The American Museum & Gardens is committed to protecting your privacy and security. This policy explains how and why we use your personal data to ensure that you remain informed and in control of your information.
From 25 May 2018 the American Museum will ask its members and other supporters to “opt-in” for marketing communications. This is due to a change to the rules which govern how we can communicate with you and a new regulation on personal data (the General Data Protection Regulation) coming into force in May 2018. We are, therefore, introducing a new approach that relies on you giving us your consent about how we can contact you. This means you’ll have the choice of whether you want to receive these messages and be able to select how you want to receive them (email or post).
You can decide not to receive communications or change how we contact you at any time. If you wish to do so, please contact the Museum by emailing firstname.lastname@example.org, or writing to American Museum & Gardens, Claverton Manor, Bath BA2 7BD and marking your email or envelope ‘No further communications please’.
We will never sell your personal data, and will only ever share it for legal or financial reasons which relate to an American Museum & Gardens product eg. HMRC and Gift Aid
Any questions you have in relation to this policy, or how we use your personal data, should be sent to email@example.com or addressed to the American Museum & Gardens, Claverton Manor, Bath, BA2 7BD.
2. About us
Your personal data (i.e. any information which identifies you, or which can be identified as relating to you personally) will be collected and used by the American Museum in Britain. We are a registered charity no. 1106989
The American Museum & Gardens is based at Claverton Manor, Bath BA2 7BD
3. What information we collect
Personal data you provide
We collect and store data you provide to us. This includes information you provide when becoming a member, making a donation, or purchasing event tickets. For example:
- personal details (name, email, address, telephone etc.) when you join as a member or make a donation
- financial information (payment information such as credit/debit card or direct debit details, and whether transactions are gift-aided. Please see section 8 for more information on payment security).
- If you purchase American Museum membership as a gift for someone or join as a family your details will be recorded (as will the recipients).
Information created by your involvement with the American Museum
Your activities and involvement with the American Museum will result in personal data being created. This could include details of how you’ve helped us by volunteering, donating, or participation in one of our ticketed events.
If you decide to donate to us then we will keep records of who you are, your contact details, when and what you have given, but not your bank details.
Information from third parties
We may collect information from social media where you have given us permission to do so, or if you post on one of our social media pages.
Occasionally, we may collect information about certain supporters (e.g. particularly well known or influential people) from public sources. This could include public databases (such as Companies House), news, or other media. We don’t do this to everyone, and it is the exception not the rule.
Sensitive personal data
We do not normally collect or store sensitive personal data (such as information relating to health, beliefs, or political affiliation) about supporters and members. There are, however, some situations where this will occur (e.g. if you volunteer with us or if you have an accident at the Museum). If this does occur, we’ll take extra care to ensure your privacy rights are protected.
If you’re a volunteer (whether specifically for the American Museum & Gardens, or if you are helping us for other reasons – for example you work for another organisation which is running an event with us) then we may collect extra information about you (e.g. references, criminal records checks, details of emergency contacts, medical conditions etc.). This information will be retained for legal reasons, to protect us (including in the event of an insurance or legal claim) and for safeguarding purposes.
3. How we use information
We only ever use your personal data with your consent, or where it is necessary in order to:
- enter into, or perform, a contract with you;
- comply with a legal duty;
- protect your vital interests;
- for our own (or a third party’s) lawful interests, provided your rights don’t override these.
In any event, we’ll only use your information for the purpose or purposes it was collected for (or for closely related purposes):
We use personal data to communicate with people, to promote the American Museum & Gardens and to help with fundraising. This includes keeping you up to date with our news, updates, campaigns, and fundraising information. For further information on this please see Section 5 (Marketing).
We use personal data for administrative purposes and for legal reasons (i.e. to carry on our charity work or show provenance of collections). This includes:
- receiving donations (e.g. direct debits, gift-aid instructions, or provenance);
- maintaining databases of our volunteers, members and supporters;
- performing our obligations under membership contracts;
- recording ownership of collections held at the Museum;
- helping us respect your choices and preferences (e.g. if you ask not to receive marketing material, we’ll keep a record of this).
Internal research and analysis
We carry out research and analysis on our supporters, donors, and volunteers to determine the success of campaigns and appeals, better understand behaviour and responses, and identify patterns and trends. This helps inform our approach towards campaigning and makes the American Museum & Gardens stronger and a more effective organisation. Understanding our supporters, and what they care about also helps us provide a better experience (e.g. through more relevant communications).
Responding to your questions or feedback
If you ask us a question via letter, email or via our website contact form, we will only use details you provide to us for responding unless you consent (via the our website) to receive marketing information.
4. Disclosing and sharing data
We will never sell or share your personal data.
From 25 May 2018 the American Museum & Gardens will ask its members and other supporters to ‘opt-in’ for most communications. This includes all our marketing communications. The term marketing is broadly defined and includes fundraising.
