PRIVACY POLICY
The heathrobinsonmuseum.org website is operated by The West House and Heath Robinson Museum Trust, a charity registered in England and Wales, with charity registration number 1086567.
We take all matters of information and data security and confidentiality very seriously. This Privacy Policy explains our approach to protecting any information provided by or collected from visitors to our website. It also describes the purposes of data collection across the Trust and museum activities and lists the third party services and software applications we use to support the Trust and museum operations. Some of these third party services are accessed or linked to from our website.
Our Privacy Policy relates to information that you may provide to us via the website or that we obtain from you when you visit our website. If you visit a website operated by a third party through a link included on this website, your information may be used differently by the operator of the linked website.
This Policy has been updated specifically to incorporate the requirements of the GDPR legislation and to comply with the requirements of consent and legitimate interests in any information we request, gather, store or use. We will never collect sensitive information about you without your explicit consent.
This policy will continue to be regularly reviewed and updated where necessary to take account of legislative or regulatory change or where we change any aspect of how we operate.
Throughout this policy document we provide contact email addresses and we include our postal address at the end, for any queries you may have.
Throughout this Policy, any brands or third party product and service names are acknowledged where appropriate as the registered trademarks of their respective corporate owners.
INFORMATION WE COLLECT FROM OUR WEB SITE
We collect information about visitors to our site in three main ways:
- Requests you make to contact us
When you contact us, we ask for your name, email address and any message you want to provide. Depending on the nature of your query, these details are forwarded to our Museum Manager, Learning Officer or Trustees as appropriate. The recipient will then respond as you have requested. We store those contact details in our local PCs only for as long as is necessary to process your queries.
None of those details are stored by the website or our website provider.
- Requests to subscribe to our mailing list
In several places on our website we provide you with an option to subscribe to the Museum mailing list. This will link you to an opt-in form where you provide your name and email address in order to be added to the mailing list. This confirms that you wish to receive updates about news, events and any other relevant information via e-mail.
Our mailing list is maintained securely in the industry standard system mailchimp, whose own privacy policy can be viewed at https://mailchimp.com/legal/privacy/
On any of our mailings you always have the option to amend your subscription preferences or to unsubscribe completely.
You can also contact us to ask to be removed from the mailing list. To do this, mail pressoffice@heathrobinsonmuseum.org and we will remove your name and confirm back to you accordingly.
- Visitor statistics
When someone visits our website we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out how many visitors come to our site and how they navigate around it, to help us improve the information and display options. This information does not identify you personally. We use it to help us understand which pages are visited most frequently and to identify then how we might improve our site and the overall user experience for future visitors.
Google’s own privacy policies can be viewed here https://policies.google.com/privacy
LEGITIMATE PURPOSES OF DATA COLLECTION
There are a number of reasons why we collect and process details of visitors, staff, volunteers, Friends, tenants, supply chain partners, enquirers, donors and potential donors. These include:
- To provide the central museum, exhibitions, events and retail services
- To carry out all required administration: for example, to administer donations and Friends membership, processing Gift Aid and managing suppliers
- To fulfil orders for tickets for exhibitions, workshops and events
- To process applications for membership of the Friends of Heath Robinson (FoHRM)
- To manage and support the Friends organisation
- To manage the Trust finances and reporting and governance commitments
- To maintain staff and volunteer records
- To manage our facilities and preferred suppliers
- To communicate with you to promote exhibitions, learning activities, events and workshops, to notify you about new products in our shop or special offers, keeping you up to date on what is going on and ways you may be able to help support the museum
- To gather visitor and media feedback on our exhibitions, activities and events, to make sure we continue to understand what will be of interest to visitors and that our communications reflect what visitors will want to know.
COOKIES
We use cookies to provide the services and features offered on our website, and to improve our user experience. Cookies are small files or other pieces of data which are downloaded or stored on your computer or other device that can be linked to information about your use of a website.
To learn more about cookies, there is more detail here https://www.aboutcookies.org/
To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the consent tool Real Cookie Banner. Details on how Real Cookie Banner works can be found at https://devowl.io/rcb/data-processing/
The links we provide below for the privacy policies of third party services we use will also contain more detail about how each of those services uses cookies.
You can choose to remove or disable cookies via your PC or device browser settings.
