Privacy & Cookies

PRIVACY POLICY 2018 – GDPR UPDATE

 

The heathrobinsonmuseum.org website is operated by The West House and Heath Robinson Museum Trust, a charity registered in England and Wales, with charity registration number 1086567.

We take all matters of information and data security and confidentiality very seriously. This Privacy Policy explains our approach to protecting any information provided by or collected from visitors to our website. It also describes the purposes of data collection across the Trust and museum activities and lists the third party services and software applications we use to support the Trust and museum operations. Some of these third party services are accessed or linked to from our website.  

Our privacy policy relates to information that you may provide to us via the website or that we obtain from you when you visit our website. If you visit a website operated by a third party through a link included on this website, your information may be used differently by the operator of the linked website. 

This Policy has been updated specifically to incorporate the requirements of the GDPR legislation and to comply with the requirements of consent and legitimate interests in any information we request, gather, store or use. We will never collect sensitive information about you without your explicit consent.

This policy will continue to be regularly reviewed and updated where necessary to take account of legislative or regulatory change or where we change any aspect of how we operate.

Throughout this policy document we provide contact email addresses and we include our postal address at the end, for any queries you may have.  

Throughout this Policy, any brands or third party product and service names are acknowledged where appropriate as the registered trademarks of their respective corporate owners.

The West House and Heath Robinson Museum Trust

May 2018
 

INFORMATION WE COLLECT FROM OUR WEB SITE

We collect information about visitors to our site in three main ways:

1.   Requests you make to contact us

When you contact us, we ask for your name, email address and any message you want to provide.  Depending on the nature of your query, these details are forwarded to our Museum manager, Learning Officer, Marketing/PR team or Trustees as appropriate. The recipient will then respond as you have requested.  We store those contact details in our local PCs only for as long as is necessary to process your queries.

None of those details are stored by the website or our website provider.   

2.   Requests to subscribe to our mailing list

In several places on our website we provide you with an option to subscribe to the Museum mailing list. This will link you to an opt-in form where you provide your name and email address in order to be added to the mailing list. This confirms that you wish to Top of Form

receive updates about news, events and any other relevant information via e-mail.

Our mailing list is maintained securely in the industry standard system mailchimp, whose own privacy policy can be viewed at https://mailchimp.com/legal/privacy/

On any of our mailings you always have the option to amend your subscription preferences or to unsubscribe completely.

You can also contact us to ask to be removed from the mailing list. To do this, mail pressoffice@heathrobinsonmuseum.org and we will remove your name and confirm back to you accordingly. 

3.  Visitor statistics

When someone visits our website we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out how many visitors come to our site and how they navigate around it, to help us improve the information and display options. This information does not identify you personally. We use it to help us understand which pages are visited most frequently and to identify then how we might improve our site and the overall user experience for future visitors.

Google’s own privacy policies can be viewed here https://policies.google.com/privacy

 

LEGITIMATE PURPOSES OF DATA COLLECTION

There are a number of reasons why we collect and process details of visitors, staff, volunteers, Friends, tenants, supply chain partners, enquirers, donors and potential donors. These include:

  • To provide the central museum, exhibitions, events and retail services
  • To carry out all required administration: for example, to administer donations and Friends membership, processing Gift Aid and managing suppliers
  • To fulfil orders for tickets for exhibitions, workshops and events
  • To process applications for membership of the Friends of Heath Robinson (FoHRM)
  • To manage and support the Friends organisation
  • To manage the Trust finances and reporting and governance commitments
  • To maintain staff and volunteer records
  • To manage our facilities and preferred suppliers
  • To communicate with you to promote exhibitions, learning activities, events and workshops, to notify you about new products in our shop or special offers, keeping you up to date on what is going on and ways you may be able to help support the museum 
  • To gather visitor and media feedback on our exhibitions, activities and events, to make sure we continue to understand what will be of interest to visitors and that our communications reflect what visitors will want to know.

 

COOKIES

We use cookies to provide the services and features offered on our website, and to improve our user experience. Cookies are small files or other pieces of data which are downloaded or stored on your computer or other device that can be linked to information about your use of a website.

To learn more about cookies, there is more detail here https://www.aboutcookies.org/

The links we provide below for the privacy policies of third party services we use will also contain more detail about how each of those services uses cookies. 

You can choose to remove or disable cookies via your PC or device browser settings.

