1.1 We are THE GUILD OF OUR LADY OF RANSOM (Registered UK Charity: 232716) (“GOLR”) and we operate from ST. MARGARET'S PRESBYTERY, 79A BARKING ROAD, CANNING TOWN, LONDON, E16 4HB. The terms “we”, “us” or “our”, when used throughout this policy, refer to THE GUILD OF OUR LADY OF RANSOM. We are committed to protecting and respecting your privacy.
1.3 For the purpose of the Data Protection Act 2018, (the “DPA”) and the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, (the “GDPR”), we are the data controllers and are located at ST. MARGARET'S PRESBYTERY, 79A BARKING ROAD, CANNING TOWN, LONDON, E16 4HB.
1.4 We comply with the DPA and with the GDPR in respect of the collection, holding, storage, use, and processing of personal data about our individuals (such personal data is held in both manual and electronic records).
2.1 Personal data
(a) We collect and use the following types of personal data about our individuals:
(i) personal information such as
- postal address;
- phone numbers (home, work and mobiles as applicable);
- email address(es);
- contact preferences;
- information given when registering to use or completing forms on our website;
- information given when registering for any GOLR event;
- information on payments made;
- information that our individuals give us – for example when making payments, such as bank account details for setting up regular direct debits, credit card details for processing credit card payments, employer details for processing a payroll gift;
- information given when using our website; and
- information given when taking part in GOLR’s social media functions or on our website.
(ii) the marketing preferences of our individuals and whether and when consent to receive marketing communications has been given or withdrawn.
(iii) correspondence between individuals and ourselves (whether by telephone, e-mail or otherwise).
(b) We also collect and use certain technical information about our individuals’ visits to our website which may include, for example, internet protocol (“IP”) addresses, login information, browser type and version, pages accessed, files downloaded, full Uniform Resource Locators, (“URLs”), clickstream to, through and from the website (including date and time), products viewed or searched for, page response times, download errors, length of visits to certain pages and page interaction information (such as scrolling, clicks and mouse-overs).
(c) We collect some of the personal information set out above directly from individuals and some from third parties (for example, we may receive personal information from individuals when they engage with us through a third-party website, such as Stripe, and the individual has given the third-party website permission to share information with us).
(d) We collect some of the personal information set out above directly from event attendees and some from third parties (for example, we may receive personal information from event attendees when they register to attend an event through a third-party website, such as Eventbrite, and the event attendee has given the third-party website permission to share information with us).
(e) Individuals do not have to disclose personal data to us to browse the website or to use our social media sites, but individuals do need to provide us with certain personal data in order for us to provide them with certain services.
(f) The safety of children is very important to us. We do not knowingly collect the personal data of those who are under 16 years old without the consent of their parent or guardian.
(a) providing individuals with the products, services and information that they ask us for;
(b) corresponding with individuals and recording any relevant communications;
(c) sending marketing information to our individuals;
(d) keeping records of payments made and actions taken by our individuals;
(e) soliciting due payment;
(f) supporting staff and/or volunteers;
(g) recording campaigning activities by individuals;
(h) performing our obligations under any contracts that we enter into with individuals;
(i) telling individuals about changes to our services;
(j) ensuring that content from our website is presented effectively for individuals and for their computers;
(k) administering our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
(l) improving our website to ensure that content is presented most effectively for individuals and their computers;
(m) allowing individuals to choose to take part in interactive features of our services; and
(n) keeping our website safe and secure.
5.1 We will only share individuals’ personal data if:
we are working with partners whom we have carefully selected to carry out work on our behalf, such as service providers and sub-contractors (for example, IT services providers and providers of technical, payment and delivery services) to perform any contract we enter into with them. The kind of work we may ask them to do includes processing, packaging, mailing and delivering purchases, answering questions about us and any services we provide, carrying out research or analysis to assist us in our mission and processing credit card payments. We only choose partners we trust and only pass personal data to them where they have undertaken to keep your personal data secure. We do not allow these partners to use your data for their own purposes or disclose it to other third parties and we will take all reasonable care to ensure that such partners keep your data secure; or
(b) we are legally required to do so e.g. by law or by an order of a court of competent jurisdiction; or
(c) there is a medical emergency in which an individual’s personal information must be shared for benefit of their health and/or wellbeing.
We will not sell individuals’ information. We will not share individuals’ information with other organisations other than as stated above.
We rely on various legal bases to justify our processing of individuals’ personal data. Further details of these are set out below.
(b) The processing is necessary for our legitimate interests. These legitimate interests include processing, packaging, mailing and delivering purchases, answering questions about us and any services we provide, carrying out research or analysis to assist us in our mission and processing credit card payments.
