Privacy Policy

Protecting your Privacy –
Winchester Cathedral Privacy Notice

Introduction
Winchester Cathedral is committed to protecting the privacy of any personal information it may hold regarding individuals.

This Privacy Note explains what types of personal data we may collect about you when you interact with us. It also explains what we do with that data and how we will store and keep it safe.

We hope that the following sections will answer any questions you may have but if not please contact us.

We may change our Privacy Note occasionally. We will tell you about significant changes but you can always visit this page to check at any time you like.

Who are we and who do we share data with?
When we refer to Winchester Cathedral we also include Winchester Cathedral Enterprises Ltd (WCEL). WCEL is the part of the Cathedral organisational structure that looks after the Gift Shop, Christmas Market & Ice Rink, Box Office, Events, and our Catering Contract.

We may share some data with the following:
Friends of Winchester Cathedral (The Friends)
The Friends is a registered charity set up to support the Cathedral. It provides regular grants to the Cathedral and provides fundraising support for specific projects.
Winchester Cathedral Trust (WCT)
WCT is a registered charity that helps to support Winchester Cathedral financially with major development and restoration projects.

We will never share with or sell your data to other companies or organisations unless we have your specific permission to do so.

In this Privacy Note “we” and “us” means Winchester Cathedral and Winchester Cathedral Enterprises Ltd

What legal bases do we use?
You may have heard about General Data Protection Regulations (GDPR) which came into effect on 25th May 2018. This sets out a number of different reasons for which we may collect and process your personal data:

Consent
This is where you directly give us permission to use your data
For example when you buy a ticket at our Box Office you will be asked if we can tell you about other forthcoming concerts and events

Contractual Obligations
Sometimes we need your personal data to fulfil a contract with you
For example if you buy a ticket online or something from our website we need to be able to send it to you

Legal Compliance
If the law requires us to, we may need to collect and process your data

Legitimate Interests
This is where the process is necessary for our legitimate interests. Where we use this basis we are required to take on extra responsibility for protecting your rights and freedoms. Where we use this basis it should be in a way that you would expect to use such personal data.
For example we use this basis to have CCTV at the Christmas Market. It is not practical to get consent from every visitor and we use the data to monitor crowd safety.

When do we collect your personal data?
The most common reasons for collecting your personal data are

When you visit the Cathedral Office and ask to join the Cathedral Community Roll
When you enquire about becoming a volunteer
When you sign up to the Dean’s Newsletter and/or our Electronic Marketing newsletter
When you contact us with any queries or complaints
When you ask us to email you information about services, events or the Cathedral in general
When you make a donation to the Cathedral and choose to give us your details
When you buy or request a ticket to a Cathedral Service, concert, event, the ice rink or any other ticketed activity
When you chose to complete any survey we may ask you to do
When you fill in any forms
For example if there were an accident at the Cathedral you may be asked for your personal detailsWhen you visit the Cathedral or its grounds your image may be recorded on our CCTV system for the security and safety of visitors and staff
When you engage with us on social media

What sort of data do we collect?
In general we may keep:
Your name
Gender
Date of birth
Address
Email address
Telephone number
Bank details (for example where you make donations to the Cathedral by Standing Order)
Details of any conversations we may have with you
Details of any complaints or comments you make
Any preferences or interests you may tell us about

For in person or over the phone transactions we may also collect any delivery address and details of orders and receipts. This may include email for “print at home” tickets
For online transactions we may also keep an encrypted record of your password used to login to your account
For Credit Card transactions we may keep credit card details
Please note that the credit card information you give for any online transaction via our secure webpage is used solely for the purpose of processing that transaction

Where required to do so by law we may keep copies of documents you provide to prove your age or identity (including passport and driver’s licence). This will include details of your full name, address, date of birth and facial image. In the case of a passport it will also include your place of birth, gender and nationality.

Details of your visits to our websites and which site you came from to reach ours

Your image may be recorded on CCTV when you visit the Cathedral or the Cathedral grounds

Your car registration may also be recorded if you drive to the Cathedral

Your social media username if you contact us through those channels

To help improve our web experience, we may collect technical information about your internet connection and browser, where your computer is located, the web pages viewed and any search terms you entered (please see website privacy policy below)

How and why do we use your personal data?
We want to provide the best experience to all those who visit the cathedral to worship, to visit, for an event or to learn more about the Cathedral. This includes the information we make available online. To do that it helps us if we know some information about you.

We will use your personal data to process any purchases of tickets, products or other services you have purchased or requested online, by telephone or in person. If we don’t collect your personal data we won’t be able to process your order/request and comply with legal obligations. Our ticketing system will keep a record of any ticketing transactions you have made with us. On very rare occasions we may need to pass your details on to a third party to fulfil the request.

Where you buy tickets for a concert being promoted by a third party you will also be asked if you give permission for your details to be passed on to them so that they may send you information about other concerts they are arranging.

