Back

Data Protection and Privacy Policy

This policy sets out People’s History Museum’s (PHM) obligations to protect, store and manage your data correctly under UK and EU data protection law.

Please note that, whilst every effort is made to ensure the accuracy of the material included on this site, it is made available for general information only and does not constitute professional or legal advice.

We do not warrant that the operation of this website will be uninterrupted or error free, that defects will be corrected, or that this site or the server that makes it available are free of viruses or represent the full functionality, accuracy, reliability of the materials. In no event will we be liable for any loss or damage including, without limitation, loss of profits, indirect or consequential loss or damage, or any loss or damages whatsoever arising from use, or loss of use of, data, arising out of, or in connection with, the use of this website.

These terms and conditions shall be governed by and construed in accordance with the laws of England and Wales. Any dispute arising under these terms and conditions shall be subject to the exclusive jurisdiction of the courts of England and Wales.

Your personal data

When we talk about “personal data”, we mean information that identifies a living person, or which can be identified as relating to a living person. When we talk about “you” or “your” in this notice, we mean any living person whose personal data we collect.

Storing your data

PHM uses a number of databases to store data for different purposes, for example fundraising, commercial income, ticketing and financial operations. Trained members of staff access these databases across the organisation in a secure environment.

We have a legal duty to protect any information we collect from you and to prevent any unauthorised access to or use of that information. We do not pass your details to any third party unless you give us permission to do so. We use only trusted third party solutions to deliver different aspects of your relationship with us, for example the delivery of e-newsletters. We follow current UK and EU data protection law.

Your relationship with us and your data are extremely important to us and we take all necessary steps to protect your data. We will never sell your personal data.

Lawful purposes for processing data

At PHM, the following is a non-exhaustive list of the types of data we expect to process and corresponding lawful purposes for the processing of this data. The information we collect as described below is used for the purposes for which it was collected and the purposes for which you gave consent and for no other:

 

Consent

·         E-newsletter subscriber’s data

·         Fundraising subscriber’s data for appeals and campaigns

·         Data of members of PHM

·         Event invitees and attendees

·         Contractor information/supply of goods and services

Primary Purpose

·         Acquisitions

·         Research and collections

·         Managing custody of our collection including our intellectual property rights

·         Display of collections

·         Processing enquiries and requests for information

·         Managing your visit to PHM

Legitimate Interest

·         Data from purchases for example tickets and merchandise

·         Data of donors to PHM

·         Data of visitors to our websites, as set out below in the section ‘our websites and apps’

·         Stakeholders information

As you can see we have a number of lawful reasons for using (or ‘processing’) your personal information. One of these lawful reasons is ‘legitimate interest’. Broadly speaking legitimate interest means that we can process your personal information if we have a genuine, legitimate reason and we are not harming any of your rights and interests.

Some typical examples of when we might use this approach are for:

  • Sending postal invitations to those people who would expect to receive them because they have a relationship with PHM
  • Sending occasional letters about fundraising to those who would expect to receive them, for example long-standing donors of PHM with whom we still have a relationship
  • Holding data on ticket and merchandise purchases, for the purposes of accounting and delivery of services purchased
  • Holding data of donors for accounting and fundraising purposes
  • Holding data of stakeholders to ensure they can have a mutually beneficial relationship with PHM

Occasionally we conduct a reasonable amount of research on individuals who would reasonably expect that we will have an interest in them, for example those who have a well-known interest in certain causes or subject matters that relate to our fundraising activities or who are publicly known to be philanthropists of the arts. We will only use information that has been made publicly available by the individual themselves.

Developing a good understanding of potential supporters through data about them allows us to fundraise more efficiently.

Children’s data

Children’s records are only created for the purposes of delivering the benefits of family membership, under the express permission of the parent or guardian and will not be used for any purpose other than the delivery of the membership benefits, for example to produce and administer a membership card. Children will not be contacted separately by PHM; the communications for their membership benefits is always through the parent or guardian. When a membership is renewed, consent for a child’s membership record to remain is re-sought.

Our websites and apps

Please note that this privacy statement applies to this website only.

Terms and conditions
Using our website

You may use the PHM website subject to the terms and conditions set out on this page. Access and use by you to the PHM website constitutes acceptance by you of the terms and conditions in force at the time of use.

