Privacy Notice

Who we are

We are Gloucester Cathedral and your privacy is important to us. We aim for full transparency on how we gather and use your personal information in accordance with the General Data Protection Regulation.

If you have any concerns about how the Cathedral is handling your personal data, these can be raised with Cathedral’s Data Controller:

Data Controller
Gloucester Cathedral
12 College Green


We are registered as a data controller under the Data Protection Act 1998, and our Data Protection Register number is Z456799X.

We keep our privacy policy notice under regular review and will place an up-to-date version on our website.

The legal basis for processing your personal data

The Cathedral will keep personal information up to date; store and destroy information securely; not collect or retain excessive amounts of data; protect personal data from loss, misuse, unauthorised access and disclosure and ensure that appropriate technical measures are in place to protect personal data.  The specific legal bases against which the Cathedral will process information are

  • Legitimate Interest

  • Compliance with a legal obligation

  • To fulfil contractual obligations

  • Consent

Much of our data is processed because it is necessary for the Cathedral’s legitimate interests or because you have given us consent for a specific purpose.

The Cathedral will process data if it is necessary for the performance of a contract with you, or to take steps to enter into a contract.

The Cathedral will process your data in order to respond to requests from you to receive particular information.

Religious organisations are also permitted to process information about your religious beliefs to administer membership or contact details.

What information do we collect about you?

We only collect basic personal data about you which includes your name, address, telephone number, email etc. together with information you have given us for a specific purpose, e.g. as a volunteer or member of the congregation.

Why do we need it?

Gloucester Cathedral uses your personal information to improve our services. We only collect the personal data that you give us and we specify the purposes for which your personal data will be used at the point at which we collect it, e.g. for a volunteer database, records of donations to the Cathedral, statistical analysis or when you subscribe to our email newsletter. 

We do not disclose your personal data to partner organisations without your explicit permission under The General Data Protection Regulation (GDPR). Processing of your personal data will be done in compliance with the legal obligations contained in this Act.

When we ask you to provide your personal information we will let you know why we are asking, and how we will use your data, by directing you towards this notice.

What do we do with your information?

Depending on your relationship with Gloucester Cathedral, and the preferences you have indicated, data we hold may be used by us for the following purposes: 

  • Sending you promotional, marketing or fundraising information by post, telephone or electronic means. These types of communications can include:

    • Informing you of services or events relating to Gloucester Cathedral such as services, events and exhibitions

    • News and updates about Gloucester Cathedral, such as newsletters or What’s On guides, and marketing or supporter e-newsletters

    • Information on our fundraising operations, including occasional targeted requests to consider giving financial support to Gloucester Cathedral, or to ask you to consider supporting us in other ways

    • Other relevant communications based upon your relationship with Gloucester Cathedral

  • Data screening and cleansing, to check if we have accurate contact details for you

  • To send you surveys, and for market research purposes

  • Tools may be used to monitor the effectiveness of our communications with you, including email tracking, which records when an e-newsletter from us is opened and/or how many links are clicked within the message. The data from this tracking is generally used in an aggregated and anonymised form

You can opt out of any / all of our communications at any point simply by contacting:

There are some communications which we are required to send regardless of your contact preferences. These are essential communications, deemed necessary to fulfil our contractual obligations to you.  This would include Direct Debit confirmations and advanced notices, invoices, tenancy information, thank you letters, renewal reminders, Gift Aid confirmation letters and querying returned mail or bounced Direct Debit payments with you.

How do we update, screen and analyse your information?

We continuously review records of supporters to ensure your data is as accurate as possible. We may consult alternative sources in order undertake these checks, such as:

  • Royal Mail National Change of Address database (NCOA)

  • BT Operator Services Information System (OSIS)

  • Reviewing employment information that you have made publicly available via social media, e.g. Linked In

  • Newspaper articles, publications and company websites

  • Companies House and other company information databases

  • Charity Commission

  • Any other publicly available sources

We may segment the information we hold about you in our database by analyzing how engaged with us you have previously been, and indicators of future engagement. Analysis of this helps us understand our donors and potential donors to ensure we are efficient and that only relevant communications are sent to you.

You can opt-out of your data being utilised in this way simply by contacting:

Who might we share your information with?

We do not disclose personal data to any third parties or external organisations, other than data processors carrying out work on our behalf.

Examples of such data processors would be mailing houses, bulk email distribution services (e.g. MailChimp) and Box Office services.

Any such companies are acting as approved data processors for Gloucester Cathedral, and we retain full responsibility for your personal data. Data processors will act only on our instructions. 

We may occasionally need to transfer your personal information overseas, for instance to our bulk email distributor, MailChimp. Where this is necessary, this will only be in territories and countries which meet GDPR regulations.

We are required to ensure any transfers of data will be done securely, in accordance with best practice, and in compliance with GDPR.

Your data will never be sold or passed to any third party for any other purpose.

Google Analytics

We use a tool called “Google Analytics” to collect information about use of our website. Google Analytics collects information such as:

  • how often users visit the site

  • which pages they view when they do so

  • what other sites they used prior to coming to this site

We use this information to better understand the kind of people who come to visit the site and what they’re reading. This helps us to improve our website design and content as well as occasionally report the number of visitors the site (and various pages within it) receives.

Google Analytics only collects the IP address assigned to you on the date you visit this site, rather than your name or other identifying information. We do not combine the information collected through the use of Google Analytics with personally identifiable information.

All activity falls within the Google Analytics Terms of Service.

You can opt out of all Google Analytics tracking software by using a browser plugin.

How do we keep your information secure?

We have implemented security procedures, rules and technical measures to protect the personal data that we have under our control from:

  • unauthorised access

  • improper use or disclosure

  • unauthorised modification

All our employees and data processors, who have access to, and are associated with the processing of personal data, are legally obliged to respect the confidentiality of our visitors’, partners’, users’ and supporters’ personal data.

How can I access or update the information you hold about me?

You can ask us if we are keeping any personal data about you and you can also request to receive a copy of that personal data – this is called a Subject Access Request.

To make a Subject Access Request you will need to provide adequate proof of identity such as a copy of your passport, birth certificate or driving licence before your request can be processed.

Please try to be as clear as possible about the information you are seeking.

Once we have received your Subject Access Request and proof of identity, you will receive a response from us within 28 working days and you will be able to get copies of any information we hold on you. However, exemptions to disclosure may apply in some circumstances. We reserve the right to charge for excessive or repetitive requests.

Subject Access Requests should be sent to:

Data Controller
Gloucester Cathedral
12 College Green



At any time you may request that we delete or correct your personal information. If you wish to correct any information on you held by Gloucester Cathedral, simply contact


In order to make the Gloucester Cathedral website easier to use and improve our service, we sometimes place small amounts of information on your computer. These are known as cookies and they are used by most major websites.

Changes to our privacy notice

We regularly review our privacy notice, and may make changes time to time. Any changes made will be posted to this page, and will apply from the time we post them. This privacy notice was last changed in April 2018.

How to contact us

If you have any comments on our privacy notice, or information we hold about you please contact us: