The Society of Friends of Westminster Cathedral Privacy Statement
The Society of Friends of Westminster Cathedral Privacy Statement
Effective 25th May 2018
Who we are
The Society of Friends of Westminster Cathedral is a registered charity (Number: 272899).
Andrew Hollingsworth, Treasurer of the Friends of Westminster Cathedral, is the data controller for the purposes of data protection law, which comprises EU General Data Protection Regulation 2016/679 (‘GDPR’), The Data Protection Act 2018 and related legislation, including the ‘UK GDPR’ constituted by section 3 of the European Union (Withdrawal) Act 2018 and the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (S.I. No 419 of 2019), together with The Privacy and Electronic Communications Regulations 2003 to 2018, all as amended from time time.
What this Privacy Notice is for
This Privacy Notice provides information about how the Society will use (or ‘process’) the personal data of individuals who are members of the Society and, where applicable, their guests. This information is provided because data protection law gives individuals rights to understand how their data is used.
GDPR definition of personal data
…“‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person …”
GDPR definition of processing
…“‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction …”
Responsibility for data protection
The Director of the Society is responsible for dealing with requests and enquiries concerning the Society’s uses of individuals’ personal data and will endeavour to ensure that all personal data is processed in compliance with data protection law. The Director can be contacted by email at email@example.com or by post at: The Friends Office, Clergy House, 42 Francis Street, London, SW1P 1QW.
Why the Society needs to collect personal data
The Society’s two main activities are communicating with members, fundraising and events. A newsletter is published twice a year and distributed by post to members who, in joining the Society, have given their address, telephone and e-mail details. Notification of the AGM, a draft agenda and accounts are also distributed in advance of the AGM.
The Society processes personal data for the purposes of facilitating these activities and considers that such processing falls within the scope of the Society’s legitimate interests.
Occasionally, the Friends’ mailing will include flyers and other leaflets pertaining to other organisations such as The Passage and the Music Department of Westminster Cathedral. The Society’s data is not shared with these organisations.
Types of personal data processed by the Society
- Names, titles, and decorations of members
- Addresses, telephone numbers, e-mail addresses of members and guests
- Bank details of members (only held when subscriptions are paid by standing order)
- Names, titles, decorations of guests
- Lists of events attended by members and guests
How the Society collects personal data
The Society receives personal data directly from members who complete a Membership Form and, where applicable, a Banker’s Order form on joining the Society. Names of guests (non-members), contact telephone numbers and addresses are also received from members who apply for tickets to events.
Who has access to personal data and with whom does the Society share it?
Only the Director and the Treasurer have access to personal data.
For the most part, data is private and is only used for the purposes of organising an event or administering the membership database. Exceptions include a ‘black-tie’ dinner when a list of members’ names and their guests’ names will be displayed with a table plan. In some very specific instances we are also required to give a list of guests’ names to a venue for security purposes. These include visits to the Houses of Parliament and other high security venues such as the Royal Military College, Sandhurst. Members will be informed that their names will be supplied.
In very exceptional circumstances, members have given express permission for their names to be displayed publically in the Cathedral and its environs in recognition of major donations.
How is personal data stored?
The original member’s details forms and subsequent correspondence are stored in a paper filing system held within the Friends office in locked cabinets. The office only holds paper records from 2000. All hard copy data prior to this date has been shredded. The office is also locked. Personal data from the forms is transcribed into The Friends of Westminster Cathedral database which is stored securely on the Cathedral server.
The Society keeps a paper record of all receipts pertaining to membership fees, events and donations. Members’ attendance at and booking for events is currently recorded in Excel spread sheets held securely on the Friends’ drive. This is password protected.
How long does the Society keep personal data?
The Society will retain personal data securely and only for as long as is necessary for a legitimate and lawful reason. Generally, this means for as long as an individual is a member of the Society and for seven years thereafter, given that in most cases Gift Aid is applicable to subscription income.
Rights of access
Rights under data protection law belong to the individual to whom the data relates.
Any individual wishing to access or amend their personal data or wishing it to be transferred to another person or organisation, or who has some other objection as to how their personal data is used, should put their request in writing to the Director. The Society will endeavour to respond to any such written requests as soon as is reasonably practicable and in any event within statutory time-limits (which is one month in the case of requests for access to information).
Data accuracy and security
The Society will endeavour to ensure that all personal data held in relation to an individual is as up to date and accurate as possible. Individuals should notify the Director of any significant changes to important information, such as contact details, held about them. An individual has the right to request that any out-of-date, irrelevant or inaccurate information about them is erased or corrected. The Society will take appropriate technical and organisational steps to ensure the security of personal data about individuals.
This Privacy Notice
The Society will update this Privacy Notice from time to time. Any substantial changes that affect individuals’ rights will be provided to them directly as far as is reasonably practicable.
Queries and complaints
Any comments on or complaints about this Privacy Notice should be addressed to the Director. If an individual believes that the Society has not complied with this Privacy Notice or acted otherwise than in accordance with data protection law, they should notify the office immediately. Individuals can also make a referral to or lodge a complaint with the Information Commissioner’s Office (ICO), although the ICO recommends that steps are taken to resolve the matter with the Society before involving the regulator.
First published May 2018
Amended January 2021