Manchester Cathedral is committed to respecting your privacy and protecting your personal information; the Cathedral Chapter welcomes the improvements to data protection brought about by the UK GDPR and the Data Protection Act 2018 (collectivley, the 'Data Protection Legislation'). This Privacy Notice explains the reasons why Manchester Cathedral collects personal information, the types of personal information collected, how it is used and your legal rights regarding this use. This Privacy Notice is not intended for children.
Who are we?
The Dean and Canons of the Cathedral and Collegiate Church of St Mary, St Denys and St George in Manchester (known as “Manchester Cathedral”) is the data controller. This means that Manchester Cathedral decides how your personal data is processed and for what purposes. Manchester Cathedral comprises a number of legal entities: Dean and Canons Manchester Cathedral; Manchester Cathedral Hire Ltd.; Manchester Cathedral Development Trust (MCDT); Friends of Manchester Cathedral; Dean of Manchester Crosland Fund; Manchester Cathedral Visitor Centre; Manchester Cathedral Ventures Ltd. and Volition.
Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the Data Protection Legislation.
How do we collect personal data?
Generally, Manchester Cathedral receives personal data from the individual directly. We recognise the need to collect data in an appropriate way for the situation so utilise different methods, namely online; email; paper documents; telephone and on some occasions whilst you are visiting the Cathedral or attending a service. When collecting personal data online we use third-party providers embedded securely on our website (Jotform Opens in new window and Campaign Monitor Opens in new window and Eventbrite Opens in new window ) and data protection agreements are in place; these providers have adopted data protection best practices, and their policies can be reviewed on their respective websites. Visitors to Manchester Cathedral should be aware that CCTV cameras are located around the building for the purposes of prevention and detection of crime. Photographs and recordings are occasionally taken at Cathedral services and events – on these occasions attendees are informed by way of clear signage and by messaging inside the order of service.
What personal information do we collect?
For most purposes we need to collect your name and contact details. There are times when we need to collect additional information for example:
- Requirements and statutory information for people arranging religious ceremonies and services such as weddings, baptisms, memorial services and confirmations;
- Requirements for people booking an educational visit to Manchester Cathedral;
- Payment details for visitors pre-booking a tour visit around Manchester Cathedral;
- Payment details for visitors pre-booking tickets for an event;
- Payment details and gift aid records for people who make donations;
- Requirements and payment details for hiring a room or space;
- Details, contact information and areas of expertise for people working in partnership with Manchester Cathedral to either contribute to, support or organise Manchester Cathedral services and events;
- Details, contact information and areas of expertise for people providing goods and services to support the work of Manchester Cathedral;
- Details, contact information and areas of expertise for people attending services or in receipt of goods or services provided by Manchester Cathedral.
Automated technologies or interactions
Why do we process your personal data?
Manchester Cathedral complies with its obligations under the Data Protection Legislation by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. We use your personal data for the following purposes:
- To enable us to provide a voluntary service for the benefit of the public in a particular geographical area as specified in our Constitution;
- To administer the Cathedral Community records (also known as the electoral roll) and benefactor records;
- To provide pastoral care to Manchester Cathedral’s congregations;
- To fundraise for, promote the interests of, and administer the business of Manchester Cathedral, its charitable trusts and its trading entities;
- To manage our clergy, employees, volunteers and tenants;
- To maintain and audit our own financial accounts and records and process gift aid applications;
- To inform you of news, events, activities and services at Manchester Cathedral;
- To share your contact details with the Diocesan office so they may assist with the processing of gift aid applications;
- To contact individuals via surveys to conduct research about their opinions of current services and facilities or of potential new fabric developments that may be offered;
- To operate the Manchester Cathedral web site and deliver the services that individuals have requested online;
- To operate the Manchester Cathedral Online Shop and deliver the products that individuals have purchased online;
- To administer responses collected via the third-party platform ‘Jotform’ and deliver the services that individuals have requested online;
- To help protect the health of our visitors and worshippers and comply with government guidelines regarding COVID-19 Test and Trace (so that we are able to contact you if you may have come into contact with someone who has COVID-19, and to tell you what to do next; or, by sharing your data with Public Health England (“PHE”), to enable you to be contacted by them for the same purpose. PHE have published a privacy notice for the NHS Test and Trace Service Opens in new window ).
Our processing also includes the use of CCTV systems for the prevention and detection of crime.
What is the legal basis for processing your personal data?
- Explicit consent of the data subject so that we can keep you informed about Cathedral news, events, activities and services and keep you informed about other events and activities hosted or arranged by Manchester Cathedral or its entities;
- Processing is necessary for carrying out legal obligations in relation to the Cathedrals Measure 1999, Gift Aid or under employment, social security or social protection law, or a collective agreement;
- Processing is carried out by a not-for-profit body with a political, philosophical, religious or trade union aim provided: the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes); and there is no disclosure to a third party without consent;
- To pursue a legitimate interest.
Sharing your personal data
Your personal data will be treated as strictly confidential and will only be shared within Manchester Cathedral in order to carry out a function or service as outlined above or for legitimate purposes connected with Manchester Cathedral. We will only share your data with third parties outside of Manchester Cathedral with your prior consent. We will never sell your data to third parties.
How long do we keep your personal data?
We keep data in accordance with the guidance set out in the Church of England Record Centre Records Management Guide “Chapter and Verse: The Care of Cathedral Records” which is available from the Church of England website Opens in new window . Specifically, we retain Cathedral Community data while it is still current; gift aid declarations and all other financial paperwork for up to 6 years after the calendar year to which they relate; and parish registers (baptisms, marriages, funerals etc.) permanently. Personnel records relating to clergy and employees are presently being held indefinitely for safeguarding investigation purposes relating to the Independent Inquiry into Child Sexual Abuse (IICSA). Test and Trace data will only be kept for as long as necessary to fulfil the purposes we collected it for, which is currently 21 days under the UK Government’s “COVID-19: Guidance for the safe use of places of worship”.
Your rights and your personal data
Unless subject to an exemption under the Data Protection Legislation, you have the following rights with respect to your personal data:
- The right to request a copy of your personal data which Manchester Cathedral holds about you;
- The right to request that Manchester Cathedral corrects any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary for Manchester Cathedral to retain such data;
- The right to withdraw your consent to the processing at any time;
- The right to request the transfer of your data to a third party;
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data;
- The right to lodge a complaint with the Information Commissioners Office.
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
To exercise all relevant rights, queries of complaints please in the first instance contact the Cathedral Administrator on 0161 833 2220 or via email or at Manchester Cathedral Office, Manchester Cathedral, Victoria Street, Manchester, M3 1SX. We hope to be able to resolve any complaints about our Privacy Notice directly with you. However, if you feel this has not been achieved, you can contact the Information Commissioner’s Office on 0303 123 1113 or via email at https://ico.org.uk/global/contact-us/email/ Opens in new window or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.