This policy is about how St Mary’s Cathedral uses, stores, discloses and protects the personal information that people provide and what data is collected by the cathedral.
Personal information includes any information that identifies someone personally, such as a name, address, email address or telephone number.
St Mary’s Cathedral recognises the importance of privacy and this is an outline of how those representing the congregation collect, use, disclose, and protect this information. The cathedral strives to comply fully with data protection law.
The contact address is St Mary’s Cathedral Office: 300 Great Western Road, Glasgow G4 9JB, telephone 0141 339-6691. It is usually also possible to contact the cathedral via the website: www.thecathedral.org.uk
What information is collected
The cathedral collects information in a number of ways, including:
- Via cookies when visits are made to the website: https://thecathedral.org.uk/
- When a Welcome Card is completed
- When enquiries are made in writing, by email or telephone
- When complaints are made
- When people complete surveys
- When people fill in forms on the website.
- When someone joins the Congregational Roll
- When information is required for the Baptism, Confirmation, Wedding or Funerals register
- When someone attends an event
- When Gift Aid Declarations are made or to record a donation
- When subscriptions are made to online newsletters
- When someone applies for a job or volunteer position
- When someone becomes an employee, office bearer or volunteer
- When someone joins a Cathedral group
This information can include:
- name, email address and other personal information that is provided
- IP address for online contact, the resource being requested, the date and time of the request, the address of the page from where the request originated (the referrer) and the software used to access the page (the agent).
How the cathedral uses information
The cathedral may use the information it holds:
- in connection with membership records, for pastoral care purposes or in relation to participation in our activities;
- to fulfil individual employment contracts with employees (e.g. personnel administration) or for agreements with volunteers;
- to account for the governance of the cathedral;
- to communicate with with individuals (e.g. by letter, email or telephone) for example to provide information relating to the work of the cathedral or new developments;
- to further charitable aims of the cathedral, e.g. such as for fundraising activities;
- for internal administration, such as for accounting purposes, or for analysing how the cathedral may better fulfil its mission;
- to allow the congregation to communicate with each other through use of a shared contacts list system where there is an opt-out clause;
- to improve the website by monitoring how it is used;
- to respond to any feedback from individuals if they ask for feedback;
- to provide services that individuals have asked to receive
- to evaluate and inform the work of the cathedral.
The cathedral processes information from IP addresses and the technical information provided for
- security purposes – to maintain the integrity of online services and protect them from malicious or accidental abuse
- to generate approximate geographical information to determine the reach of the cathedral across Scotland and worldwide
- to identify technical problems
- to determine how the website is being used by visitors
The cathedral may collect certain information that does not by itself identify a specific individual. Such information can give information about equipment, screen size, browsing actions, and the resources that are being accessed, such as operating system and browser type. Technical information may be submitted to third-party services for processing on behalf of the cathedral. St Mary’s uses analytics and similar services.
By providing the cathedral with personal data, a person consents to the collection and use of any information you provide in accordance with the above purposes and this privacy statement.
Consent is also given to transferring information to countries or jurisdictions which do not provide the same level of data protection as the UK, if necessary for the above purposes. If thecathedral does make such a transfer, it will, if appropriate, put a contract in place to ensure information is protected.
Where data is stored
- Data from comments, requests, enquiries, feedback and applications for vacancies is stored on the Cathedral server
- Data from some event registrations is stored on the Cathedral server
- Data pertaining to mailing lists is stored is stored on the Cathedral server
- Data is stored in Registers in a safe in the sacristy
- The congregational roll is kept in a database on the Cathedral server
The Cathedral will only collect your personal data with consent. By submitting personal data to us in any of these forms, an individual is
consenting to the storage and processing of that data for the reasons specified at the time of submission.
How long does the Cathedral keep your information:
The Cathedral will keep your information only for as long as it is required to fulfil the purposes described in this policy. This is also the case for any third party services that process data on behalf of the cathedral. When information is no longer needed and there is no need for us to keep it to comply with legal or regulatory obligations, it will either be removed from the cathedral systems or anonymised so that it can’t identify an individual.
Keeping data secure
The cathedral has procedures and security features in place to try and keep data secure once it has been received.
The Cathedral via its office bearers and employees will use all reasonable endeavours to ensure that personal information is held in a secure and confidential environment and when the information is no longer needed it will be destroyed or permanently rendered anonymous.
Transmitting information over the internet is generally not completely secure, and an absolute guarantee of the security of data cannot be given.
The Cathedral may share personal information held for a number of reasons including to provide pastoral or other assistance, process donations or carry out any other contractual obligations. This data may be disclosed to employees and/or volunteers including the charity trustees/ office bearers.
The cathedral won’t share personal information with any other organisations for marketing, market research or commercial purposes.
In the event of an outbreak of Covid-19, the cathedral will disclose details of attendance at events to NHS Scotland’s Test and Protect contact tracing service.
Personal information may be passed on if there is a legal obligation to do so.
An individual has the right to:
- access information held about them, upon request, and to have incorrect information corrected
- withdraw their consent for the cathedral to use their personal information at any time, and to request that information about them be removed from our systems
- instruct the cathedral to have the information provided to us sent to another organisation, where the cathedral holds this information with consent and where it is technically feasible
- complain to the regulator, the Information Commissioner’s Office, if they think the cathedral hasn’t complied with data protection laws
To correct any information the cathedral is holding please write to or email as soon as possible to the address below. Any information found to be incorrect will be corrected as quickly as possible.
To opt out of any contact at any point please contact the cathedral on the address below, so that details can be added to a non-contact suppression list as required by law.
The Office Manager
St Mary’s Cathedral
300 Great Western Road
The office manager may forward details of enquiries to a more appropriate person to deal with the request.
This policy (Version 1.1) was last updated on 9 August 2019