This policy explains how we use the data you share with us, or that we collect about you. It details why and how we collect your data, why we keep it, what we use it for, and what you can do if you’re unhappy about how we use it. Amberley Museum (‘the Museum’) processes data in accordance with the European Union’s General Data Protection Regulation, also referred to in this document and elsewhere as GDPR, and the Privacy and Electronic Communications Regulations (PECR).
Who are “We”?
When we use “We”, “Us” or “Our” in this policy we are talking about Amberley Museum and Heritage Centre’(AMHC) which trades as ‘Amberley Museum’; Amberley Museum Trust; Amberley Museum Retail Ltd and Friends of Amberley Museum.
The Museum is registered with the ICO under Data Protection legislation. The details held are as follows:
Registration Number: Z326701X
Date Registered: 11 July 2012 Registration Expires: 10 July 2021
Data Controller: AMBERLEY MUSEUM & HERITAGE CENTRE
NEW BARN ROAD
The Data Protection Officer can be contacted at firstname.lastname@example.org
What is personal data?
Personal data is information that can be used to identify an individual. This might include your name, address, telephone number or email address. We might store a variety of other information depending on the relationship we have with you. As well as these basic personal details, examples of other things this might include are:
- Data we require to process any agreement we have with you regarding any memberships you hold with us, purchases you make from our shop or other transactional arrangements or donations you make to us. This could include bank details to process direct debits or Gift Aid information to enable us to process Gift Aid claims.
- Specific events you have attended or activities or visits you have undertaken as an organiser, exhibitor or visitor.
- Details of organisations you represent or are involved with or vehicles you own or have a demonstrable interest in if you have given it to us or made it available on public forums that we reasonably might be expected to use for research for our work.
- Objects in our collection that you have loaned, gifted or sold to us, and audio, paper or electronic copies of archive material, oral histories, associated with those objects or with the history of Amberley.
- If you are a member of staff or volunteer with us we will store details we need to ensure your safety and that of our visitors, including information required for DBS checks if appropriate, or medical history.
How do we collect personal data?
Data is primarily collected during transactions with you. You might share your data with us when you’re buying a ticket, making a donation, attending or participating in an event, or working for us in a paid or voluntary capacity. You will also share it with us when you sign up for our newsletters or enter competitions, either in person at the Museum or via our website or social media channels, or when you register to use Wi-Fi on our site. You will know we have this information because you will have given it to us. We may have your information if it has been shared with your consent by a third party, such as a car club or railway organisation.
We may supplement information we hold with other relevant, publicly available information, such as social media accounts, published articles or information available through places like Companies House.
What do we use personal data for?
We use your personal data in a variety of ways, depending on the relationship we have with you. The most common of these ways include:
- Communicating with you
- Fulfilling requests from you or agreements we have with you, such as applications for and delivery of Membership and its benefits
- Processing sales transactions, donations or other payments
- Identifying visitors, suppliers and participants to the Museum and its events
- Recording any contact we have with you
- Providing you with information that we think may be of interest to you, including information about the Museum, its events and the projects it is undertaking, including fundraising and marketing
- If you are a volunteer, participant or supplier, we will use your information to help us manage the Museum and its events to provide the best possible experience for our visitors and customers
When we contact you
Depending on the communication preferences you’ve indicated, we will contact you about things that we think will interest you, based on the data we hold and our reasonable assumptions. This correspondence might include
- Information about upcoming events based on your consents and your historical attendance
- Information about the Museum and its displays and exhibitions, including occasional requests to consider giving financial support to the Museum
Our correspondence will always include contact details or links to enable you to change your contact preferences, so even if you’ve opted-in to receiving information from us, you can opt-out at any time. You can also check and change your contact preferences at any time by emailing email@example.com .
There are some Membership and donation communications that we are required to send regardless of your contact preferences. These are essential communications, deemed necessary to fulfil our contractual obligations to you. Examples would include Direct Debit confirmations and advance notices, thank you letters, Membership benefits such as monthly e-newsletters and Membership cards, renewal reminders, Gift Aid confirmation letters and querying returned mail or bounced Direct Debit payments with you.
Who do we share your information with?
We will never sell or share your information to other organisations to use for their own purposes.
As part of our service to you, we do need to share your information with third-party organisations who we engage to carry out work on our behalf. They might include:
- Our event partners
- Mailing houses that post copies of printed material, or specialist email distributors such as MailChimp
- IT specialists who help us manage and maintain our database
- Other professional marketing or fundraising specialists who we engage to help us with these aspects of our work
- Financial specialists contracted by us to deliver specific services, such as direct debit or gift aid processing
We only share information with these companies if they agree to abide by GDPR regulations, that they keep the information secure and confidential and that they only use the information for the purposes it was supplied.
We will also share your information if legally required to do so by the police, regulatory or other legal bodies, or if we think it is necessary to protect or defend our rights, property or the personal safety of our staff and volunteers or visitors to our premises or websites.
Occasionally, we promote and manage events in partnership with other organisation, and personal data specific to that event is collected by both us and the partner organisation. When this is the case it will be clearly advised at the time the information is collected.
We use CCTV for security purposes which records movements of individuals around our site. This data is kept for an appropriate time, dependent on the assessment of current risk.
How do we keep your information safe and secure?
We store information on paper files in our registered office, on computers located in the UK, and on reputable cloud services and third party organisations that may be situated inside or outside the European Economic Area.
The security of your data is of the greatest importance to us and we have measures in place to protect against loss and misuse of personal data through staff training, password protection and secure filing systems.
We will only keep your information for as long as we need it to manage the relationship we have with you, based on the parameters of that relationship, or for as long as we are legally required to. When we dispose of your data it will be done securely.
Personal information regarding staff and volunteers may include information that is classified as sensitive, such as racial or ethnic origin, medical records and criminal records. All personal information relating to staff and volunteers is processed in line with the Information Commissioner’s Office Employment Practices Code.
What are your rights?
You have the right to change your communication consents at any time. You can do this by emailing us at firstname.lastname@example.org or by writing to The Data Protection Officer, Amberley Museum,
New Barn Road, Amberley,
Arundel, West Sussex
You also have the right to access a copy of the information we hold about you. This is known as a Subject Access Request and you can make this by contacting us as above. If we believe your request is manifestly unfounded, excessive or repetitive, we reserve the right to charge a reasonable fee.
For more information about your rights under GDPR, visit the website of the Information Commissioner’s Office at ico.org.uk
Cookies and Tracking
Cookies are small files saved to the user’s computers hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from the website and its external serving vendors.
Other cookies may be stored to your computer’s hard drive by external vendors when this website uses referral programmes, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected.