National Maritime Museum Cornwall privacy statement
This privacy statement is effective as of May 2018. Reviewed and updated September 2019.
At National Maritime Museum Cornwall (NMMC) we recognise the importance of protecting your personal information and are committed to processing it responsibly and in compliance with the General Data Protection Regulation 2018.
What personal data do we collect about you?
We collect information from you in the following ways:
- When you use our website. We collect information where available including your device’s ID, IP address, operating system and browser type. This information helps us produce anonymised data about our users’ browser behaviours. Our website also uses cookies. Click here for our Cookie Policy.
- When you interact with us on our social media pages (such as Twitter Facebook, Pinterest and Instagram). We collect information about you from the social media sites if the settings on your accounts or the privacy policies of those sites give us permission to do so.
- When you sign up for our email newsletter. We collect your email address and audit when you open and click on the newsletter emails that we send to you.
- If you make a donation to us. We collect information such as your name, contact details, delivery address (if applicable) and your bank/credit card details.
- When you purchase tickets to come and visit us. We collect information such as your name, contact details, delivery address (if applicable) and your bank/credit card details
- When you purchase admission tickets or tickets for events on our online shop. We collect information such as your name, contact details, delivery address (if applicable) and your bank/credit card details
- When you visit us in person, through our CCTV footage. We operate CCTV our venue to protect your safety and for insurance purposes
- When you voluntarily provide us with your personal data whilst completing surveys or providing feedback. We collect information such as your name, email address, post code and any additional comments or information you give to us.
What do we use your personal data for?
When processing your personal data, we will only do so in relation to specific purposes and only after giving careful consideration to ensure that your privacy rights are not seriously impacted. We will process the personal data that you provide to us in the following ways for the purpose of (and on the basis of) our performance of our contractual obligations to you:
- To provide you with the services that you have requested or purchased from us, such as fulfilling your purchase of a ticket or membership through our website.
- To administer our events that you wish to attend.
- In order to verify your identity (i.e. to confirm that you are who you say you are), such as verifying your eligibility for an Annual Pass or granting you access to an age restricted event.
- Where we do research on demographics, interests and behaviour based on the information you provide to us. We do this to better understand you. This research is compiled and analysed on an anonymised basis. We may share this anonymised data with potential advertisers or business partners.
- In order to improve the services we provide to you and your experience when you come to visit us (by knowing a little bit about you we are able to deliver a better service to you).
- To respond to any queries that you ask us.
- Helping us identify and fix defects or errors in our sites, system or services.
- To carry out research in relation to your participation in any of our programmes or events that you have attended in order to measure customer satisfaction, evaluate the success of our programmes or to troubleshoot any issues.
We will process the personal data that you provide to us in the following ways in order to comply with our legal obligations:
- To retain and process records when you make a donation to us for Gift Aid transactions.
- To ensure our sites are kept secure and to prevent crime.
- For the purposes of identifying and preventing fraud.
- To comply with statutory or regulatory requirements, such as reporting requirements Health and Safety Law.
Marketing Communications
We will also process your personal data where you have given your consent for us to do so, for example:
- When you have asked to receive our e-newsletter.
- When you have asked to receive other forms of marketing communication about us.
Where we are relying on consent to process your personal data, we will only process your personal data for the purpose that you have given us consent for.
Who do we share your personal data with?
Except where we use third party services to collect information, when you are asked for personal data by us, you are sharing that information with us alone, unless we specifically state otherwise below. We may also provide your personal data to third parties who may process your data as part of the services they carry out on our behalf. In order to provide you with the services that you have requested from us, the following third parties may also need to process your personal data:
- Any statutory, governmental or regulatory body that requests personal data and that we are obliged (by law or by regulation) to provide.
- Our analytics and search engine providers that assist us in the improvement and optimisation of our website. We currently use Google Analytics.
- Competition partners who team up with us to host competitions who we share personal data with as part of our partnership.
- Campaign Monitor: if you have opted in to receive our e-newsletters your email data is stored on a secure server by Campaign Monitor.
We do not sell or rent your personal data to anyone. We will never provide your personal data to another company or charity for their marketing purposes, without your explicit consent.
How do we protect your personal data?
We will always do our best to keep your personal data secure. Steps we take in order to do this include the use of technical controls (such as encryption and network protection), limiting the number of people working for us who have access to your data and ensuring that they are trained in protecting your personal data.
Where we use external suppliers to process your personal data, we put contracts in place to make sure that they treat it as carefully as we would and use it only in accordance with the instructions that we give to them. Where these suppliers operate outside of the European Economic Area (EEA) we will make sure that the levels of protection provided are at least equal to those required by UK law.
Retention of your personal data
We will only retain your personal data for as long as we need to keep it. In considering how long to retain your data we will always take into account factors such as any ongoing obligations we have to you, the nature of our relationship with you, legal requirements (e.g. in relation to HMRC statutory retention periods) and contractual requirements. We will not keep your data indefinitely and will always dispose of it carefully when it is no longer necessary for us to retain it.
Your rights – what are the choices available to you regarding collection, use and distribution of your personal data?
The law gives you a number of rights in relation to your personal data and our use of it. You have the right:
- To ask us not to use your personal data for direct marketing purposes.
- To ask to see what personal data we hold about you and to find out about the way that we process the data.
- To ask us to correct or update any personal data which is inaccurate.
- To ask for personal data to be deleted in some (but not all) circumstances where there is no good reason for us to continue to process it.
- Not to be subject to decisions made solely on the basis of ‘automated processing’ (i.e. the right not to be subject to decisions made solely by algorithms or computers without input from a human) in certain circumstances.
If you would like to exercise any of the rights listed above, or if you have any queries or concerns about the way we use your personal data (or any questions about this privacy policy), you can contact us by email at enquiries@nmmc.co.uk, by writing to us at National Maritime Museum Cornwall, Discovery Quay, Falmouth, Cornwall, TR11 3QY or by telephone on 01326 313 388.
Your right to lodge a complaint
In the event you consider our processing of your personal information not to be compliant with the applicable data protection laws, you can lodge a complaint:
- Please contact us in the first instance at enquiries@nmmc.co.uk or by writing to us at National Maritime Museum Cornwall, Discovery Quay, Falmouth, Cornwall, TR11 3QY so we can try to put this right.
- If you are still not satisfied, you have the right to lodge a complaint with the Information Commissioner’s Office. Further information on how to do this is available on the ICO website.
How can you access, update or delete your personal data?
You may change or update any or all of the personal data that we hold about you by:
- Emailing us: enquiries@nmmc.co.uk
- Telephone us: 01326 313 388
- Write to us: National Maritime Museum Cornwall, Discovery Quay, Falmouth, Cornwall, TR11 3QY
Changing this policy
From time to time we may update this Privacy Statement. When making changes to this Privacy Statement, we will add a new date at the top of this Privacy Statement.
