Privacy & Cookies Policy

Last updated: January 2026

1. Who We Are (Data Controller)

This website is operated by karlmloftusoavo1982, St Catherine’s Church, Tranmere (“St Caths”, “we”, “us”, “our”). St Caths is part of the Church of England and serves the parish of Tranmere, Wirral.

For the purposes of UK data protection law, karlmloftusoavo1982 is the data controller for personal data processed through this website.

2. What This Policy Covers

This policy explains how we handle personal data when you:

• visit and use this website
• contact us (for example by email)
• choose whether to allow non-essential cookies such as analytics (if used)

This policy focuses on website-related processing. Other parish activities (for example pastoral support, safeguarding processes, and offline administration) may involve separate privacy information and confidentiality practices.

3. Our Approach to Privacy

At St Caths, privacy is not treated as a technical afterthought. It is part of how we show respect for people. We believe individuals should be able to explore information, faith, and community without feeling observed, analysed, or commercially exploited.

For that reason, this website has been designed to collect as little personal data as possible. Where data is collected, we aim to be clear about why, how it is used, and what choices you have.

4. Data Protection Law

We comply with all applicable UK data protection and privacy legislation, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

These laws exist to ensure personal data is processed lawfully, fairly, and transparently, and that individuals retain meaningful control over their information.

5. What Personal Data We Collect

In most cases, you can use this website without providing any personal data at all. We do not require registration, accounts, or logins.

Personal data may be collected only when you choose to provide it, for example by contacting us via email. This may include:

• your name (if you provide it)
• your email address
• the content of your message and any information you choose to share
• attachments you send

In addition, limited technical information may be processed automatically to keep the website secure and functioning (see Section 10). If analytics cookies are enabled (only with consent), additional aggregated usage data may be collected (see Sections 12–14).

6. Special Category Data (Sensitive Information)

Under UK GDPR, some data is “special category data” (more sensitive), such as information about health or religious beliefs.

We do not ask you to provide special category data through this website. However, if you choose to include sensitive information in an email to us, we will handle it with appropriate care and only use it for the purpose of responding or supporting you as appropriate.

7. How We Use Personal Data

Any personal data we process is used only for legitimate and clearly defined purposes. These include:

• responding to enquiries and requests for information
• providing information you have asked for
• managing ongoing communication where appropriate
• keeping the website secure and working properly
• improving the website’s clarity and usefulness (only if analytics is enabled with consent)

We do not use personal data for advertising, marketing, profiling, or automated decision-making.

8. Lawful Bases for Processing (UK GDPR)

UK GDPR requires a lawful basis for processing personal data. Depending on the context, we rely on:

• Consent (for non-essential cookies such as analytics, where used)
• Legitimate interests (for basic security logging and maintaining a stable website, and for responding to enquiries in a proportionate way)
• Steps taken at your request (where your message asks us to provide a response or information)

Where we rely on legitimate interests, we do so in a limited and proportionate way, balancing the needs of running a safe website with your privacy rights (see Section 11).

9. Cookies – Important Clarification

We aim for this website to work without using tracking cookies. We do not operate advertising systems, tracking networks, or behavioural monitoring tools.

However, cookies or similar technologies may be used in limited circumstances, for example:

• analytics cookies (only if you choose to allow them)
• cookies set by embedded third-party content (for example maps or videos), if such features are used on a page
• a cookie or local storage entry used to remember your cookie choice (if a consent tool is present)

You can control cookies through your browser settings (see Section 15). Declining analytics cookies does not affect access to content.

10. Website Hosting, Security, and Server Logs

Like most websites, our hosting provider may automatically process limited information to deliver pages to your device and protect the site from misuse. This can include:

• IP address
• date/time of request
• pages requested
• browser/device type
• error logs and security logs

We use this information only to keep the website working properly, maintain security, prevent abuse, and diagnose technical problems. We do not use server logs for advertising or profiling. Logs are retained only for a limited period as needed for security and troubleshooting.

11. Legitimate Interests (Balancing)

Where we rely on legitimate interests (for example, basic security logging), we do so in a limited and proportionate way. We aim to keep information minimal and only use it to run and protect the website and respond to enquiries.

You have the right to object to processing based on legitimate interests (see Section 23). We will consider any objection carefully.

12. Google Analytics (If Used)

We do use Google Analytics to provide anonymous statistical information about how the website is used. This helps us understand which pages are most useful and how information can be made clearer or easier to find.

Google Analytics is a third-party service operated by Google. If analytics is enabled, cookies are set and managed by Google in line with their service. We configure analytics for basic measurement only and do not use it for advertising, remarketing, or cross-site behavioural profiling.