Intellectual property
You may not copy, reproduce, republish, download, post, broadcast, transmit, make available to the public, or otherwise use the site content in any way except for your own personal, non-commercial use. You also agree not to adapt, alter or create a derivative work from any of the site content except for your own personal, non-commercial use. Any other use of the site content requires the prior written permission of the PHM.

PHM is not responsible for the contents or reliability of any site to which it is linked and does not necessarily endorse the views expressed within them. Linking to or from this site should not be taken as endorsement of any kind. We only link to our sponsoring bodies, exhibition and museum partners and other government departments.

Virus protection
We cannot accept any responsibility for any loss, disruption or damage to your data or your computer system which may occur whilst using material derived from this website.

Enquiries and comments about our websites and apps

You can send us your enquiries and comments directly through our website. You can also contact us by post (see address at the end of this document). If you use a contact form on the website you do not need to give any personal information, e.g. your email address or name, unless you want us to respond to your enquiry, in which case you should provide us with your email address as a minimum. When dealing with your enquiry we do not pass any personal information outside our organisation, nor do we use that information for any other purpose without first seeking your permission. If you require a response from us, we will need to record your personal contact details to be able to reply to you and to track the progress of your request.

Cookies

Cookies are pieces of data that can be automatically created on your computer or device when you visit a website or use an app. They are small text files that help us to understand how the website or app is being used by our visitors. You may refuse the use of cookies on our websites by choosing the appropriate settings on your browser, however some functionality may be lost.

We do not collect any information about your use of cookies. Cookies on our websites are not persistent (i.e. once you close the browser window they are no longer active).

However, occasionally we use retargeting, which does use persistent cookies. This means that if you accept the use of cookies on our websites, you may see adverts for PHM content elsewhere on the web. You can opt-out of the collection and use of information for advert targeting by visiting:

http://www.youronlinechoices.eu/ or www.aboutads.info/choices.

Google Analytics

Our websites uses Google Analytics, a digital analytics service provided by Google. This helps us to analyse how our visitors use our websites and apps so that we can improve them for future visitors.

Google Analytics mainly uses first-party cookies to report on user interactions on Google Analytics customers’ websites. These cookies are used to store non-personally identifiable information.

We also use some Google Analytics Advertising Features for products like Google AdWords to display PHM marketing material.

Retention of data

PHM ensures that personal data is not stored for longer than necessary for:

  • Achieving the purpose the data was collected for
  • Providing you with the goods, services or information you have requested
  • The administration of your relationship with PHM
  • Complying with the law
  • Ensuring PHM does not communicate with individuals who have requested no further communication.

We destroy non-relevant paper files at regular intervals and electronic information is stored securely. Under the General Data Protection Regulation you have the right to the erasure of all of your data we hold. When we receive a request for the erasure of data we will comply with this request within 14 working days. As a Data Controller, PHM must maintain a suppression list containing details of individuals who have asked not to receive direct marketing materials, in order to ensure the individual’s wishes are recorded, no future communications are sent out and also to make sure a record of past communication exists.

Data cleansing

PHM is dedicated to ensuring all data entry is accurate and that all databases are secure and confidential. UK and EU data protection law requires that all data held on individuals is as accurate and as up-to-date as possible.

Donors updated under data cleansing processes will remain as inactive records on the database as a safeguard so we do not add the same people to the database again and so there is a record of why people are excluded from mailings/not contacted again about a project they have previously expressed interest in or donated to.

PHM only stores data that is not excessive for the purposes for which it was acquired and makes sure data stored is adequate and relevant for the purposes of processing.

Consent management

When you give us your data:

  • We keep a record of when and how we got consent from you.
  • We keep a record of exactly what you were told at the time of giving us your data.
  • We regularly review consents to check that the relationship, the processing and the purposes have not changed.
  • We have processes in place to refresh consent at appropriate intervals, including any parental consents.
  • We consider using privacy dashboards or other preference-management tools as a matter of good practice.
  • We make it easy for you to withdraw your consent at any time, and publicise how to do so.
  • We act on withdrawals of consent as soon as we can.
  • We do not penalise individuals who wish to withdraw consent.

We ensure a data protection statement and clear opt-in options are present at the point of any data collection. Individuals are also given the option to update their mailing preferences or unsubscribe at regular intervals.

