PRIVACY AND SECURITY
Privacy & Security Statement
The Stained Glass Museum is committed to protecting and respecting your privacy. This Privacy Statement is for users of the Stained Glass Museum website: www.stainedglassmuseum.com.
If the policy is revised an updated version will be placed on the website.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
What if you do not agree with this Privacy Policy?
If you do not agree to our processing of your data in the manner described below please do not submit any personal data to us.
Who is the controller of the data that you provide to us?
For the purpose of the Data Protection Act 1998, this is the Stained Glass Museum, Registered Charity: 1169842
What information may we collect from you?
Policy and personal data:
We may collect and process personal data that you provide by filling in forms on the site, this includes information provided at the time of signing up to our mailing lists or requesting further services, including making an online event booking or purchase.
No personal information supplied to this website will be given to any other organisation without your explicit permission. Some services on the website are provided by third-party organisations, and you can read more about these below.
To allow some of these functions to work, we use cookies. Please see our Cookies Policy for more information.
When making purchases or payments through our website:
With regard to purchases, payments or event bookings made through our website we will be automatically provided with the following information in order to fulfil your order or process your booking, and notify you of its status:
● Name and delivery address
● Contact details (telephone and/or email address)
● Product/selections
We will hold your personal contact details on our systems for as long as is necessary to complete your order or process your booking and will remove it as soon as that the purpose has been met. Please note that some events require us to communicate with you after an event, e.g., we may need to notify you about collection of artworks following a museum workshop.
Details of payment card numbers and expiry dates etc. go through a secure server operated by an external provider (PayPal),and to which Stained Glass Museum does not have direct access. For more information see PayPal’s Privacy Policy.
When subscribing to our mailing lists through our website:
When you subscribe to our mailing lists through our online sign-up forms, your personal contact details will be transferred to our external provider (MailChimp) and processed by MailChimp.
MailChimp collects (e.g., through sign-up forms) and stores personal data within our MailChimp account in order to allow us to send email campaigns. Mailchimp may transfer personal data to sub-processors providing critical services, such as helping MailChimp prevent abuse and providing support to our customers. For more information on how this data is used, please see Mailchimp’s Privacy Policy.
When you contact us
We may ask you for information when you contact us with an enquiry or when you report a problem with the website. We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them. If you contact us, we may keep a record of that correspondence.
Technical data
With regard to each of your visits to our website we may automatically collect the following information, in order to improve our website to ensure that content is presented in the most effective manner for you and for your device, allow you to participate in any interactive features of our services when you choose to do so, and to measure or understand the effectiveness of our website:
● Technical information, including the Internet protocol (IP) address used to connect your device to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
● Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time), events or exhibitions you viewed or searched for, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
● We may work with third parties (including, for example, sub-contractors in technical, payment services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
The Stained Glass Museum may aggregate and analyse statistics about sales, web site usage and related site information on the website for internal purposes, but these will not be used to identify individuals.
The Stained Glass Museum may monitor user traffic on an aggregate basis in order to help it develop and improve the website for the benefit of all Users.
How will we use this information?
Data protection
The Stained Glass Museum uses all reasonable endeavours to comply with the Data Protection Act 1998, the Freedom of Information Act 2000 and the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and the following principles:
● Personal data should be processed fairly and lawfully. This means that individuals should not be deceived or misled into supplying information.
● Data should only be obtained for a specified purpose and should not be used for any other purpose.
● Personal data should be adequate relevant and not excessive in relation to its purpose.
● Personal data should be accurate and up to date where necessary.
● Personal data should not be kept longer than is needed for its intended purpose.
● Personal data should be processed in accordance with the rights of the individual which the information concerns.
● Appropriate measures should be taken against unlawful processing or destruction of records. Computer systems should have back up facilities and security provisions.
● Personal data should not be transferred outside of the EU.
Data processing
The personal data collected by The Stained Glass Museum is evaluated every two years (or sooner if there is a change in legislation) to determine whether it is current and still needs to be held. Subject to any legal retention requirements, e.g. VAT regulations require appropriate financial records to be retained for six years, you may notify the Stained Glass Museum if you do not wish your data to be held by the Stained Glass Museum. You may also request details of your personal data held by the Stained Glass Museum.
For guidance on submitting individual requests for information, please contact our Data Protection Officer at dpo@stainedglassmuseum.com.
Disclosure
The Stained Glass Museum may disclose personal information if required to do so by Law or in good faith believes it is required to do so by any order of the Courts or other competent body or agency or may do so to protect or defend the rights or property of the Stained Glass Museum or to protect the personal safety of the Stained Glass Museum employees or the public at large.
Security
You are advised that the Internet is not a secure medium. The Stained Glass Museum will use reasonable endeavours to keep your information confidential. Internal procedures and policies cover the storage access and disclosure of your information. The Stained Glass Museum will not sell or pass your information on to any third parties without first obtaining your consent.
Transmission of data outside the EU
The Stained Glass Museum does not intentionally export user data outside the European Union. However, because the Internet infrastructure is global and it is not possible to predict the routes that information sent over the Internet will take, the information you provide may be transferred temporarily via a route which takes it outside the European Economic Area as it passes between you and the Stained Glass Museum. By submitting your information, you consent to this transfer.
External links
The Stained Glass Museum website has links to other websites which will have different privacy, trading and use policies and conditions and you should familiarise yourself with the same.
Last updated: 11 April 2018