(c) The processing is necessary to perform a contract to which the relevant individuals are parties or to take steps that they have asked us to take before entering into a contract, such as registering for an event which we are hosting or purchasing a GOLR media resource, information pack, or merchandise.
(d) The processing is necessary for us, as the data controller, to comply with our legal obligations, such as sharing personal data where we are legally required to do so e.g. by law or by order of a court.
7.2 All information that individuals provide to us is stored on our secure servers and/or on the servers of our suppliers who we have engaged to host various IT systems for us. Any payment transactions will be encrypted using TLS technology. Where we have given individuals (or where they have chosen) a password which enables them to access certain parts of our website, they are responsible for keeping this password confidential. We ask them not to share this password with anyone.
7.3 Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect individuals’ personal data, we cannot guarantee the security of data transmitted to our website; any transmission is at individuals’ own risk. Once we have received personal information, we will use strict procedures and security features to try to prevent unauthorised access.
7.4 We will keep individuals’ information only for as long as they engage with us in any way which could be justified as being as being in regular contact, being in contract, or having legitimate interest, and only as long as we need it:
(a) to administer their relationship with us;
(b) to comply with the law; or
(c) to ensure we do not communicate with individuals who have asked us not to.
(a) Access. We will confirm to individuals whether or not we are processing and using personal data about them, at their request and, if so, provide them with access to and a copy of such personal data and the other details to which they are entitled.
(b) Rectification. We will correct any inaccurate personal data and complete any incomplete personal data (including by providing a supplementary statement) that we hold about individuals without undue delay at their request.
(c) Prevention of processing likely to cause damage or distress. We will respect our individuals’ rights to require us to cease or not to begin processing their personal data for a specific purpose, or in a specific way, that is likely to cause unwarranted damage or distress, either to the relevant individual or a third party.
(d) Erasure. We will erase personal data concerning an individual at their request without undue delay in certain circumstances, (for example, among other things, if their personal data is no longer needed for the purposes for which it was collected or otherwise used).
(e) Restriction. We will restrict the processing of individuals’ personal data in certain circumstances (for example, among other things, if they believe that their personal data held by us is inaccurate), if requested by them to do so.
(f) Data portability. We will respect the rights of individuals to receive personal data about them that they have provided to us in a structured, commonly used and machine-readable format and to transmit such personal data to another data controller without hindrance from us in certain circumstances.
(g) Right to object. We will respect the general rights of individuals to object to the processing of their personal data in certain circumstances.
(h) Right to object to marketing. We will respect individuals’ rights regarding use of their personal data for direct marketing purposes. In particular, we will not begin or we will cease processing any personal data of individuals for direct marketing purposes if at any time individuals ask us not to do so.
(i) Automated individual decision-making, including profiling. Where requested, we will not make decisions based on automated processing, including profiling and we will ensure that you can always obtain a review by one of our staff members of any automated decisions and are able to express your point of view and contest any such decisions.
We will not make any automated decisions based on sensitive personal information unless we have obtained your explicit consent to do so, or this is otherwise necessary for substantial public interest reasons based on applicable law.
8.2 We will process all personal data in line with individuals’ rights in each case to the extent required by and in accordance with applicable law only (including, without limitation, in accordance with any applicable time limits and requirements regarding fees and charges).
8.3 We will respect individuals’ rights regarding use of their personal data for direct marketing purposes. In particular, we will not begin or we will cease processing any personal data of individuals for direct marketing purposes if at any time an individual asks us to stop.
9.3 We are not a ‘public authority’ as defined under the Freedom of Information Act 2000 and we will not therefore respond to requests for information made under that Act.
In the case of the GOLR website (https://www.guild-ransom.co.uk), cookies are transferred between our website’s server and the user’s internet browser which allows our website to remember previous actions made by the user.
Cookies are small pieces of text sent by your web browser by a website you visit. A cookie file is stored in your web browser and allows the Service or a third-party to recognise you and make your next visit easier and the Service more useful to you.
Cookies can be "persistent" or "session" cookies. Persistent cookies remain on your personal computer or mobile device when you go offline, while session cookies are deleted as soon as you close your web browser.
When you use and access the Service, we may place a number of cookies files in your web browser.
To enable certain functions of the Service
We use both session and persistent cookies on the Service and we use different types of cookies to run the Service:
Essential cookies. We may use essential cookies to authenticate users and prevent fraudulent use of user accounts.
Please note, however, that if you delete cookies or refuse to accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.
For the Chrome web browser, please visit this page from Google.
For the Internet Explorer or Edge web browser, please visit this page from Microsoft.
For the Firefox web browser, please visit this page from Mozilla.
For the Safari web browser, please visit this page from Apple.
For any other web browser, please visit your web browser's official web pages.
You can learn more about cookies and the following third-party websites: