How we use your data

Lincoln Cathedral is committed to protecting the personal data you provide. This Safeguarding Privacy Policy explains what to expect and outlines the ways that we may use personal data you provide to Lincoln Cathedral.

There are several policies and procedures which support this privacy notice, these are listed in Reference Documents below.

Contents:

  1. How is Lincoln Cathedral comprised?
  2. Why we collect and use your personal data
  3. What personal information do we collect from you?
  4. The lawful bases for using your information
  5. Who we collect from or share your information with
  6. Keeping your information secure
  7. How long do we keep your information?
  8. Your rights
  9. How to contact us
1) How is “Lincoln Cathedral” comprised?

Lincoln Cathedral is comprised of:

  • The Cathedral Church of the Blessed Virgin Mary of Lincoln (Registered charity number 1207411)
  • Lincoln Cathedral Music Fund (Registered charity number 1033089)
  • Lincoln Cathedral Learning, Arts, Culture and Events CIO (Registered charity number 1175597)
  • Lincoln Minster Shops Ltd. (Company registration number 01015279)

The above entities of Lincoln Cathedral are joint controllers determining the purposes and means of the processing of personal data as defined in UK GDPR Article 4(7).

The registered address for the above is: 4 Priorygate, Lincoln, LN2 1PL

2) Why we collect and use your personal data

We collect and use your personal information to carry out our safeguarding responsibilities including the following activities:

  • Ensuring the safety of those that work for or are employed by Lincoln Cathedral, including contractors and office holders, members of the Church of England and the public
  • Investigating safeguarding allegations
  • Maintaining records and case files regarding safeguarding incidents and/or investigations
  • Providing training
  • Providing support to individuals involved in safeguarding cases
  • Providing advice to Church of England bodies regarding managing safeguarding incidents or cases
  • Liaising with public, statutory and regulatory enquiries (including legal and independent reviews and inquiries), local authorities and courts and tribunals
  • Being involved in litigation, dispute resolution and judicial process (including liaison with external advisers)
  • Publishing resources, reports and reviews
  • Undertaking research and statistical analysis
  • Managing archived records for historical and research reasons, including the management and administration of access to our collections
3) What personal information do we collect from you?

The types of information we may process include:

  • Personal details
  • Contact information
  • Family details
  • Lifestyle and social circumstances
  • Employment and education details
  • Housing needs

We may also process “special categories” of information that may include:

  • Race
  • Ethnic origin
  • Politics
  • Religion
  • Trade union membership
  • Health
  • Sex life or Sexual orientation
  • Criminal allegations, proceedings or convictions

We may process personal information about:

  • Current, retired and prospective clergy
  • Employees (see wording below)
  • Volunteers
  • Complaints of misconduct and unlawful acts
  • Individuals involved in or connected with legal claims, inquiries, reviews and dispute resolution
  • Professional advisers and consultants
  • Children and parents
  • Individuals whose safety has been put at risk
4) The lawful basis for using your information

We may collect and use personal data as explained below.