THIRD PARTY SERVICES SUPPORTING OUR TRUST AND MUSEUM OPERATIONS
We use a range of industry standard software applications to support our operations. These include:
For general administration and office support services, we use Microsoft Office products including WORD, Powerpoint and Excel. Microsoft’s privacy statement can be accessed here https://privacy.microsoft.com/en-gb/privacystatement
For financial processing we and our accountants use Xero accounting software. The Xero Privacy Notice can be viewed here https://www.xero.com/uk/about/terms/privacy/
Payroll services are provided by David Simon Ltd whose privacy policy can be viewed here https://www.davidsimon.co.uk/disclaimer
For our e-commerce and online tickets booking services we use the following industry standard secure third parties whose privacy policies are available where indicated:
- Vennersys https://vennersys.co.uk/privacy-policy/
- Shopify https://www.shopify.com/legal/privacy
Our online shop is hosted by online platform Shopify whose Privacy Policy can be viewed here https://www.shopify.com/legal/privacy The Privacy Policy for our online shop can be viewed here https://shop.heathrobinsonmuseum.org/pages/privacy-policy
For donations through our website we use the secure CAF Donate site, which is offered by the Charities Aid Foundation (CAF). Their privacy policy is here https://www.cafonline.org/privacy
For the Friends of Heath Robinson Museum (FoHRM) organisation, in addition to printed application forms that you may complete to join, we provide online sign-up with direct debit capabilities via Donor Debit, a specialist Direct Debit processing service for charities. Their privacy policy can be viewed here http://www.donordebit.co.uk/privacy-policy
All Friends personal and financial application details are stored securely and only accessed and processed by authorised users under the control of the Friends Coordinator and Museum Manager.
For storing information about our exhibitions and Museum activities, we use the online information sharing service Google Drive. All use is limited to authorised users with password-controlled log-ins. Google’s privacy policy can be viewed here https://policies.google.com/privacy
Online visitor surveys are collected in surveymonkey.com. The questionnaire in the survey elicits visitor feedback about exhibitions, activities and facilities provided at the museum and West House, seeking to identify which elements of our offering visitors find most interesting and enjoyable, as well as any areas for improvement. Visitor input is anonymised and is analysed and reviewed by the customer experience team, management board and marketing/PR team to identify any actions that may help to bring in more visitors and enhance the visitor experience. The Surveymonkey privacy policy can be viewed here https://www.surveymonkey.com/mp/legal/privacy-policy/
EMAIL COMMUNICATIONS
We monitor any emails sent to us, including file attachments, for viruses or malicious software in order to protect the security of our data and the integrity of our systems. All email accounts are password protected, with up-to-date security encryption.
Our email server is hosted and backed up externally in secure encrypted format, off-site.
JOB AND VOLUNTEER APPLICATIONS
If you apply to the Museum for employment or to be one of our volunteers, we will ask you to complete an application form. We will use the information you supply to us to process your application. We also analyse and monitor recruitment statistics.
Where we will need to disclose information about you to a third party, for example where we need to take up references, we will agree this with you in advance.
Any personal information about unsuccessful candidates will be held for 1 year after the recruitment exercise has been completed, after which it will be destroyed, unless you have asked us to destroy it earlier or allowed us to retain it for longer by written request.
THE DATA WE HOLD ABOUT YOU
Under the data protection regulations, if we hold any information about you, you can request a copy of this. Should you wish to obtain a copy of the personal data that we hold on you, please send an email to the following address: manager@heathrobinsonmuseum.org
If we do hold information, we will give you a description of this. This could be over the phone if you agree to that or we can mail you a notification. If we do hold information about you, you can ask us to correct any mistakes by contacting us by email, post or phone.
In accordance with the compliance requirements, we keep information only for as long as necessary for each purpose and to meet statutory requirements in terms of employee and tax records.
KEEPING YOUR INFORMATION SAFE
Any servers where data is stored are kept secure. All computers and relevant software are password-protected and the number of users of personal data is as kept as small as possible.
Only authorised persons have access to your information and every authorised user is provided with appropriate training to manage and protect your information.
Paper-based application forms, employee and volunteer records and the Friends paperwork are all stored in lockable filing cabinets and offices, with only authorised named users having access to keys.
COMPLAINTS
Our objective is to work to the highest standards of security and confidentiality when collecting and using personal information.
If you have any complaint regarding anything that may constitute a breach of this privacy policy, please contact us at
Data Protection, Heath Robinson Museum Pinner Memorial Park 50 West End Lane Pinner HA5 1AE
Our nominated Data Controller is Lucy Smith, Museum Manager. She can be contacted by email at manager@heathrobinsonmuseum.org or by phone on 020 8866 8420.
If we receive any complaint, we will acknowledge it within two days and will investigate it fully and contact you as quickly as possible with our findings.
We aim to resolve any complaint within 10 working days, but we will communicate with you throughout our investigation to let you know progress and any queries.
This policy will be reviewed every 3 years.
Date on which this policy was approved by governing body: 10/10/2023
Date at which this policy is due for review: 1/10/2026