This privacy notice sets out how St George’s House uses and protects any personal information provided in pursuit of its activities.
Any information about a living individual which allows them to be identified from that information, or in conjunction with other information, is deemed to be personal data. The processing of such personal data is governed by the Data Protection Act 2018 and EU Regulation 2016/679 (The ‘General Data Protection Regulation’).
We process the following personal data
- Names, titles, and aliases;
- Date of birth
- Contact details such as address, email address and telephone number;
- Photographs taken at events we hold;
- Where paying for a product / service or making a donation through our website, payment card and transactions details;
- Where food and drink is offered during the visit, we may collect information about dietary requirements such as allergens;
- We may hold next of kin details.
Compliance with obligations
St George’s House complies with its obligations by:
- keeping personal data up to date;
- by storing and destroying it securely;
- not collecting excessive amounts of data
- by protecting personal data from loss, misuse, unauthorised access and disclosure; and
- by ensuring appropriate measures are in place to protect personal data.
Why we process personal data
We process personal data for the following purposes:
- To organise consultations, cultural events, lectures, one-off events, lunches and dinners;
- To meet statutory and legal obligations;
- To administer membership records for our Associates scheme and Society of Leadership Fellows;
- To fundraise and promote the interests of the House;
- To process donations and claim Gift Aid where relevant;
- To maintain our accounting records;
- To manage our employees and volunteers;
- To record details of any accidents on our premises (in line with Health and Safety Regulations);
- To seek your views or comments;
- To inform you of news, events, and activities at St George’s House;
- To send you communications which you have requested and that may be of interest to you. These may include information about our programme, appeals, or other fundraising activities.
At events that we organise, there may be a photographer present. We may use photographs taken to promote the activities of the House.
At such events, we will provide a notice at the entrance to the event and any attendee, not wishing to be photographed, can inform a member of staff of their wishes.
When people make payments to the House, either via the website or in person, we use third party providers to process credit or debit card purchases. These providers adhere to international security standards within the credit card industry.
Sharing Personal Data
Personal data is treated as strictly confidential. It will only be shared with third parties where it is necessary for the performance of our legal responsibilities or where prior consent is provided.
We will not sell or lease your personal information to third parties.
Legal Basis for processing Personal Data
We determine the legal basis for holding personal data. This may be:
- necessary for our legitimate interests, for example, acquiring security clearance for entry to the Castle grounds;
- on the basis of compliance with a legal obligation, for example providing gift aid and employee information to HMRC;
- necessary to perform a contract
Where personal data is held or processed other than in line with the above, it will be on the basis of consent.
Length of time we keep information
In general, we only keep personal data for as long as we need it. We will delete it when it is no longer needed or if there is a legitimate request to erase the information (see section below on Your rights).
We keep financial records, including Gift Aid, for six years after the end of the relevant accounting year.
- Access and obtain a copy of your data on request (this includes why we hold the information, who has access to it and where we obtained the information from).
- Ask us to change incorrect or incomplete data.
- Ask us to delete or stop processing your data. We will confirm whether the data has been deleted or processing stopped. We will provide a reason if the data cannot be deleted or if we continue to process it (for example because we need it for regulatory purposes or legitimate interests).
- Request that we transfer some of your data to another controller. We will comply with the request, where it is feasible to do so, within a month.
- The right to lodge a complaint with the Information Commissioner’s Office.
Please note that, when an individual seeks to exercise any of the rights listed above, we may ask for verification of identity. In these cases, we will ask for certified proof of identify before processing the request.
We will not charge a fee for the first request but additional requests for the same data may be subject to an administration fee.
If we seek to use your personal data for a purpose not covered by this Privacy Notice then we will seek your prior consent and provide a new privacy notice before commencing the processing.
Any queries about this Privacy Notice or requests for the information that we hold about you should be directed to:
Warden’s Administrator, St George’s House, Windsor Castle, SL4 1NJ
25 May 2018
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Analytics cookies do not have any detail on who you are as an individual.
To track the pages visited on this site we use Google Analytics.
Google Analytic Cookies
stgeorgeshouse.org uses the Google Analytics tool to track overall browsing patterns on the website. For instance, it helps us identify the most popular pages on the website, find out which links are being clicked on, and to give us broad demographics about from where users are accessing the site. We cannot personally identify any user with these cookies.
The five Google Analytics cookies are called utma, utmb, utmc, utmv and utmz. They track how often the website is visited, when you enter and leave the site, and which site you visited that lead you to stgeorges-windsor.org. utmz also tracks any keywords you entered into a search engine that lead you to stgeorges-windsor.org, if appropriate.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.