Iona Cathedral Trust
This Privacy Notice is relevant for anyone sharing their personal data directly or indirectly with The Iona Cathedral Trust and its Trustees (“The Trust”, “The Trustees”, “we”, “our” or “us”) when visiting our website or using our services. The Iona Cathedral Trust is a charity registered in the UK, with Scottish Charity Number SC017989, and as such, adheres to the General Data Protection Regulation – Regulation (EU) 2016/679, the Data Protection Act 2018 and the Privacy & Electronic Communications Regulations (PECR) 2003.
You can contact the Trust by getting in touch with its Data Protection Officer, Mrs Anne Steele, Secretary and Treasurer, Church of Scotland Law Department, 121 George Street, Edinburgh asteele@churchofscotland.org.uk.
In this Privacy Notice, we explain what types of personal data we process and for what purposes. We also explain the choices you have in relation to our processing and how you can learn more about our processing and exercise your rights.
Scope of this Privacy Notice
Please note that this Privacy Notice concerns the processing of personal data for which The Trust is the data controller, i.e. where The Trust has decided the purposes and means of the processing. For the avoidance of doubt, this Privacy Notice does not concern any processing of personal data that The Trust may conduct as a data processor on behalf of another Data Controller.
Personal Data Processed
When you share your personal data on this website or through any personal data collection form associated with this website, or otherwise share your personal data with the Trust, you are giving your personal data to the Trust as the Data Controller.
Personal data refers to information that specifically identifies you, such as your name and contact information. We process the following types of personal data related to you:
- Identity details such as your name.
- Contact details such as e-mail address and phone number.
- Information generated as a result of your use of our services. Such information may include IP address, device and browser type and also information about how you interact with our services.
- Plus any other information we receive from you through your contact with us.
Purposes of Processing
We process personal data for the following purposes:
- To further our charitable objectives which are:- to advance the arts, culture and heritage by the maintenance, management, use, preservation, protection and improvement of the buildings and land of Iona Cathedral and other land associated with Iona Cathedral; to advance religion by allowing for the use of Iona Cathedral and other land associated with Iona Cathedral for public worship by the Christian Churches; and to advance the education of the public in relation to the history, culture and heritage of Iona Cathedral and the Island of Iona.
- To run the administration of the Trust.
- To liaise with outside organisations to further the charitable aims of the Trust.
- To manage the finances of the Trust.
- For the fulfilment of contractual regulatory compliance and legal obligations.
- For the purposes of property administration.
- To provide you with information about news, events and activities by the Trust.
- To recruit, train, support and manage the Trust’s employees, if any.
- To liaise with users of the library in Iona Cathedral.
- For the administration of any business relationship with you.
- To develop and improve our services.
- For the marketing and promotion of our services and activities.
Data Protection Principles
- Your personal data shall be collected and processed:
- Lawfully, fairly and in a transparent manner;
- For specified, explicit and legitimate purposes, and not processed in a manner that is incompatible with those purposes; and
- In a manner adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- We will endeavour to ensure information we hold about you is:
- Accurate and kept up to date;
- Kept in a form which permits identification of data subjects for no longer than is necessary; and
- Held in a manner that ensures appropriate security of the personal data.
Data Sharing
We may from time to time share personal data with third parties who process your personal data on our behalf for the purposes explained above.
For the avoidance of doubt, we will not share personal data with third parties in a manner that enables such third parties to use personal data for direct marketing purposes in relation to you as a private individual.
When we transfer personal data to a country outside the UK and EEA we will in such cases obtain your consent first, or ensure the transfer is legal and safe by taking other measures. For example, using the EU/US Privacy Shield to protect transfer to data processors in the USA or by using Standard Contractual Clauses to govern the transfer and processing of personal data involved.
Basis for Processing Personal Information
We process your information in the course of the legitimate activities explained within this privacy notice and with appropriate safeguards in place.
The Trust also processes information where this is necessary for compliance with legal obligations; where processing is necessary for the purposes of the legitimate interests of the Trust and where such interests are not overridden by your interests or fundamental rights and freedoms; where the processing meets a condition in part one, two or three of Schedule 1 of the Data Protection Act 2018; where the processing is for reasons of public interest; necessary for the purpose of protecting an individual from neglect or harm; or where you have given consent to the processing of your information for a particular purpose.
Storage and Security of Personal Information
The Trust will strive to ensure that personal information is accurate and held in a secure and confidential environment. We will keep your personal information for as long as we are obliged to keep it by law or may need it in order to respond to any questions or complaints or to show that we treated you fairly. We may also keep it for statistical purposes but if so we will only use it for that purpose. When the information is no longer needed it will be securely destroyed or permanently rendered anonymous.
Obtaining a Copy of Your Personal Information
You can request details of personal information which the Trust holds about you by contacting its Secretary and Treasurer, Mrs Anne Steele, Church of Scotland Law Department, 121 George Street, Edinburgh, asteele@churchofscotland.org.uk.
Inaccuracies and Objections
If you believe that any information the Trust holds about you is incorrect or incomplete or if you do not wish your personal information to be held or used by the Trust please let us know. Any information found to be incorrect will be corrected as quickly as possible. You have the right to object to the Trust’s use of your personal information or to ask the Trust to remove or stop using your personal information if there is no need for it to be kept. There may be legal or other reasons why we need to keep or use your data but please tell us if you think we should not be using it. If the Trust is processing data on the basis of your explicit consent, you can withdraw your consent at any time and you should contact the Secretary if you want to do so.
How to Complain You have the right to complain to the Information Commissioner’s Office about anything relating to the processing of your personal information by the Trust. You can contact the ICO via its website at www.ico.org.uk or at Wycliffe House