To inform you about fundraising campaigns and events where you have given consent for us to do so. We will keep you informed about any projects you have supported.

We will use your personal details to respond to any queries, refund requests or complaints you may have. Handling this information allows us to respond and we may also keep a record of these to inform any future communication with us. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best possible service and to help us understand how we can improve our service on the basis of your experience.

We may use your information to protect the Cathedral and you from fraud and other illegal activities. We do this as part of our legitimate interests.

To protect visitors, volunteers and staff and the Cathedral and its environs from crime we use CCTV cameras inside and outside the Cathedral which record images for security purposes. We also use CCTV images for crowd safety during large scale events and to help with the safe operation of the Cathedral. We do this on the basis of our legitimate interests.

If we discover any criminal activity or alleged criminal activity through the use of our CCTV we will process this data for the purposes of preventing or detecting unlawful acts. We do this on the basis of our legitimate interests. We may share this with the police and others as part of a legal obligation.

With your consent we will use your personal data to contact you by email, web, text or telephone about relevant services, concerts, events and similar activities. We may also send you personalised communications by post on the basis of our legitimate interests.

If you wish to stop hearing from us by any or all of these methods you can do so at any time.

We may use your details to administer any prize competitions which you enter based on the consent given at the time of entering.

We may use your personal data to develop, test and improve the systems, services and products we provide to you on the basis of our legitimate interests.

We may use your personal data to comply with our contractual or legal obligations to share data with law enforcement.

We may use your data to send you survey and feedback requests to help improve our services. We will not include any promotional content and we do not require prior consent when sent by email or text. We have a legitimate interest to do so as this helps us make our products and services more relevant to you.

To help us understand more about you and what you are interested in we may combine your personal data with information from associated entities (including Friends of Winchester Cathedral and Winchester Cathedral Trust), relevant third parties and other publicly available lists. We do this on the basis of our legitimate interests.

How we protect your personal data?
We know data security is important to you as an individual and we will treat your data with the utmost care and take all appropriate measures to protect it.

We secure all access to areas of our website where transactions take place by use of https technology.

On our ticketing website and our e-commerce site, access to your personal data is password protected.

Sensitive data such as payment card information is secured by SSL encryption.

Who do we share your information with?
We sometimes share your data with trusted third parties.
For example, we may provide details to a courier for a delivery to you. We only provide the information they need to fulfil the specific service involved. They may only use the information we provide for the purpose of that service. They only hold that data for as long as necessary to fulfil the service.

We will only share data with a third party in very specific circumstances. For example:

We will only share information about ticket purchases with a concert promoter if you have given your specific consent to do so. You will be asked at the time you make your purchase if you give your consent.

If we run a promotion with a third party and you specifically indicate that you agree to that third party sending you promotional material directly.
For fraud management purposes we may share information about fraudulent or potentially fraudulent activity. This may include sharing data with law enforcement bodies.

We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. Any such request is considered on a case-by case basis and your privacy will be taken into consideration.

What are your rights regarding your personal data?
You have the right to request:

Access to the personal data we hold about you. This will in most cases be free of charge

That we correct any personal data which is incorrect, out of date or incomplete

That we stop using your personal data for direct marketing. You may request that we stop completely or stop using specific channels such as email.

That we stop any data processing that is based on your consent after you withdraw that consent

You can contact us to request to exercise these rights at any time.

To ask what personal information we hold about you (a Subject Access Request) please contact the
Data Protection Compliance Officer
Cathedral Offices, 9 The Close
Winchester
SO23 9LS
Or by email to dataprotection@winchester-cathedral.org.uk

Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent

Where we rely on legitimate interests
In cases where we are processing your personal data on the basis of our legitimate interests, you can ask us to stop for reasons connected to your individual situation.

How can you stop the use of your personal data for direct marketing?
You can stop the use of your personal data for direct marketing in the following ways:

Click the “unsubscribe” link in any email communication we send you. We will stop any further emails from that particular area.

If you have an account on our ticketing system, log in to your account and amend your settings

Alternatively you can contact us via the
Data Protection Compliance Officer
Cathedral Offices, 9 The Close
Winchester
SO23 9LS
Or by email to dataprotection@winchester-cathedral.org.uk

If you live outside the UK

This Privacy Notice is only available in English. When requested we will provide a translation if possible. In case of any dispute regarding meaning the English language version will take precedence.

By using our services or providing your personal data to us, you expressly consent to the processing of your personal data by us or on your behalf. You do have the right to ask us not to process your data in certain ways and if you do so we will of course respect your wishes.

Occasionally we may need to transfer your personal data between countries. By dealing with us you are giving your consent to this overseas use, transfer and disclosure of your personal data outside your country of residence for our normal business purposes.