  • Legitimate interest – we may need to process your information to undertake safeguarding tasks, including doing all that we reasonably can to ensure that no-one is at risk of harm during Church of England activities.
    Legitimate Interest Assessment
    We have undertaken a Legitimate Interest Assessment which sets out why we have a legitimate interest.
We have a specific purpose with a defined benefit. The consideration of matters which are brought to our attention in order that, amongst other things, we can identify any potential wrongdoing, inappropriate behaviour, or unlawful conduct, and put in place a safer way of working across the Church of England.
The processing is necessary to achieve the defined benefit. Unless we properly appreciate the detail of the matters to which you refer we cannot take steps to ensure that we have provided the most appropriate safeguarding response.
The purpose is balanced against, and does not override, the interests, rights and freedoms of data subjects. There is the risk of significant and/or serious harm to others if unsuitable individuals are appointed. This risk is greatest where allegations are not properly addressed. This is balanced against, and does not override, your interests, rights and freedoms.
  • Legal obligation – we may need to process your information in order to comply with a legal obligation, such as under the Inquiries Act 2005 which may compel us to provide personal data for the purposes of a statutory inquiry, or a referral to the Disclosure and Barring Service under the Safeguarding Vulnerable Groups Act 2006, or an order of a court or tribunal.
  • Special categories & criminal information
  • Substantial public interest (protecting the public against dishonesty etc.) – we may need to process your information where necessary for the protection of members of the public generally against seriously improper conduct, and from any failures in connection with, the Church of England’s activities, or for safeguarding purposes. This lawful basis is applied in the UK only, with reference to the GDPR Article 9(2)(g), and the Data Protection Act 2018 Schedule 2, paragraph 11. For those based outside the UK in other jurisdictions, they will have to ensure that their Member State law provides similar or equivalent use of 9(2)(g).
  • Legal claims – we may need to process your information where there is a legal claim, or in connection with a judicial process.
  • Archiving – we may keep your information for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.
5) Who we collect from or share your information with

Where necessary (or required), we collect from or share information with:

  • Legal representatives
  • Parties and individuals involved in or connected with legal claims, inquiries, reviews and dispute resolution (including mediation and arbitration)
  • Healthcare, social and welfare organisations or providers of health, social care or welfare services
  • Educational institutions
  • Governance bodies and committees
  • 3rd party data processors
  • Local and central government
  • Both houses of parliament and members of parliament
  • Regulatory and statutory bodies
  • Law enforcement and prosecuting authorities
  • Courts and tribunals and providers of legal services
  • Members of the judiciary
  • Charitable, religious and voluntary organisations
  • Survey and research organisations
  • Statutory, public, regulatory or other legal or independent reviews or inquiries, including any “lessons learned” reviews

Once your information has been collected by Lincoln Cathedral, it may be used by other National Church Institutions, where necessary, to provide a complete service to you, and we do this on the lawful bases listed above. It is for this reason that we link your information together, for example, to save you providing your information more than once.

Please note, your personal data will not be sent to countries outside the EEA without your consent, and with necessary safeguards. Lincoln Cathedral does do not share your information with countries outside of the UK or EEA without your consent and necessary safeguards.

6) Keeping your personal information secure

We are committed to ensuring that your personal data is secure. We limit access to data on a need to know basis and test our security practices and technologies.

Employees and temporary workers are required to follow policies and procedures and complete mandatory annual training to understand data protection and information security.

If a data breach does occur, we will do everything in our power to limit the damage. In the case of a high-risk data breach, and depending on the circumstances, we will inform you about the breach and any remedial actions to prevent any further damage. We will also inform the Information Commissioner’s Office of any qualifying data breaches.

Sending data over the internet is generally not completely secure, and we cannot guarantee the security of your data while it is in transit. All data sent is at your own risk. We have procedures and security features in place to keep your data secure once we receive it.
We store your data securely in compliance with European law. By submitting your personal data to us, you agree to this.

7) How long do we keep your information?

There’s often a legal and/or business reason for keeping your information for a set period, as stated in our retention schedule.

8) Your rights

You have the following rights regarding your personal data, subject to exemptions:

  1. The right to request a copy of your personal data
  2. The right to rectify your data if you think it is inaccurate or incomplete
  3. The right to request that your data being erased, in certain circumstances
  4. The right to restrict processing of your data, in certain circumstances
  5. The right to request that we transfer your data to you or another organisation, in certain circumstances
  6. The right to object to our processing of your data if the process forms part of our public tasks, or is in our legitimate interests

To exercise these rights please contact the Data Protection Officer using the contact information provided below. The full data protection policy is available on request.

9) How to contact us

Please contact us if you have any questions about our safeguarding privacy policy:

By email to data@lincolncathedral.com

Or write to us at: FAO The Data Officer, The Chapter Office, 4 Priorygate, Lincoln, LN2 1PL