Privacy Policy



This Privacy Notice applies to Registered users of the Online Faculty website - URLs starting


During the use of our Faculty Website, the Church in Wales automatically logs certain information about every request made of it (see below for more details). This information is used for system administration, for bug tracking, and for producing usage statistics. The logged information will be processed as described below

The logged information is not passed to any third party except if required by law. Anonymised summaries of certain statistics are extracted from this data and some of these may be made publicly available but those that are do not include information from which individuals could be identified.

Where forms are provided on this site, the pages containing these forms include information on how data submitted on them will be processed and used.


The name or network address of the computer making the request. Note that under some (but not all) circumstances it may be possible to infer from this the identity of the person making the request. (Note also that the data recorded may be that of a web proxy rather than that of the originating client).

  • The date and time of connection.
  • The HTTP request, which contains the identification of the document requested.
  • The status code of the request (success or failure etc.).
  • The number of data bytes sent in response.
  • The contents of the HTTP Referrer header supplied by the browser.
  • The content of the HTTP User-Agent header supplied by the browser.
  • Logging of additional data may be enabled temporarily from time to time for specific purposes.


In order to use the system users must register Online for access.

The Church in Wales acting as Data Controller will process the users information to manage and monitor the use of the Faculty Software System.

We will use this information for a number of reasons including:

Confirming individual users' roles within the Church Heritage Cymru data input process Contacting users quickly if we have any questions relating to the data input Managing users' online accounts

Conducting user surveys of the system to improve the current system and suggest improvements. Such surveys may be conducted by authorised third party organisations.


Sometimes, we will need to share your Personal Data with others. This section sets out details of who we will share your Personal Data with and why. It also tells you about our legal grounds for doing so under data protection law and steps we will take to protect your Personal Data.

NB: We will never sell your Personal Data on to third parties.

Information about our service partners:

Our service partners are other businesses that we enter into contracts with. They include:

  • Suppliers and sub-contractors;
  • Suppliers of IT products and services;
  • We haven’t included the names of our service partners in this privacy notice because we will deal with different service providers from time to time.
  • However, if you would like further information about any of our current service providers, please contact us on 029 2034 8200

Why we need to share your Personal Data:

  • We use suppliers and sub-contractors to perform certain aspects of our contracts. For example, providing maintenance services;
  • We use suppliers of IT products and services in connection with the supply, maintenance and/or improvement of our IT network.

The legal grounds we rely upon:

  • The sharing of your personal data with suppliers and sub-contractors is necessary for the performance of our Contract with them;
  • The sharing of your personal data with businesses used by us to suggest ways to improve our service to you by using surveys and asking for users opinions is based on Public Task which allow us to provide them with some of your Personal Data Under our control.
  • If you do not want to be contacted by such survey companies you can let us know by email or telephone.


Under data protection law, you have a number of different rights relating to the use of your Personal Data. A summary of those rights, what is involved and what our obligations are, is listed below. More information about your rights and our obligations can be found on the ICO website

A right of access:

This is a right to obtain access to your personal data and various supplementary information. 

We must provide you with a copy or your Personal Data and the other supplementary information without undue delay and in any event within one month of receipt of your request; We cannot charge you for doing so save in specific circumstances (such as where you request further copies of your Personal Data).

A right to have personal data rectified:

This is a right to have your Personal Data rectified if it is inaccurate or incomplete. 

We must rectify any inaccurate or incomplete information without undue delay and in any event within 1 month of receipt of your request; If we have disclosed your Personal Data to others, we must (subject to certain exceptions) contact the recipients to inform them, that your Personal Data requires rectification.

A right to erasure:

This is a right to have your Personal Data deleted or removed. This right only applies in certain circumstances (such as where we no longer need the Personal Data for the purposes for which it was collected). We have the right to refuse to delete or remove your personal data in certain circumstances. 

If this right applies, we must delete or remove your Personal Data without undue delay and in any event within 1 month of receipt of your request; If we have disclosed your Personal Data to others, we must (subject to certain exceptions) contact then recipients to inform them that your Personal Data must be erased.

A right to data portability:

This is a right to obtain and re-use your Personal Data for your own purposes; It includes a right to ask that your Personal Data is transferred to another organisation (where technically feasible). This right only applies in certain limited circumstances. Following a request relating to Data Portability we will transmit the relevant personal data to the data subject or their nominated data controller where it is possible and technically feasible for us to do so.

If this right applies we must provide your Personal Data to you in a structured, commonly used and machine readable form. Again, we must act without undue delay and in any event within 1 month of receipt of your request; We cannot charge you for this service.

A right to object:

This is a right to object to the use of your Personal Data. The right applies in certain specific circumstances only. You can use this right to challenge our use of your Personal Data based on our legitimate interests; You can also use this right to object to use of your Personal Data for direct marketing.

If you object to us using your Personal Data for direct marketing, we must stop using your Personal Data in this way as soon as we receive your request. If you object to other uses of your Personal Data, whether we have to stop using your Personal Data will depend on the particular circumstances.

A right to object to automated decision making:

This is a right not to be subject to a decision which is made solely on the basis of automated processing of your Personal Data where the decision in question will have a legal impact on you or a similarly significant effect. We may use Automated decision making about you if it is necessary for entering into or performing a Contract with you or where you Consent to the actions.

Where such a decision is made, you must be informed of that fact as soon as reasonably practicable; You then have 21 days from receipt of the notification to request that the decision is reconsidered or that a decision is made that is not based solely on automated processing; Your request must be complied with within 21 days.

A right to restrict processing:

This is a right to ‘block’ or suppress processing of your Personal Data. This right applies in various circumstances including where you contest the accuracy of your information).

If we are required to restrict our processing of your Personal Data we will be able to store it but not otherwise use it. We may only retain enough information about you to ensure that the restriction is respected in future. If we have disclosed your Personal Data to others, we must (subject to certain exceptions) contact them to tell them about the restriction on use.

Legitimate interests and data from sources other than the Data Subject:

If the processing is based on Legitimate Interests, you are entitled to know what and whose Legitimate Interests they are. This lawful basis is used only after conducting a three part test to ensure the data subjects rights are properly protected. If we process data about you but we have not obtained the data personally from you, we must provide you with the information described in this Privacy Notice and some additional information. You are entitled to know the source of the information and whether the source is publicly accessible.

There are some exceptions to the additional information rule. If we obtain your Personal Data from a source other than yourself, the additional information rules will apply unless: You already have the information regarding our processing; or it would take a disproportionate effort or be impossible to provide you with it; or you are already legally protected under separate provisions; or we have a legal duty not to disclose it.


You can get in touch with us in the following ways:

Postal address: 4th Floor 2 Callaghan Square Cardiff CF10 5BT
Email address:
Phone number: 02920348200

We have appointed a Data Protection Officer (DPO) to oversee our compliance with data protection law and this privacy notice. He may be contacted via the details set out above. If you have any questions about this privacy notice, how we handle your Personal Data or if you wish to make a complaint, please contact


If we are unable to deal with a complaint to your satisfaction or if you are unhappy with the way we are using your personal data, you also have the right to make a complaint at any time to the UK’s supervisory authority for data protection issues, the Information Commissioner’s Office.


There may be developments in how we use your data according to changes in the Law.

We reserve the right to make changes to this Data Protection and Privacy Policy at any time without notice and it is your responsibility to revisit this page from time to time to re-read this policy including any and each time you visit our website.

Any revised terms shall take effect as at the date of posting.

If you don’t find your concern addressed here, feel free to contact us using the contact details provided above.