This policy explains how We use the data you share with Us, or that We collect about you. It details why and how We collect your data, why We keep it, what We use it for, and what you can do if you’re unhappy about how We use it. Maidenhead Heritage Centre processes data in accordance with the General Data Protection Regulation (“GDPR”), the Privacy and Electronic Communications Regulations (PECR) and the Data Protection Act.
Who are “We”?
When We use “We”, “Us” or “Our” we mean the Maidenhead Heritage Trust operating as the Maidenhead Heritage Centre and the ATA Museum. The Maidenhead Heritage Trust is a charity registered in England and Wales (1045746). Our address is 18 Park Street, Maidenhead, Berks, SL6 1SL
What is personal data?
“Personal data” means information that can be used to identify a living individual. This might include your name, address, telephone number or email address. We might store a variety of other information depending on the relationship We have with you, for example:
- membership data, purchases you make from Us, donations you make, which may entail holding bank details to process standing orders or additional information to enable us to process Gift Aid claims;
- details of specific events you have attended or visits you have made as an organiser, exhibitor or visitor;
- details of organisations you represent or are involved with if you have given it to Us or made it available on public forums that We reasonably might be expected to use for research for Our work;
- objects in Our collection that you have loaned, gifted or sold to Us, and audio, paper or electronic copies of archive material, oral histories, associated with those objects or with the history of Maidenhead; and
- if you are a member of Our staff or volunteer with Us We will store details We need to comply with the law, to ensure your safety and that of Our visitors.
How We collect personal data
Personal information is primarily collected during transactions with you, for example when buying a ticket, making a donation, attending or participating in an event, or working for Us in a paid or voluntary capacity. You will also share it with Us when you sign up for Our newsletters or enter competitions, either in person at the Museum or via Our website or social media channels, or when you register to use Wi-Fi on Our site. You will know We have this information because you will have given it to Us.
We may have your information if it has been shared with your consent by a third party, such as another museum or heritage body. We may supplement information We hold with other relevant, publicly available information, such as social media accounts, published articles or information available through the Charity Commission.
How We use personal data
We use your personal data in a variety of ways, depending on the relationship(s) We have with you. The most common of these ways include:
- communicating with you;
- fulfilling requests from you or agreements We have with you, such as applications for and delivery of Membership and its benefits;
- processing sales transactions, donations or other payments;
- identifying visitors, suppliers and participants to the Museum and its events;
- keeping a record of any interactions We have with you;
- providing you with information that We think may be of interest to you, including information about the Museum, its events and the projects it is undertaking, including fundraising and marketing; and
- if you are a volunteer, participant or supplier, We will use your information to help us manage the Museum and its events to provide the best possible experience for our visitors and customers.
When We contact you
Unless you have opted out, We will contact you about things that We think will interest you, based on the data We hold and our reasonable assumptions. This correspondence might include:
- information about upcoming events based on your consents and your historical attendance; and
- information about the Museum and its displays and exhibitions, including occasional requests to consider giving financial support to the Museum
Our correspondence will always include contact details or links to enable you to change your contact preferences, so even if you’ve opted-in to receiving information from Us, you can opt-out again at anytime. You can also check and change your contact preferences at any time by emailing email@example.com.
There are some Membership and donation communications that We are required to send regardless of your contact preferences. These are essential communications, deemed necessary to fulfil our contractual obligations to you. Examples would include Standing Orders changes, mandatory notices, thank you letters, Membership benefits such as the newsletter, e-newsletter and Membership cards, renewal reminders, Gift Aid confirmation letters and querying returned mail or bounced Standing Order payments with you.
With whom might We share your information?
We will not sell your information to other organisations or share it with them to use for their own purposes unless required by law to do so or you give consent.
As part of Our service to you, We may need to share your information with third-party organisations whom We engage to carry out work on Our behalf. They might include:
- suppliers who provide catering, hospitality or event services;
- specialist email distributors such as MailChimp;
- IT specialists who help manage and maintain Our database and systems;
- other professional marketing or fundraising specialists whom We engage to help us with these aspects of Our work;
- financial specialists contracted by Us to deliver specific services, such as direct debit or gift aid processing.
We only share information with these companies if they agree to abide by the GDPR and confirm that they keep the information secure and confidential and that they only use the information for the purposes it was supplied.
We will share your information if legally required to do so by the police, regulatory or other legal bodies, or if We think it is necessary to protect or defend Our rights, property or the personal safety of Our staff and volunteers or visitors to Our premises or websites.
Occasionally, We promote and manage events in partnership with other organisations, and personal data specific to that event may be collected by both Us and/or the partner organisation. When this occurs it will be clearly advised at the time the information is collected.
How do We keep your information safe and secure?
We may store information on paper files in Our registered office, on computers located in the UK, and on reputable cloud services and third-party organisations that may be situated inside or outside the European Economic Area.
The security of your data is of the greatest importance to Us and We have measures in place to protect against loss and misuse of personal data through staff training, password protection and secure filing systems.
We will only keep your information for as long as We need it to manage the relationship We have with you, based on the parameters of that relationship, or for as long as we are legally required to do so.
When We dispose of your data it will be done securely.
Personal information regarding staff and volunteers may include information that is classified as sensitive, such as (but not limited to) racial or ethnic origin, medical records and criminal records. All personal information relating to staff and volunteers is processed in line with the Information Commissioner’s Office Employment Practices Code.
What are your rights?
You have the right to change your communication consents at any time. You can do this by contacting Us via email at firstname.lastname@example.org or by writing to The Data Controller, Maidenhead Heritage Centre, 18 Park Street, Maidenhead, Berks, SL6 1SL.
You also have the right to access a copy of the information We hold about you. This is known as a Subject Access Request and you can make this by contacting Us via email at email@example.com or by writing to The Data Controller, Maidenhead Heritage Centre, 18 Park Street, Maidenhead, Berks, SL6 1SL. If We believe your request is manifestly unfounded, excessive or repetitive, We reserve the right to charge a reasonable fee.
For more information about your rights under GDPR, visit the website of the Information Commissioner’s Office at ico.org.uk