Specific consent given for communications remains the same until the individual contacts us to change their options or unsubscribe from PHM communications, or until such time as consent will need to be renewed for it to be lawful under UK and EU data protection law. 14 days after a removal request no mailings will be received again from PHM.

External partners

For certain projects, PHM engages the services of trusted external partners, for example for data cleansing and delivery of e-newsletters. When we engage the services of these organisations, we make sure we have a data processor/controller agreement in place to ensure strict data protection procedures are being adhered to.

When partner organisations offer contact information of people who are to be invited to an event, we do not add them to our mailing lists or indeed to our database apart from as a participant of the specific event. We do not count these people as having a relationship with PHM unless they respond to this invitation, giving consent for specific future contact options; at this point we add them to the database because they have requested this.

Links to other sites

Our website may contain links to other external websites. We are not responsible for the content or functionality of any such website.

If a third party website requests personal data from you (e.g. in connection with goods or services), the information you provide will not be covered by PHM’s privacy rules. We suggest you read the privacy notice of any other website before providing any personal information.

Government processing of personal data

In exceptional circumstances it may be necessary for us to share personal information with the government if this is necessary for the exercise of any functions of the Crown, a Minister of the Crown or a government department. This may include funding and grant applications.

CCTV

PHM’s premises are protected by CCTV, and in specific areas facial recognition capturing technology is in place, so you may be recorded when you visit PHM. CCTV images are being monitored and may be recorded for the purpose of public safety, crime prevention, detection and prosecution of offenders.

The system is managed in accordance with our standard operating procedures and with good practice guidance issued by issued by the Information Commissioner’s Office. CCTV images will only be accessed by authorised staff and are stored for up to 30 days, unless flagged for review.

Security and filing issues

We have security measures in place to protect against the loss, misuse and alteration of personal data held by PHM. All systems and databases are UK and EU data protection law compliant.

Databases are password protected where possible and passwords are changed on a regular basis and have strict structure criteria. Email updates for databases are taken care of in a timely manner and filed in an archive folder for future reference until such time this filing is in violation of data retention timescales, at which point the data is deleted.

Papers to be destroyed which contain personal data from the database are shredded, never thrown away. Paper forms used for sign up to e-newsletters in one of our venues are kept securely in central locations until such time they can be destroyed because the data retention period has come to an end.

All personal data is stored in a secure environment.

Online data collection and the Privacy and Electronic Communications Regulations(PECR)

We aim to ensure that people joining the e-newsletter mailing lists are aged 18 or over, but all our publications, events and exhibitions are designed to be enjoyed by a Family audience.

In accordance with The Privacy and Electronic Communications (EC Directive) Regulations 2003, we collect explicit consent from someone to use their email address for specific purposes. This means we have received explicit consent from the individual for specific purposes. If an individual unsubscribes from an e-newsletter we take action to comply with the request within a reasonable amount of time and update the database to reflect the individual’s new preferences.

Your rights

We want to ensure you remain in control of your personal data and that you understand your legal rights, which are:

  • the right to know whether we hold your personal data and, if we do so, to be sent a copy of the personal data that we hold about you (a “subject access request”) within 30 days;
  • the right to have your personal data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason);
  • the right to have inaccurate personal data rectified;
  • the right to object to your personal data being used for marketing or profiling; and
  • (where technically feasible) the right to be given a copy of personal data that you have provided to us (and which we process automatically on the basis of your consent or the performance of a contract) in a common electronic format for your re-use.

There are some exceptions to the rights above and, although we will always try to respond to any instructions you may give us about our handling of your personal information, there may be situations where we are unable to meet your requirements in full.

If you would like further information on your rights or wish to exercise them, please contact our Data Protection Officer using the details at the end of this policy.

Our rights

PHM as a Data Controller is accountable for compliance with the data protection principles under EU and UK Data Protection laws, in respect of lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; and integrity and confidentiality.

How to get access or make changes to your data

To request a copy of your data held by PHM or to make changes to it simply contact our Data Protection Officer. If you want to make a comment or complaint to us about any aspect of our activities relating to your personal data, you should also contact the Data Protection Officer.

The registered Data Protection Officer is the Executive Support Officer.

Charlie.corkin@phm.org.uk

People’s History Museum

Left Bank

Spinningfields

Manchester

M3 3ER

Changes to this privacy notice

If we change our approach to the use of personal data we will amend this notice to ensure it remains as up-to-date as possible. Any changes will be published on our website.