This privacy notice sets out how the Dean and Canons of Windsor use and protect any personal information provided to the following entities:
- The Queen’s Free Chapel of St George within her Castle at Windsor (St George’s Chapel)
- The Foundation of the College of St George, Windsor Castle
- St George’s Chapel Bookshop Limited
For the purposes of this privacy notice, the Dean and Canons of Windsor are deemed to be the Data Controller for personal data provided to these entities, determining what personal data is processed and for what purpose.
The Dean and Canons of Windsor are committed to ensuring that personal data is properly protected and that usage of such information is only in accordance with this notice.
Any information about a living individual which allows them to be identified from that information, or in conjunction with other information, is deemed to be personal data. The processing of such personal data is governed by the Data Protection Act 2018 and EU Regulation 2016/679 (The ‘General Data Protection Regulation’).
We process the following personal data
- Names, titles, and aliases;
- Photographs taken at events we hold;
- Contact details such as address, email address and telephone number;
- Where paying for a product / service or making a donation through our website, payment card and transactions details; and
- For our employees and volunteers, we may hold next of kin details.
- Records of public and/or historical interest, such as registers, orders of service, financial accounts, employment records, correspondence and photographs which may include names, titles, contact details and other personal data. The data we process can constitute sensitive personal data because, as a religious institution, the fact that we process personal data may be suggestive of religious beliefs.
Compliance with obligations
The Dean and Canons complies with its obligations by:
- keeping personal data up to date;
- by storing and destroying it securely;
- not collecting excessive amounts of data;
- by protecting personal data from loss, misuse, unauthorised access and disclosure; and
- by ensuring appropriate measures are in place to protect personal data.
Why we process personal data
We process personal data for the following purposes:
- To organise chapel services such as baptism, confirmation, wedding and funerals and to minister to our congregation within and without Windsor Castle, providing appropriate pastoral and spiritual care;
- To meet statutory and legal obligations;
- To ensure comprehensive safeguarding procedures are in place, in line with best safeguarding practice, for choristers, other children and adults-at-risk;
- To administer membership records for Chapel activities and groups (including the Friends);
- To fundraise and promote the interests of the Chapel;
- To process donations and claim Gift Aid where relevant;
- To process payment for either merchandise sold via our website and shop or for services provided by our Archives section;
- To maintain our accounting records;
- To manage our employees and volunteers, including applications for jobs and voluntary work within the Chapel;
- To administer services relating to properties owned by the Chapel;
- To record details of any accidents on our premises (in line with Health and Safety Regulations);
- To seek your views or comments;
- To notify you of changes to our services, events and role holders;
- To inform you of news, events, activities and services at St George’s Chapel ;
- To send you communications which you have requested and that may be of interest to you. These may include information about campaigns, appeals, other fundraising activities.
- To archive materials of historical and/or cultural importance in the public interest
At events that we organise, there may be a photographer present. We may use photographs taken to promote the activities of the Chapel.
At such events, we will provide a notice at the entrance to the event and any attendee, not wishing to be photographed, can inform a member of staff of their wishes.
We will obtain written consent from parents or guardians if a photograph of a child is to be taken.
When people purchase merchandise, either via the website or via our retail outlet, we use third party providers to process credit or debit card purchases. These providers adhere to international security standards within the credit card industry.
Sharing Personal Data
Personal data is treated as strictly confidential. It will only be shared with third parties where it is necessary for the performance of our legal responsibilities or where prior consent is provided.
We will not sell or lease your personal information to third parties.
Following UK Government guidance, St George’s Chapel is assisting the NHS Test and Trace operation. The purpose of this operation is to contain clusters or outbreaks of the COVID-19 virus. When you attend a service in St George’s Chapel you will be asked to provide your name and contact telephone number. This information may be shared by us with the NHS Test and Trace operation, if requested, up to 21 days after your visit. If NHS Test and Trace has not requested your personal data within 21 days, we will destroy it. We collect and share your details for this purpose on the basis of legitimate interests. If you do not wish to have your details passed to the NHS Test and Trace operation you do not need to give us your details.
Legal Basis for processing Personal Data
We determine the legal basis for holding personal data. This may be:
- necessary for our legitimate interests, for example, our safeguarding work for choristers, other children and adults-at-risk;
- on the basis of compliance with a legal obligation, for example providing gift aid and employee information to HMRC;
- necessary to perform a contract.
- We also process personal data according to the safeguards in data protection legislation for archiving in the public interest, and we comply with all necessary provisions to protect data for this purpose.
Where personal data is held or processed other than in line with the above, it will be on the basis of consent.
Length of time we keep information
In general, we only keep personal data for as long as we need it. We will delete it when it is no longer needed or if there is a legitimate request to erase the information (see section below on Your rights).
We keep financial records, including Gift Aid, for six years after the end of the relevant accounting year.
Some personal information may be retained to ensure compliance with our legal safeguarding duties.
The Chapel Registers, which include details of births, confirmations, marriages, banns of marriage and interments, are kept permanently.
- Access and obtain a copy of your data on request (this includes why we hold the information, who has access to it and where we obtained the information from).
- Ask us to change incorrect or incomplete data.
- Ask us to delete or stop processing your data. We will confirm whether the data has been deleted or processing stopped. We will provide a reason if the data cannot be deleted or if we continue to process it (for example because we need it for regulatory purposes or legitimate interests).
- Request that we transfer some of your data to another controller. We will comply with the request, where it is feasible to do so, within a month.
- The right to lodge a complaint with the Information Commissioner’s Office.
Please note that, when an individual seeks to exercise any of the rights listed above, we may ask for verification of identity. In these cases, we will ask for certified proof of identify before processing the request.
We will not charge a fee for the first request but additional requests for the same data may be subject to an administration fee.
If we seek to use your personal data for a purpose not covered by this Privacy Notice then we will seek your prior consent and provide a new privacy notice before commencing the processing.
Any queries about this Privacy Notice or requests for the information that we hold about you should be directed to:
The Chapter Office, College of St George, 2 The Cloisters, Windsor Castle, SL4 1NJ
25 May 2018
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purpose.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Analytics cookies do not have any detail on who you are as an individual.
To track the pages visited on this site we use Google Analytics.
Google Analytic Cookies
stgeorges-windsor.org uses the Google Analytics tool to track overall browsing patterns on the website. For instance, it helps us identify the most popular pages on the website, find out which links are being clicked on, and to give us broad demographics about from where users are accessing the site. We cannot personally identify any user with these cookies.
The cookies track how often the website is visited, when you enter and leave the site, and which site you visited that lead you to stgeorges-windsor.org. They also track any keywords you entered into a search engine that lead you to stgeorges-windsor.org, if appropriate.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.