If you require any further information then please contact the
Data Protection Compliance Officer
Cathedral Offices, 9 The Close
Winchester
SO23 9LS
Or by email to dataprotection@winchester-cathedral.org.uk

If you have any further questions

If you have any further questions that have not been covered in this Privacy Notice then please contact the
Data Protection Compliance Officer
Cathedral Offices, 9 The Close
Winchester
SO23 9LS
Or by email to dataprotection@winchester-cathedral.org.uk

If you have any complaints or concerns that we are unable to answer you can contact the Information Commissioners Office (see https://ico.org.uk/global/contact-us/ for details on how to contact the ICO)

This notice was last updated on 1 June 2018

Website Privacy Policy

Privacy

In accordance with data protection legislation, the Cathedral is committed to protecting the privacy of the personal information of visitors using this Site.

What and when we collect

We may collect personal information such as your name, contact information, credit card information and demographic information such as postcode, preferences and interests (the “Personal Data”). Your Personal Data is collected when you contact us, request information, make a booking, purchase items (including etickets) or support us. Note that the credit card information you give for any online transaction via our secure webpage is used solely for the purpose of processing that transaction.

Consent  to collect your Personal Data and what we do with it

You hereby agree that your Personal Data may be collected and processed by us (and stored by our designated data collection agency) for the following purposes:

  • processing your requests;
  • providing you with our newsletter and other information by email or other means;
  • providing you with information about our products and services or those of other parties we think you may find interesting;
  • providing a personalised service;
  • maintaining accounts and records;
  • statistical analysis and conducting market research surveys;
  • assessing and evaluating the use that is being made of the Site;
  • information and databank compilation and administration.

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.

Controlling your Personal Data

You may choose to restrict the collection or use of your personal information in the following ways:

  • whenever you are asked to give personal information you will be given the option to ‘opt in’ to receiving marketing information from Winchester and third parties;
  • if you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at marketing@winchester-cathedral.org.uk

You have the right to ask in writing for a copy of the information we hold about you (for which we may charge a fee) and to correct any inaccuracies in your information.

How we use cookies

When you visit our Site, we automatically send your computer tiny text files called “cookies” some of which are integral and essential for the operation of the Site and others which allow us:

  • to recognise you during that visit (a session cookie) or for future visits (a permanent cookie);
  • to monitor Site usage and performance allowing us to improve your user experience and assess the Site’s performance.

A full list of cookies used on our Site is listed below.

Our use of the cookie is limited to your activities within our Site and does not have any other effect on your computer or your other activities on the internet. A cookie cannot be used to identify you personally and does not give us access to your computer or any information about you, other than the data you choose to share with us. Please note that we do not disclose information stored in your cookies to third parties.

When you visit the Site, if your browser is using the standard settings and it is accepting cookies, you are giving consent for cookies on the Site to be stored on your computer. If you do not wish to accept cookies you can do so by adjusting the settings on your browser. AboutCookies.org provides a guide to how you can do this on the most commonly used browsers. If you do decline cookies, however, some features of the Site may not be available to you and some pages may not display properly.

Provider Name Purpose More info
PHP session cookie PHP session cookie Session cookie essential to the operation of some parts of the website. No personal information is stored. This session cookie is removed when you close your browser.
Google Analytics _utma Contains a unique and anonymous identifying ID, which allows us to ensure that subsequent visits to our website are recorded as belonging to the same (unique) visitor. This cookie expires after two years. To find out more about Google Analytics privacy policies or to opt out of being tracked by Google Analytics across all websites visit:
http://www.google.com/analytics/learn/privacy.html
Google Analytics _utmb Used to establish and continue a unique user session. Each time you request another page from the website the cookie is updated to expire after 30minutes. To find out more about Google Analytics privacy policies or to opt out of being tracked by Google Analytics across all websites visit:
http://www.google.com/analytics/learn/privacy.html
Google Analytics _utmc Works with _utmb to determine when to create a new session for a website visitor. This is a session cookie and expires when you exit the browser. To find out more about Google Analytics privacy policies or to opt out of being tracked by Google Analytics across all websites visit:
http://www.google.com/analytics/learn/privacy.html
Google Analytics _utmz Tracks how you found us and is used to calculate traffic and navigation within the website. It is updated with every new page view and expires after 6 months. To find out more about Google Analytics privacy policies or to opt out of being tracked by Google Analytics across all websites visit:
http://www.google.com/analytics/learn/privacy.html
Google Map NID PREF We use Google’s interactive maps because we believe they provide a helpful way for our visitors to identify how best to travel to us. See the Google privacy for further details:
http://www.google.com/intl/en/policies/privacy/
Vimeo aka_debug A third party session cookie set by the Vimeo service when you play one of the videos embedded in our site. This cookie is removed when you close your browser. See Vimeo’s privacy policy for further details: http://vimeo.com/privacy