract – where you have made a purchase, donation or enquiry either online or in person, for example if you make a stone adoption online, we will use your name and address to fulfil our responsibility to deliver your adoption pack to you
- Legal obligation – we may be required to contact you for legal reasons to protect your interest
- Vital interests – where processing is necessary to protect life
- Legitimate interest – where it is in your interest for us to contact you for your benefit. This basis cannot be used for the sole benefit of Lincoln Cathedral
- Public task – where necessary for the protection of members of the public generally against seriously improper conduct, and from any failures in connection with, Lincoln Cathedral’s activities, or for safeguarding purposes
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. The information is used to track visitor use of the website and to compile statistical reports on website activity.
For more information about Cookies please visit:
https://www.aboutcookies.org/ or https://www.allaboutcookies.org/
You can set your browser not to accept cookies, and the above websites tell you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.
7) Keeping your personal information secure
We are committed to ensuring that your personal data is secure. We limit access to data on a need to know basis and test our security practices and technologies.
Employees and temporary workers are required to follow policies and procedures and complete mandatory annual training to understand data protection and information security.
If a data breach does occur, we will do everything in our power to limit the damage. In the case of a high-risk data breach, and depending on the circumstances, we will inform you about the breach and any remedial actions to prevent any further damage. We will also inform the Information Commissioner’s Office of any qualifying data breaches.
Sending data over the internet is generally not completely secure, and we cannot guarantee the security of your data while it is in transit. All data sent is at your own risk. We have procedures and security features in place to keep your data secure once we receive it.
We store your data securely in compliance with European law. By submitting your personal data to us, you agree to this.
8) How long do we keep your information?
Your data will be retained for three years from your last inbound communication, or in line with statutory requirements where appropriate.
9) Your rights
You have the following rights regarding your personal data, subject to exemptions:
- The right to request a copy of your personal data
- The right to rectify your data if you think it is inaccurate or incomplete
- The right to request that your data being erased, in certain circumstances
- The right to restrict processing of your data, in certain circumstances
- The right to request that we transfer your data to you or another organisation, in certain circumstances
- The right to object to our processing of your data if the process forms part of our public tasks, or is in our legitimate interests
To exercise these rights please contact the Data Protection Officer using the contact information provided below.
10) How to contact us
- By email to firstname.lastname@example.org
- Or write to us at: The Data Protection Officer, The Chapter Office, 4 Priorygate, Lincoln, LN2 1PL