 

THIRD PARTY SERVICES SUPPORTING OUR TRUST AND MUSEUM OPERATIONS

We use a range of industry standard software applications to support our operations. These include:

For general administration and office support services, we use Microsoft Office products including WORD, Powerpoint and Excel.  Microsoft’s privacy statement can be accessed here https://privacy.microsoft.com/en-gb/privacystatement

For financial processing we and our accountants use Xero accounting software.  The Xero Privacy Notice can be viewed here https://www.xero.com/uk/about/terms/privacy/

Payroll services are provided by David Simon Ltd whose privacy policy can be viewed here https://www.davidsimon.co.uk/disclaimer

For our e-commerce and online tickets booking services we use the following industry standard secure third parties whose privacy policies are available where indicated:

K3 Business Technology Group plc   http://www.k3btg.com/privacy-policy/
Shopify https://www.shopify.com/legal/privacy
Digitickets http://www.digitickets.co.uk/privacy-policy

For our online shop once fully operational we will publish a separate privacy policy and we will then reference that here in an update.

For donations through our website we use the secure BT plc MyDonate site, an online service for UK-based charities to raise money using BT’s payment processing system. Their privacy policy is here https://www.btplc.com/mydonate/aboutmydonate/Privacypolicy/index.aspx

For the Friends of Heath Robinson Museum (FoHRM) organisation, in addition to printed application forms that you may complete to join, we provide online sign-up with direct debit capabilities via Donor Debit, a specialist Direct Debit processing service for charities.  Their privacy policy can be viewed here http://www.donordebit.co.uk/privacy-policy 

All Friends personal and financial application details are stored securely in the Museum office and only accessed and processed by authorised users under the control of the Friends Coordinator and Museum Manager.

For storing information about our exhibitions and Museum activities, we use the online information sharing service Huddle.  All use is limited to authorised users with password-controlled log-ins. The Huddle privacy policy can be viewed here https://www.huddle.com/privacy/ 

Online visitor surveys are collected in surveymonkey.com.  The questionnaire in the survey elicits visitor feedback about exhibitions, activities and facilities provided at the museum and West House, seeking to identify which elements of our offering visitors find most interesting and enjoyable, as well as any areas for improvement.  Visitor input is anonymised and is analysed and reviewed by the customer experience team, management board and marketing/PR team to identify any actions that may help to bring in more visitors and enhance the visitor experience.  The surveymonkey privacy policy can be viewed here https://www.surveymonkey.com/mp/legal/privacy-policy/

 EMAIL COMMUNICATIONS

We monitor any emails sent to us, including file attachments, for viruses or malicious software in order to protect the security of our data and the integrity of our systems. All email accounts are passworded, with up-to-date security encryption.

Our email server is hosted and backed up externally in secure encrypted format, off-site.

 

JOB AND VOLUNTEER APPLICATIONS

If you apply to the Museum for employment or to be one of our volunteers, we will ask you to complete an application form.  We will use the information you supply to us to process your application. We also analyse and monitor recruitment statistics.

Where we will need to disclose information about you to a third party, for example where we need to take up references, we will agree this with you in advance.

Any personal information about unsuccessful candidates will be held for 6 months after the recruitment exercise has been completed, after which it will be destroyed, unless you have asked us to destroy it earlier or allowed us to retain it for longer by written request.

 

THE DATA WE HOLD ABOUT YOU

Under the data protection regulations, if we hold any information about you, you can request a copy of this. Should you wish to obtain a copy of the personal data that we hold on you, please send an email to the following address: manager@heathrobinsonmuseum.org

If we do hold information, we will give you a description of this. This could be over the phone if you agree to that or we can mail you a notification.  If we do hold information about you, you can ask us to correct any mistakes by contacting us by email, post or phone.

In accordance with the compliance requirements, we keep information only for as long as necessary for each purpose and to meet statutory requirements in terms of employee and tax records. 

 

KEEPING YOUR INFORMATION SAFE

Any servers where data is stored are kept secure.  All computers and relevant software are password-protected and the number of users of personal data is as kept as small as possible. 

Only authorised persons have access to your information and every authorised user is provided with appropriate training to manage and protect your information. 

Paper-based application forms, employee and volunteer records and the Friends paperwork are all stored in lockable filing cabinets and offices, with only authorised named users having access to keys. 

 

COMPLAINTS

Our objective is to work to the highest standards of security and confidentiality when collecting and using personal information.

If you have any complaint regarding anything that may constitute a breach of this privacy policy, please contact us at

Data Protection
Heath Robinson Museum
Pinner Memorial Park
50 West End Lane
Pinner HA5 1AE  

Our nominated Data Controller is Lucy Smith, manager of the Museum. She can be contacted by email at manager@heathrobinsonmuseum.org or by phone on 020 8866 8420.

If we receive any complaint, we will acknowledge it within two days and will investigate it fully and contact you as quickly as possible with our findings.

We aim to resolve any complaint within 10 working days, but we will communicate with you throughout our investigation to let you know progress and any queries.