top of page
  • Facebook
  • Twitter
  • Instagram

Privacy Policy

Last updated: 22 November 2025

Carols in Cumbria is a community project that helps churches and organisations across Cumbria share details of their upcoming carol services. This website is operated by the Diocese of Carlisle.

We are committed to protecting your privacy and ensuring that your personal data is handled responsibly and in accordance with UK data protection law (UK GDPR and the Data Protection Act 2018).

If you have any questions about this policy, please contact:
robert.humphreys@carlislediocese.org.uk

1. Who we are

Carols in Cumbria
Operated by:
The Diocese of Carlisle
Church House, 19–24 Friargate, Penrith, CA11 7XR

This site gathers information about carol services across Cumbria and makes them publicly available to help people find events near them.

2. What personal data we collect

A. Information submitted through the “Submit a Carol Service” form

When you submit a carol service, we collect:

  • Contact name

  • Contact email address

  • Name of the church or organisation

  • Event details (title, date, time, location, description)

  • Optional image uploads

Your contact email and name are not published on the public website.
They are used only for administration and follow-up.

B. Automatically collected data

When you visit the website, we may collect:

  • IP address

  • Browser type and version

  • Device information

  • Pages viewed and interaction data

  • General location information

This is gathered through standard tools such as Wix Analytics and Google Analytics (if enabled).

C. Cookies

We may use cookies for:

  • Website functionality

  • Analytics

  • Improving site performance

You can control cookies in your browser settings.

3. How we use your data

We use the personal data we collect to:

  • Display carol service information on the website

  • Contact you if we need more detail about a service you submitted

  • Manage and improve the website

  • Track website performance (via analytics)

  • Ensure content remains accurate and appropriate

We do not use personal contact details for marketing purposes unless you explicitly consent.

4. Legal basis for processing

We process data under the following lawful bases:

  • Legitimate interest – to provide accurate event information to the public

  • Consent – where you choose to submit information to the website

  • Legal obligation – in case of safeguarding or regulatory requirements

You may withdraw consent at any time by contacting us.

5. How long we keep your data

  • Event information is kept for the duration of the Christmas season and may be archived for reporting purposes.

  • Contact details provided through the submission form are kept for up to 12 months and then securely deleted.

  • Analytics data may be kept longer as part of anonymised site performance records.

6. Who we share your data with

We may share data with:

  • Wix.com (the platform that hosts this website)

  • Email delivery services used to confirm submissions

  • Diocese of Carlisle staff administering the site

  • Law enforcement or safeguarding authorities, if required

We never sell or trade your personal data.

7. Where your data is stored

This website is hosted by Wix.com, which stores data on secure servers in the UK, EU, Israel, and the USA.

Wix complies with:

  • UK GDPR

  • EU GDPR

  • International data transfer safeguards

8. Your rights under UK GDPR

You have the right to:

  • Access the personal data we hold about you

  • Request corrections to inaccurate data

  • Request deletion of your data

  • Withdraw consent

  • Object to certain types of processing

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise these rights, contact:
robert.humphreys@carlislediocese.org.uk

9. Children’s privacy

This website is not directed at children.
We do not knowingly collect personal data about individuals under 18.

Event listings may include services aimed at children or families, but personal information about children is never collected or published.

10. Security

We take reasonable steps to protect the data we hold, including:

  • SSL encryption

  • Secure hosting through Wix

  • Access controls for administrators

  • Regular auditing

However, no online service can be completely secure.

11. Links to external sites

This site may link to third-party websites such as Google Maps, church websites, or social media.

We are not responsible for the privacy practices of these websites.

12. Changes to this policy

We may update this policy from time to time. Updated versions will be published on this page with a revised “last updated” date.

Contact us

If you have questions or requests relating to privacy:

📧 robert.humphreys@carlislediocese.org.uk
📍 Diocese of Carlisle, Church House, Penrith, CA11 7XR

bottom of page