When we refer to “we” or “us” in this privacy notice we are referring to The Fitzrovia Chapel Foundation. We are a charity registered in England & Wales with charity number 1160458. We are registered with the ICO with registration number ZA219685.

We are a controller of your personal data, which means we are responsible for deciding how we hold and use data about you. If you have any questions about this privacy notice or our data protection practices please contact info@fitzroviachapel.org.

Personal data means any personal information from which you can be identified, such as your name, your home address, your personal email contact details, or your telephone number. Personal data does not include information where your identity has been removed (anonymous data).

Special category data means personal data about your race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation. These types of personal data require a higher level of protection.

Criminal offence data means personal data relating to criminal convictions and offences (for example, information about criminal activity, allegations, investigations and proceedings) and can include information about unproven allegations and information relating to the absence of convictions. It also covers related security measures, such as personal data about penalties and conditions or restrictions placed on an individual as part of the criminal justice process. Criminal offence data also requires a higher level of protection.

When you contact us through our website, by phone, or by email, or when you use a third party platform (such as Hitched.com), about booking a wedding or proposal at the Chapel, we will collect some personal data from you to contact you about your request and to make your booking:

• full name and title
• personal and/or business email contact details
• home, mobile and/or business telephone number

If you book a wedding or proposal with us, we will collect other types of personal data in order to enter into a contract with you and for administrative purposes including:

• emergency contact details
• bank account information
• dietary requirements
• any other personal data that you give us in connection with your booking

We rely on the following lawful grounds in order to use your personal data for these purposes:

• it is necessary for us to enter into, or perform, a contract with you; or
• we have a legitimate interest and we are satisfied that your interests and fundamental rights do not override our interest.

We may also collect and use special category data about you (for example, information about your health) if you provide this to us. We will only collect and use this kind of data with your consent.

When you contact us about holding an event or exhibition at the Chapel, or when you enquire about booking the Chapel via a third party (for example, a Giggster.com), we will collect some personal data from you to contact you about your request and to make your booking:

• full name and title
• personal and/or business email contact details
• home, mobile and/or business telephone number

If you book the Chapel for your event or exhibition, we may collect other types of personal data in order to enter into a contract with you and for administrative purposes including:

• guest lists and/or details of people taking part in the event
• emergency contact details
• bank account information
• dietary requirements
• any other personal data that you give us in connection with your booking

We rely on the following lawful grounds in order to use your personal data for these purposes:

• it is necessary for us to enter into, or perform, a contract with you; or
• we have a legitimate interest and we are satisfied that your interests and fundamental rights do not override our interest.

We may also collect and use special category data about you (for example, information about your health) if you provide this to us. We will only collect and use this kind of data with your consent.

If you visit the Chapel, for example on one of our Open Days, you don’t need to provide your personal data to us. If you choose to sign our memory book, it is up to you to decide whether to include and personal data about you or other people. If you choose to share such personal data, the Chapel will keep a record of your memories and make them available to the public. We have a legitimate interest to use this personal data as long as we are satisfied that your interests and fundamental rights do not override our interest.

We will send our newsletters to you by email if you sign up to receive them via our website or you ask us to add you to our mailing list. We use a third party, Mailchimp, to deliver our email communications.

You can opt out of email marketing by clicking the ‘unsubscribe’ link in any of our emails or you can contact us at any time to opt out, change your contact details or to update your communication preferences.

Our website is not intended for children and we do not knowingly collect data relating to children.

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and we encourage you to read the privacy policy of every website you visit.

When you use our website, we will collect the following types of personal data:

• technical data such as internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the website;
• usage data including information about how you use our website and services; and
• data that you provide when you fill in a form on our website.

We use cookies on our website. Cookies are small text files stored in your browser and are used by most websites to help personalise your web experience. You can change your browser settings to block cookies at any time (there is a guide on how to do this at aboutcookies.org). Please note that if you do block cookies, some features on our site will not be available to you and some pages may not display properly.

We may use and share aggregated data such as statistical or demographic data collected through our website. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. This data will not directly or indirectly reveal your identity.

We will only use your personal data for the purposes we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Please note that we may process your personal data without your knowledge or consent where this is required or permitted by law.

We only ever use your personal data if we are satisfied that it is lawful and fair to do so. We may share your personal data with:

• external service providers such as our IT and system administration providers
• our professional advisers such as our accountants, bankers, insurers and lawyers
• if we are under a legal duty to disclose or share your personal data (for example, if required by a court order or for the purposes of prevention of fraud or other crime)
• where we need to share your personal information with a regulator (for example, the Charity Commission)

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Some of our suppliers are located outside the UK. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring safeguards are in place.

We will only keep your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of a legal claim connected to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

You have the right to:

• Request access to your personal information (commonly known as a subject access request). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
• Ask us to correct personal information that we hold about you which is incorrect, incomplete or inaccurate.

In certain circumstances, you also have the right to:

• Ask us to erase your personal data from our files and systems where there is no good reason for us continuing to hold it.
• Object to us using your personal data to further our legitimate interests (or those of a third party) or where we are using your personal information for direct marketing purposes.
• Ask us to restrict or suspend the use of your personal data, for example, if you want us to establish its accuracy or our reasons for using it.
• Ask us to transfer your personal data to another person or organisation.

If you have given your consent to us processing your personal information, you have the right to withdraw your consent at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your personal data and, subject to our retention policy, we will dispose of your data securely.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

If you have any questions about this privacy notice or how we handle your personal information, please contact info@fitzroviachapel.org You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues – www.ico.org