The heathrobinsonmuseum.org website is operated by The West House and Heath Robinson Museum Trust, a charity registered in England and Wales, with charity registration number 1086567.
This Policy has been updated specifically to incorporate the requirements of the GDPR legislation and to comply with the requirements of consent and legitimate interests in any information we request, gather, store or use. We will never collect sensitive information about you without your explicit consent.
This policy will continue to be regularly reviewed and updated where necessary to take account of legislative or regulatory change or where we change any aspect of how we operate.
Throughout this policy document we provide contact email addresses and we include our postal address at the end, for any queries you may have.
Throughout this Policy, any brands or third party product and service names are acknowledged where appropriate as the registered trademarks of their respective corporate owners.
INFORMATION WE COLLECT FROM OUR WEB SITE
We collect information about visitors to our site in three main ways:
- Requests you make to contact us
When you contact us, we ask for your name, email address and any message you want to provide. Depending on the nature of your query, these details are forwarded to our Museum Manager, Learning Officer or Trustees as appropriate. The recipient will then respond as you have requested. We store those contact details in our local PCs only for as long as is necessary to process your queries.
None of those details are stored by the website or our website provider.
- Requests to subscribe to our mailing list
In several places on our website we provide you with an option to subscribe to the Museum mailing list. This will link you to an opt-in form where you provide your name and email address in order to be added to the mailing list. This confirms that you wish to receive updates about news, events and any other relevant information via e-mail.
On any of our mailings you always have the option to amend your subscription preferences or to unsubscribe completely.
You can also contact us to ask to be removed from the mailing list. To do this, mail email@example.com and we will remove your name and confirm back to you accordingly.
- Visitor statistics
When someone visits our website we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out how many visitors come to our site and how they navigate around it, to help us improve the information and display options. This information does not identify you personally. We use it to help us understand which pages are visited most frequently and to identify then how we might improve our site and the overall user experience for future visitors.
Google’s own privacy policies can be viewed here https://policies.google.com/privacy
LEGITIMATE PURPOSES OF DATA COLLECTION
There are a number of reasons why we collect and process details of visitors, staff, volunteers, Friends, tenants, supply chain partners, enquirers, donors and potential donors. These include:
- To provide the central museum, exhibitions, events and retail services
- To carry out all required administration: for example, to administer donations and Friends membership, processing Gift Aid and managing suppliers
- To fulfil orders for tickets for exhibitions, workshops and events
- To process applications for membership of the Friends of Heath Robinson (FoHRM)
- To manage and support the Friends organisation
- To manage the Trust finances and reporting and governance commitments
- To maintain staff and volunteer records
- To manage our facilities and preferred suppliers
- To communicate with you to promote exhibitions, learning activities, events and workshops, to notify you about new products in our shop or special offers, keeping you up to date on what is going on and ways you may be able to help support the museum
- To gather visitor and media feedback on our exhibitions, activities and events, to make sure we continue to understand what will be of interest to visitors and that our communications reflect what visitors will want to know.
To learn more about cookies, there is more detail here https://www.aboutcookies.org/
To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the consent tool Real Cookie Banner. Details on how Real Cookie Banner works can be found at https://devowl.io/rcb/data-processing/
You can choose to remove or disable cookies via your PC or device browser settings.
THIRD PARTY SERVICES SUPPORTING OUR TRUST AND MUSEUM OPERATIONS
We use a range of industry standard software applications to support our operations. These include:
For general administration and office support services, we use Microsoft Office products including WORD, Powerpoint and Excel. Microsoft’s privacy statement can be accessed here https://privacy.microsoft.com/en-gb/privacystatement
For financial processing we and our accountants use Xero accounting software. The Xero Privacy Notice can be viewed here https://www.xero.com/uk/about/terms/privacy/
For our e-commerce and online tickets booking services we use the following industry standard secure third parties whose privacy policies are available where indicated:
All Friends personal and financial application details are stored securely and only accessed and processed by authorised users under the control of the Friends Coordinator and Museum Manager.
We monitor any emails sent to us, including file attachments, for viruses or malicious software in order to protect the security of our data and the integrity of our systems. All email accounts are password protected, with up-to-date security encryption.
Our email server is hosted and backed up externally in secure encrypted format, off-site.
JOB AND VOLUNTEER APPLICATIONS
If you apply to the Museum for employment or to be one of our volunteers, we will ask you to complete an application form. We will use the information you supply to us to process your application. We also analyse and monitor recruitment statistics.
Where we will need to disclose information about you to a third party, for example where we need to take up references, we will agree this with you in advance.
Any personal information about unsuccessful candidates will be held for 1 year after the recruitment exercise has been completed, after which it will be destroyed, unless you have asked us to destroy it earlier or allowed us to retain it for longer by written request.
THE DATA WE HOLD ABOUT YOU
Under the data protection regulations, if we hold any information about you, you can request a copy of this. Should you wish to obtain a copy of the personal data that we hold on you, please send an email to the following address: firstname.lastname@example.org
If we do hold information, we will give you a description of this. This could be over the phone if you agree to that or we can mail you a notification. If we do hold information about you, you can ask us to correct any mistakes by contacting us by email, post or phone.
In accordance with the compliance requirements, we keep information only for as long as necessary for each purpose and to meet statutory requirements in terms of employee and tax records.
KEEPING YOUR INFORMATION SAFE
Any servers where data is stored are kept secure. All computers and relevant software are password-protected and the number of users of personal data is as kept as small as possible.
Only authorised persons have access to your information and every authorised user is provided with appropriate training to manage and protect your information.
Paper-based application forms, employee and volunteer records and the Friends paperwork are all stored in lockable filing cabinets and offices, with only authorised named users having access to keys.
Our objective is to work to the highest standards of security and confidentiality when collecting and using personal information.
Data Protection, Heath Robinson Museum Pinner Memorial Park 50 West End Lane Pinner HA5 1AE
Our nominated Data Controller is Lucy Smith, Museum Manager. She can be contacted by email at email@example.com or by phone on 020 8866 8420.
If we receive any complaint, we will acknowledge it within two days and will investigate it fully and contact you as quickly as possible with our findings.
We aim to resolve any complaint within 10 working days, but we will communicate with you throughout our investigation to let you know progress and any queries.
This policy will be reviewed every 3 years.
Date on which this policy was approved by governing body: 10/10/2023
Date at which this policy is due for review: 1/10/2026