St Paul’s Cathedral is committed to respecting your privacy and protecting your personal information.
Why do we collect personal information?
St Paul’s Cathedral adopts the principle of collecting personal data for specified, explicit and legitimate purposes and does not further process data in a manner that is incompatible with those purposes.
We need to collect and process personal information in order to:
- allow pre-arranged admission to the Cathedral for sightseeing, educational visits and some public events
- organise events and services held at the Cathedral
- perform religious ceremonies and services
- ensure the safety and security of people who work in or visit the Cathedral
- provide pastoral care
- manage the Cathedral’s historic and art collections
- promote the work and activities of the Cathedral
- support raising funds for maintaining the Cathedral, supporting choristers and delivering education and outreach work.
- allow Cathedral facilities to be hired for private events and services
- sell Cathedral shop merchandise online
- recruit staff and volunteers.
In order to promote the work and activities of the Cathedral, we offer people the opportunity of choosing to receive periodical updates about news, events and activities at the Cathedral.
We are also required to collect and process personal information to fulfil contractual, legal and statutory obligations.
How do we collect personal data?
Generally, the Cathedral receives personal data from the individual directly. We recognise the need to collect data in an appropriate way for the situation so utilise different methods, namely online; email; paper documents; telephone and on some occasions whilst you are visiting the Cathedral.
For a small number of specific activities, personal data may be supplied by third parties. We will endeavour to inform you when this is the case.
Visitors to the Cathedral should be aware that CCTV cameras are located around the Cathedral environment for the purposes of security. Photographs and video recordings are taken at some Cathedral services and events.
We make use of publicly available information to establish and develop relationships with partners and supporters.
What personal data do we collect?
For most purposes we need to collect your name and contact details. There are times when we need to collect additional information, typically:
- requirements and statutory information for people arranging religious ceremonies and services such as weddings, baptisms, memorial services and confirmations
- requirements for people booking an educational visit to the Cathedral.
- payment details for visitors pre-booking a sightseeing visit to the Cathedral
- payment details for visitors pre-booking tickets for a Cathedral event.
- payment details and gift records for people who make donations to the Cathedral
- requirements for hiring a room or space in the Cathedral.
- areas of expertise for people working in partnership with the Cathedral to either contribute to, support or organise Cathedral services and events
- areas of expertise for people providing goods and services to support the work of the Cathedral.
Who do we share your personal data with?
We collect your information for a specific purpose and will only share this information with a third party when it is necessary to do so in order to fulfil that purpose. This is typically to:
- help trusted partners and suppliers involved in the organisation and delivery of Cathedral events and services
- help trusted organisations provide specialist outsourced services to the Cathedral
- fulfil legal and statutory obligations.
- fulfil contractual obligations.
- help the Department of Health and Social Care (DHSC), upon any request for visitor information they may make to the Cathedral to support the NHS Test and Trace service.
We will not sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes.
How long will we keep your information?
St Paul’s Cathedral endeavours to retain personal data for no longer than is necessary for the purpose we obtained it for. We define different data retention periods for the different types of data that we hold, these periods also take into account other factors such as legal or regulatory requirements; agreed industry standards; business and operational requirements.
Data Protection laws provide you with the following rights.
Right of access
You may request a copy of your personal data held by St Paul’s Cathedral. There is usually no fee for this request however we may charge a “reasonable fee” when a request is manifestly unfounded or excessive.
Right to rectification
You have the right to have personal data rectified if it is inaccurate or incomplete.
Right to erasure
You have the right to request the deletion or removal of personal data where there is no compelling reason for its continued processing.
Right to restrict processing
You have the right to ‘block’ or suppress processing of your personal data.
Right to object
You have the right to object to processing based on legitimate interests or direct marketing.
How to exercise your rights
All requests must be made in writing to the following address.
Data Protection Request
St Paul’s Churchyard
The request must contain your name; postal address; the right you are exercising; the activity, event or service that the data relates to; any supporting information that will help us identify the data such as when and how you provided it.
You have the right to lodge a complaint with the Information Commissioner’s Office. Further information, including contact details, is available at www.ico.org.uk.