Norton Priory Museum Trust Limited needs to gather and use certain information about individuals. These can include visitors, customers, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact.
This policy describes how this personal data must be collected, handled and stored to meet the company’s data protection standards – and to comply with the law.
Data protection law
The General Data Protection Regulation (GDPR) applies in the UK and across the EU from May 2018. It requires personal data shall be:
1. Processed lawfully, fairly and in a transparent manner in relation to individuals;
2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research or statistical purposes shall not be considered to be incompatible with the initial purposes;
3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
4. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by GDPR in order to safeguard the rights and freedoms of individuals;
6. Processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
7. The controller shall be responsible for, and be able to demonstrate, compliance with the principles.
Who we are
Norton Priory Museum Trust Limited
Charity registration number: 504870
We are registered as a data controller under the Data Protection Act 1998, and our Data Protection Register number is: Z6241067
Any electronic communications will be made in accordance with the Privacy and Electronic Communications Regulations (PECR).
What information do we collect about you?
We collect the personal data that you may volunteer as part of ticket bookings, online purchases, Membership or donation forms, e-newsletter sign-ups and visitor surveys.
Personal information we collect may include:
• your name, title, gender and date of birth;
• postal address, email address and phone number;
• family and spouse/partner details, relationships to other donors and/or Members;
• current interests and activities.
We will also collect and hold information about any contact you have with us as a visitor, customer or supporter of The Norton Priory Museum Trust Limited, and may consist of details of:
• ticket purchase and event registration / attendance;
• online retail purchases;
• contact preferences;
• gift information, including Direct Debit bank details where applicable;
• Gift Aid status;
• details of correspondence sent to you, or received from you;
• donor status and wealth assessment information;
• employment information and professional activities;
• where relevant, selected media coverage;
• any other information provided by yourself at the request of The Norton Priory Museum Trust Limited.
When we ask you to provide your personal information we will let you know why we are asking, and how we will use your data, by directing you towards this notice.
What we do with your information
Depending on your relationship with the Norton Priory Museum Trust Limited, and the preferences you have indicated, data we hold may be used by us for the following purposes:
- Send you promotional, marketing or fundraising information by post, telephone or electronic means. These types of communications can include:
- Informing you of other products, services or events related to The Norton Priory Museum Trust Limited, such as exhibitions, events, or retail offers.
- News and updates about The Norton Priory Museum Trust Limited, such as via Explorer magazine or What’s On guides, and marketing or supporter e-newsletters.
- Information on our fundraising operations, including occasional targeted requests to consider giving financial support to The Norton Priory Museum Trust Limited, or to ask you to consider supporting us in other ways.
- Other relevant communications based upon your relationship with The Norton Priory Museum Trust Limited.
- Data screening and cleansing
- Wealth screening and research, to help us understand our donors and potential donors, including gathering information from publicly available resources to give an insight into your philanthropic interests and ability to support The Norton Priory Museum Trust Limited.
- To send you surveys, and for market research purposes.
- Tools may be used to monitor the effectiveness of our communications with you, including email tracking, which records when an e-newsletter from us is opened and/or how many links are clicked within the message. The data from this tracking is generally used in an aggregated and anonymised form.
You can opt out of any / all of our communications at any point simply by contacting email@example.com
There are some Membership and donation communications that we are required to send regardless of your contact preferences. These are essential communications, deemed necessary to fulfil our contractual obligations to you. This would include Direct Debit confirmations and advanced notices, thank you letters, Member benefits such as Explorer magazine and Membership cards, renewal reminders, Gift Aid confirmation letters and querying returned mail or bounced Direct Debit payments with you.
How we update, screen and analyse your information
We continuously review records of supporters to ensure your data is as accurate as possible. We may consult alternative sources in order to undertake these checks, such as:
• Royal Mail National Change of Address database (NCOA);
• BT Operator Services Information System (OSIS);
• Reviewing employment information that you have made publicly available via social media;
• Newspaper articles, publications and company websites;
• Companies House and other company information databases;
• Charity Commission
• Any other publicly available sources.
Where we appoint an external party to undertake a screening of information, any such arrangements will be subject to a formal agreement between The Norton Priory Museum Trust Limited and that organisation, to protect the security of your data.
We may segment the information we hold about you in our database based on a proprietary score. These scores are calculated using personal data, as well as how engaged with us you have previously been, and indicators of future engagement. Analysis of this helps us understand our Members, donors and potential donors to ensure we are efficient and that only relevant communications are sent to you.
You can opt-out of your data being utilised for wealth screening, data cleaning or analysis (with the aims of targeting communications with you appropriately, or finding up to date contact information in the case of gone away mail) simply by contacting firstname.lastname@example.org
Who we might share your information with
We do not disclose personal data to any third parties or external organisations, other than data processors carrying out work on our behalf.
Examples of such data processors would be bulk email distribution services. Any such companies are acting as approved data processors for The Norton Priory Museum Trust Limited, and we retain full responsibility for your personal data. Data processors will act only on our instructions and information will not be shared with other organisations or individuals.
We may occasionally need to transfer your personal information overseas, for instance to our bulk email distributor, MailChimp. Where this is necessary, this may be to countries or territories around the world.
We are required to ensure any transfers of data will be done securely, in accordance with best practice, and in compliance with the General Data Protection Act (GDPR) 2018.
Your data will never be sold or passed to any third party for any other purpose.
How we keep your information secure
We have implemented security procedures, rules and technical measures to protect the personal data that we have under our control from:
• unauthorised access;
• improper use or disclosure;
• unauthorised modification.
All our employees and data processors, who have access to, and are associated with the processing of personal data, are legally obliged to respect the confidentiality of our visitors’ and supporters’ personal data.
Data Protection Officer
We have appointed Lynn Smith, the Senior Keeper as Data Protection Officer (DPO). The tasks of the DPO are:
• To inform and advise the organisation and its employees about their obligations to comply with the GDPR and other data protection laws
• To monitor compliance with the GDPR and other data protection laws, including managing internal data protection activities, advise on data protection impact assessments; train staff and conduct internal audits
• To be the first point of contact for supervisory authorities and for individuals whose data is processed (employees, customers etc)
How can I access the information about me, and correct information
You can ask us if we are keeping any personal data about you and you can also request to receive a copy of that personal data – this is called a Subject Access Request.
To make a Subject Access Request you will need to provide adequate proof of identity such as a copy of your passport, birth certificate or driving licence before your request can be processed. There may also be a fee of up to £10 depending on the volume of work required.
Please try to be as clear as possible about the information you are seeking.
Once we have received your Subject Access Request, the agreed fee and proof of identity, you will receive a response from us within 40 days and you will be able to get copies of any information we hold on you. However, exemptions to disclosure may apply in some circumstances.
Subject Access Requests should be sent to:
Lynn Smith (Data Protection Officer)
Norton Priory Museum Trust Limited
At any time you may request that we delete or correct your personal information. If you wish to correct any information on you held by the Norton Priory Museum Trust Limited, simply contact email@example.com
Changes to our privacy notice and how to contact us
We regularly review our privacy notice, and may make changes time to time. Any changes made will be posted to this page, and will apply from the time we post them. This privacy notice was last changed on 21st May 2018.
If you have any comments on our privacy notice, or information we hold about you please contact us by email to firstname.lastname@example.org or write to us at Norton Priory Museum Trust Limited. Tudor Road, Manor Park, Runcorn, Cheshire, WA7 1SX