13. What Analytics Cookies May Collect (If Enabled)

If enabled, analytics cookies may collect information such as:

• pages visited
• time spent on pages
• approximate location (country/region level)
• device and browser type
• general navigation/usage patterns

This information is typically aggregated and used to improve the website. It is not used by St Caths to identify you personally.

14. International Transfers (Analytics and Third Parties)

Some services (including analytics providers) may process information outside the UK. Where international transfers apply, appropriate safeguards are used under UK data protection law (for example recognised transfer mechanisms and contractual protections where required).

15. Consent and Visitor Choice (Cookies)

Where non-essential cookies are used (such as analytics), visitors will be given information about their purpose and the opportunity to make a choice. You are never required to accept analytics cookies in order to use this website. Declining analytics cookies does not affect access to content or services.

You can also control cookies using your browser settings. Most browsers let you delete cookies, block cookies, or restrict third-party cookies.

16. Embedded Content (Maps, Videos, Social Media)

Sometimes a page may include embedded content or features from other providers (for example a map, a video, or a social media preview). If you interact with embedded content, the third party may collect data or set cookies according to their own policies.

We aim to avoid unnecessary embeds where possible. Where embedded content is used, you remain in control: you can choose not to interact with it and you can manage cookies through your browser settings.

17. Photos and Media at Services and Events

From time to time, we may take photographs or short videos at services, community activities, or events to share the life of the parish (for example on this website or parish communications).

We aim to do this respectfully. Where practicable, we will:

• avoid close-up images of individuals who have not agreed
• focus on group or activity shots
• respond promptly to concerns or requests

If you do not want to appear in photos, please let an organiser know on the day or contact us using the details in Section 1. If an image has been published and you want it removed, we will consider your request carefully and act as appropriate.

18. Email and Communications Handling

If you contact us by email, we will use your email address and message content to respond. We may keep a record of correspondence for a reasonable period so we can handle follow-ups and provide continuity. Access to church email accounts is limited to authorised people involved in running parish communications.

Please avoid sending highly sensitive personal information by email unless necessary.

19. Data Sharing

We do not sell, rent, or trade personal data.

Data may be shared only where necessary, for example:

• with trusted technical providers who help us operate and secure the website (hosting/support)
• with analytics providers (only if enabled with consent)

Where suppliers are used, we expect appropriate safeguards and confidentiality.

20. How Long We Keep Data (Retention)

We keep personal data only for as long as necessary for the purpose it was collected.

• enquiries and correspondence are kept for a reasonable period to manage follow-ups, then deleted or securely archived
• server logs are kept for a limited time for security/troubleshooting
• analytics retention follows the settings configured in the analytics service (where used)

21. Security

We take reasonable steps to protect personal data, including limiting access to email accounts, maintaining appropriate technical security, and using reputable service providers.

No online system is 100% secure, but we aim to keep data collection minimal and apply sensible safeguards.

22. If Something Goes Wrong (Data Breaches)

If we become aware of a security incident that is likely to risk people’s rights or freedoms, we will take appropriate steps to contain it, investigate it, and comply with legal duties. This may include notifying affected individuals and/or the Information Commissioner’s Office (ICO) where required.

23. Your Rights

Under UK data protection law, you have rights including:

• access to your personal data
• correction of inaccurate data
• deletion (in certain circumstances)
• restriction of processing
• objection to processing based on legitimate interests
• withdrawal of consent (where processing is based on consent, such as analytics cookies)
• the right to complain to the Information Commissioner’s Office (ICO)

To exercise your rights, contact us using the details in Section 1. We may need to confirm your identity before releasing personal information.

24. Children’s Privacy

This website is intended for the general public, including families. We do not knowingly collect personal data from children through the website itself. If a child contacts us by email, we will respond appropriately and may ask that a parent/carer is involved where suitable.

25. Not for Emergencies

26. Donations and Payments

We do not currently take donations or payments directly through this website. If this changes, we will update this policy to explain what provider is used and what data is processed.

27. Governing Law

This policy is governed by the laws of England and Wales. Any disputes relating to this policy will fall under the jurisdiction of the courts of England and Wales.

28. Changes to This Policy

This policy may be updated from time to time. The most recent version will always be published on this page with an updated “Last updated” date.

29. Contact

For questions about privacy or cookies, or to make a data request, please contact:

St Catherine’s Church, Tranmere (St Caths)
Email: [INSERT EMAIL ADDRESS]
Address: [INSERT POSTAL ADDRESS]