The Dean and Chapter of Exeter Cathedral (“we”) are committed to protecting and respecting your privacy and protecting your personal information.
This Privacy Notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. Please also refer to our website terms of use and Cookie Policy and any other documents referred to on the website.
For the purposes of data protection, the data controller is The Dean and Chapter of Exeter Cathedral, 1 The Cloisters, Exeter, EX1 1HS.
The processing of personal data is governed by the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
Why we collect personal information
Exeter Cathedral will only collect personal data for specific legitimate purposes.
These are examples of purposes for which we collect and process personal data:
- performance of religious ceremonies and services, supporting the ministry of the Diocese of Exeter and its Bishops
- provision of pastoral care
- management of safeguarding and the provision of training
- organisation of events held at the Cathedral
- allowing pre-arranged admission to the Cathedral for sightseeing, educational visits and some public events
- ensuring the safety and security of people who work in or visit the Cathedral
- management of the Cathedral’s library and historic collections
- management of the Cathedral’s accounts, including the processing of Gift Aid claims
- promotion of the work and activities of the Cathedral
- supporting fund-raising for the maintenance and enhancement of the Cathedral
- maintaining and publishing our electoral roll in accordance with the Church Representation Rules
- supporting choristers
- delivering education and outreach work
- allowing Cathedral facilities to be hired for private events and services
- recruitment of staff and volunteers.
How personal data is collected
Generally, we receive personal data from individuals directly. We use appropriate methods for different situations, including, but not restricted to, website forms, email, paper documents and records of telephone calls.
CCTV cameras are located inside and outside the Cathedral for the purposes of safeguarding and security. Photographs and video recordings are taken at some Cathedral services and events.
What data do we collect?
Data is restricted to that which is required in each instance. In most cases, that will include your name and contact details – email address, home or business address and telephone number. We may need to collect additional information, for example:
- requirements and statutory information for people arranging religious ceremonies and services such as weddings, baptisms, memorial services and confirmations
- requirements for people booking an educational visit to the Cathedral
- payment details for visitors pre-booking a sightseeing visit to the Cathedral or pre-booking tickets for a Cathedral event
- payment details and other records for people who make donations to the Cathedral
- requirements for hiring a room or space in the Cathedral
- areas of expertise for people working in partnership with the Cathedral to either contribute to, support or organise Cathedral services and events
- areas of expertise for volunteers and others providing goods and services to support the work of the Cathedral.
Who do we share your personal data with?
We collect your information for a specific purpose and only share this information with a third party when it is appropriate and necessary to do so in order to fulfil that purpose. This typically includes:
- helping trusted partners and suppliers involved in the organisation and delivery of Cathedral events and services, including the Diocese of Exeter
- assisting other organisations closely connected with the ministry of Exeter Cathedral, for example the “Friends of Exeter Cathedral” and the “Music Foundation Trust”.
- fulfilment of legal and statutory obligations
- fulfilment of contractual obligations
- helping the Department of Health and Social Care upon any request for visitor information they may make to the Cathedral.
We do not sell or otherwise disclose your information to third parties (including for marketing purposes).
Keeping your personal data secure
We keep personal data for as long as it is needed for the purpose it has been collected, then it is destroyed. The actual period of time takes into account such factors as legal or regulatory requirements. We follow the guidance in “Chapter and Verse: The Care of Cathedral Records” produced by the Church of England Record Centre.
All personal data is stored securely. Paper documents are held in locked cabinets. Computer documents are held on secure systems, protected by appropriate technical measures.
Your rights under the GDPR and the Data Protection Act 2018
Right of access – you may request a copy of your personal data that we hold. We may charge a “reasonable fee” to provide this data.
Right to rectification – you have the right to have personal data corrected if it is inaccurate.
Right to erasure / be forgotten – you have the right to request the deletion or destruction of personal data where there is no compelling reason for its continued processing.
Right to restrict processing – you have the right to request that processing of your personal data is suppressed.
Right to object – you have the right to object to processing based on legitimate interests.
Contact details
Questions, comments, requests and complaints regarding this notice should be addressed to [email protected] or 1 The Cloisters, Exeter, Devon EX1 1HS.
You have the right to lodge a complaint with the Information Commissioner’s Office or its successors. Please refer to their website for further information. At the time of writing this is www.ico.org.uk.
Changes to our Privacy Notice
Any changes we may make to our Privacy Notice will be posted on this page and, where appropriate, notified to you by e-mail.