This means you’ll have the choice as to whether you want to receive these messages and be able to select how you want to receive them (post or email).
You can decide not to receive communications or change how we contact you at any time. If you wish to do so please contact the Museum by emailing firstname.lastname@example.org, or writing to American Museum & Gardens, Claverton Manor, Bath BA2 7BD and marking your email or envelope ‘No further communications please’.
What does ‘marketing’ mean?
Marketing does not just mean offering things for sale, but also includes news and information about:
- appeals and fundraising;
- volunteering opportunities and how you can help;
- our events;
- products, services, and offers (our own, and those of third parties which may interest you);
- leaving a legacy.
As a charity, we rely on donations and support from others to continue our work. From time to time, we will contact members and supporters with fundraising material and communications. This might be about an appeal, or to suggest ways you can raise funds (e.g. an event or activity).
As with other marketing communications, we’ll only contact you specifically about fundraising if you’ve opted in to receiving marketing from us (and you can, of course, unsubscribe at any time).
The American Museum & Gardens operates a loyalty scheme in its café. No personal information is asked, or stored, for this scheme.
6. Young people
Photographs, pictures and stories
We want young people to enjoy their visit to the American Museum & Gardens, and there are opportunities on our social media platforms to share photographs, stories, and pictures. If we share or seek to publish your child’s picture, photograph, or story, we’ll usually include their first name and age alongside it. If they write an article or story for us, we might also include their surname alongside it.
Parental permission: If your child is under 18 then we’ll need permission from you as their parent or guardian for them to enter one of our competitions or to share a picture, photograph, or story with us.
Information for parents
We take great care to protect and respect the rights of individuals in relation to their personal data, especially in the case of children. If your child is under 18, we’ll only use his or her personal data with your consent. This means that, for example, if your child wants to have his or her name or picture featured in one of our publications, website, or social media we’ll need you to confirm you’re happy for us to do so.
Marketing and fundraising
We won’t send marketing emails, letters, calls or messages to under 18 year-olds and, in order to donate to the American Museum & Gardens, you need to be an adult.
Membership and young people’s information
American Museum & Gardens adult membership is available to individuals aged 18 and over.
We won’t use young people’s personal data, attached to a family membership, for marketing purposes and we won’t profile it.
7. How we protect data
We employ a variety of physical and technical measures to keep your data safe and to prevent unauthorised access to, or use, or disclosure of your personal information.
Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means). Our staff receive data protection training and we have a set of detailed data protection procedures which personnel are required to follow when handling personal data.
If you use a credit card to donate, purchase a membership, or other product at the Museum, we will pass your credit card details securely to our payment provider (WorldPay). The American Museum in Britain complies with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council, and will never store card details.
Of course, we cannot guarantee the security of your home computer or the internet, and any online communications (e.g. information provided by email or our website) are at the user’s own risk.
Where we store information
The American Museum & Gardens operations are based in the UK and US. We store our data within the European Union but some data is accessible in our US office. Some organisations which provide services to us may transfer personal data outside of the EEA, but we’ll only allow them to do so if your data is adequately protected.
For example, some of our systems use Microsoft products. As a US company, it may be that using their products result in personal data being transferred to or accessible from the US. However, we’ll allow this as we are certain personal data will still be adequately protected (because Microsoft is certified under the USA’s Privacy Shield scheme).
How long we store information
We will only use and store information for so long as it is required for the purposes it was collected for. How long information will be stored for depends on the information in question and what it is being used for. For example, if you ask us not to send you marketing emails, we will stop storing your emails for marketing purposes (though we’ll keep a record of your preference not to be emailed).
We continually review what information we hold and delete what is no longer required. We never store payment card information.
10. Keeping you in control
We want to ensure you remain in control of your personal data. Part of this is making sure you understand your legal rights, which are as follows:
- the right to confirmation as to whether or not we have your personal data and, if we do, to obtain a copy of the personal information we hold (this is known as subject access request);
- the right to have your data erased (though this will not apply where it is necessary for us to continue to hold the data for a lawful reason);
- the right to have inaccurate data rectified;
- the right to object to your data being used for marketing or profiling; and
- where technically feasible, you have the right to personal data you have provided to us which we process automatically on the basis of your consent or the performance of a contract. This information will be provided in a common electronic format.
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so.
If you would like further information on your rights or wish to exercise them, please write to the Membership Secretary, American Museum & Gardens, Claverton Manor, Bath BA2 7BD
You can complain to the American Museum & Gardens directly by contacting our Membership Secretary using the details set out above. If wish to make a complaint (including a complaint about our/a fundraising activity) which does not directly relate to your data protection and privacy rights, you can do so in accordance with our complaint policy.
If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to the UK Information Commissioner’s Office which regulates and enforces data protection law in the UK. Details of how to do this can be found at www.ico.org.uk