Website Privacy Notice

Privacy Notice for Website Visitors

The St Andrews Heritage Museum and Gardens is committed to respecting the privacy rights of all visitors to our website. We comply with data protection laws at all times and have set out this Privacy Notice to explain what personal data we collect, why we collect it, how we protect it, and to explain your rights.

Personal data we collect

We collect the following data about you:

  • your name, e-mail address, contact details and communication preferences when you complete forms on our website;
  • a range of information about you in our volunteer registration form which is optional and only used to help you to volunteer.

Our website is not intended for use by children and as such we do not knowingly collect data relating to children.

How we protect your data

We are committed to keeping your data secure. We use encryption for web traffic to and from our website and we store any data provided through our website in secure computer systems that only authorised staff and volunteers have access to. Our data is backed up and we have secure systems in place to prevent hackers, viruses and similar from accessing our systems and data. We also have a range of policies and procedures for our staff and volunteers, with ongoing training, to ensure your data is kept safe and only used in accordance with this Privacy Notice.

How we use your data

We use your data for four reasons:

  • to provide information, support and services to you;
  • to manage customer service interactions with you;
  • to subscribe you to our mailing list and send you relevant information by e-mail.

When and how we might share your data

We will never sell your personal data. We share limited data for limited purposes. There are two different sets of data sharing involving personal data collected through our website:

  • Contact information you provide for our mailing list – we share this information with MailChimp, the third party mailing list software we use.
  • Contact information you provide to seek help/support/information/provide feedback/make a complaint – we store this in computer systems provided by third parties for processing, storage and archive purposes. We use Quest IT to provide technical support. The agreement we have in place with them prevents them from using or sharing your personal data for any purpose.

How long we keep your data

We only keep your data for as long as we need to. More specifically:

  • mailing list subscription – we will retain this data until you unsubscribe from our mailing list (every mailing list e-mail you receive from us will have a link allowing you to easily unsubscribe);
  • customer enquiry information – we will retain this for not more than 2 years after you last contacted us – we only keep personal data for the current financial year and the previous financial year.

Legal basis for using your data

We generally rely on your consent to use your personal data in relation to monitoring website usage and sending you direct e-mails through our mailing list, or providing customer care, information or support should you choose to contact us directly through our website.

We also process your data because it is in our legitimate interests that we do so, namely:

  • promoting, marketing and advertising our products and/or services;
  • sending information to you by e-mail or text message about our products and/or services;
  • protecting the Charity, our people, volunteers, funders, partners and clients/customers/service users by taking appropriate legal action against third parties who have committed criminal acts;
  • fulfilling our duties to our customers/clients/service users.

Your legal rights

You have the following rights:

  • the right to ask what personal data we hold about you;
  • the right to ask us to update and correct or delete any out-of-date or incorrect personal data that we hold about you;
  • the right to opt out of any marketing communications that we may send you.

To exercise any of the above rights please contact the Trust Administrator. You also have the right to lodge a complaint with the Information Commissioner’s Office (the supervising authority for data protection in the UK). To do that please visit their website at https://ico.org.uk/concerns/

Reviewing and changing how we use data

This Privacy Notice was last updated on 11/03/2021.

We regularly review our use of personal data to ensure that what we do continues to be fair, transparent, safe and legal. The Charity sometimes change software or technologies, or how we work, and this may result in us changing what data we collect and/or how we use it. We will only use your data for the purposes set out above. If we want to use your data for any other purpose we will contact you and seek your express permission before we conduct any such processing.

We will always seek to minimise the amount of data we collect and use, and to only keep it for as long as we need to.

Whenever any change is made to how we collect or use personal data we will update this Privacy Notice and any other relevant policies.

How to find out more or to make a complaint

We’ve endeavoured to make this Privacy Notice clear, informative and understandable, but if it is not then please contact us and we shall provide further information as required. We will also look to improve the wording of this Privacy Notice, based on feedback.

To provide feedback, ask for more details or to make a complaint about our collection or use of your personal data then please contact the Trust Administrator.

You can also complain to the Information Commissioner’s Office in the UK – please visit their website to see how you can do that.