PRIVACY POLICY
Introduction
The Norfolk Tank Museum takes your privacy seriously. This privacy policy sets out how we use and protect any information we obtain about you. A hard copy of our Privacy Policy is available from the Museum. This policy is effective from 31st January 2018 and will be revised periodically, at least every three years.
If you have any queries about the content of this policy, please email info@norfolktankmuseum.co.uk
- Policy Summary
We respect your privacy and take great care with the information we obtain. We only ask for personal data when it is necessary to provide you with the service you have requested, such as fulfilling your order, enquiry, subscription; or for safety and insurance purposes. We may also make your personal information anonymous to undertake statistical analysis for internal use. If we want to use your data for any purpose outside of the terms of this policy, we will ask you first.
- What is covered by this policy?
This policy covers all web pages on the Norfolk Tank Museum site (www.norfolktankmuseum.co.uk) and associated sites used specifically for NTM transactions, enquiries and subscriptions. It covers all electronic documents held by us and all paper documents held in furtherance of the running of the Norfolk Tank Museum.
This policy does not cover external sites such as Just Giving, Facebook or Twitter, who may have links on NTM pages. NTM is not responsible for the content of these sites. You should check the terms and conditions and privacy policies of the sites you visit.
- Identity of the Data Controller
The Data Controllers for NTM are the Trustees of the Norfolk Tank Museum.
- How do we collect personal information?
We respect your privacy and take great care with the information we obtain.
NTM may collect information about you via our website, information you provide to us when buying something, signing up to our Friends of Norfolk Tank Museum mailing list, making an enquiry or contacting us for any other reason, also:
- Information we gather via cookies – transactional data and information about how you arrived at the NTM website and what you did when you got here.
- Information that you provide when signing one of our consent forms for vehicle rides, stalls or displaying at one or our events.
- Information that you provide as a volunteer during induction.
- Information that you provide if you wish to join our Friends of the Norfolk Tank Museum mailing list.
- Information from the Disbarring Service in relation to volunteers who work with vulnerable adults or children.
The data collected will be dependent on how you are interacting with NTM. We only ask you to give us information about yourself when we need it, and only ask for the information which is necessary.
- What information might we collect from you?
We may ask you to provide the following minimal information in order for us to complete the service or order you have requested:
- year of birth;
- email address;
- postal address;
- telephone number (mobile and/or landline);
- preferences and interests;
- details of vehicles that you wish to display at our events;
- insurance details if you wish to display vehicles at our events or display a stall.
Any personal information you provide will be stored in a safe, confidential and secure environment. Any paper information is also stored securely.
- Debit and Credit Card Information
Debit and credit card information is not stored by NTM
All debit and credit card payments made online or over the telephone are processed in accordance with the Payment Card Industry Data Security Standards (PCI DSS). Your debit and credit card payments are processed by an approved PCI DSS payment provider and NTM does not store or have access to any card information that you provide.
Further details on PCI DSS can be found at: https://www.pcisecuritystandards.org/security_standards
- How we use the information you submit
The personal data we collect from you will be used to perform the service you require. In addition, it may be used for the following:
- General administration of the services we provide.
- For customer research: We may contact you to ask you about the service you have received, why you requested it, and how it can be improved.
- We may also use the personal information you provide, for internal purposes only, as a research tool to improve our understanding of our visitors, develop more relevant content and services, determine generally better ways to serve your needs.
Information used in this way will be made anonymous wherever possible.
If you agree, we may also use it to tell you about changes to our services, future events and developments, or about special offers we think you’ll find of interest. If you would like to receive information about these other events and services, you will need to ‘opt in’ to receive them. You can request our newsletter and become a Friend from our website.
By submitting information to us you are consenting to the management and use of your information as set out in this Privacy Policy. For your personal information to be used in any other way we must have your written consent.
- Information we collect
- Cookies on the NTM website – NTM uses cookies to understand how you access and use the NTM site. The information gathered in this way is anonymous and cannot be linked to you personally.
- Information from the Disbarring Service in relation to NTM Volunteers who work with children and vulnerable adults, with regard to our Safeguarding Policy.
- Sensitive Personal Information
If information we receive about you includes ‘Sensitive personal data’ (as defined in the General Data Protection Regulations), including information from the Disbarring Service, we will only hold that information if we have agreed it with you first. Again, we do not share information.
- Who we might have to share your information with
We do not share personal information with anyone, unless:
- You have agreed or asked us to;
- We have to do so by law;
- A government or law enforcement agency asks for it; or
- A Court orders us to share it.
- Secure Electronic Storage
We won’t normally transfer or hold your information outside the EEA.
We use cloud technology to store all of our electronic information. The technology is in compliance with the GDPR and we take all reasonable steps to ensure that your information is kept securely and only used as described within this policy.
Files within our electronic storage facility can only be accessed by those that have a need to access them. For example, people processing DBS checks, managing mailing lists, or administration of events. The facility is secured by way of password. Requests for copies of files must be made to the Data Controller or Officer who will assess the need. Any files containing personal and/or sensitive data will only be processed by the Data Officer.
- Recording Phone Calls
We do not record phone calls.
- Wealth Screening
We do not participate in wealth screening. All data is anonymised when used for internal demographic analysis.
- Security
We are committed to ensuring your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. All the information you submit to us is stored securely and managed in accordance with the General Data Protection Regulations. However, internet transmissions are never completely private or secure, and any message or information you send to NTM may be read or intercepted by others unless there is a special notice that a particular message is encrypted.
NTM will never request credit/debit card information from you via email.
Please do not send this information or other sensitive information to us via email.
You should always take the following steps when submitting personal information to any websites:
Always check the privacy policy of the website before you submit your data. Make sure you are clear about how it will be used and who the site will share it with. If you have an account, keep your password secure and do not share it. Regularly change your passwords, make them at least 8 characters and do not use obvious keywords or references. Use a mixture of characters, symbols and numbers. Don’t use the same password for different accounts. This means that whoever has access to one password can access all your online accounts. Be very careful when submitting financial information such as credit card or bank details. Only submit these via secure websites (look for the padlock in the address bar).
- Your rights
If you would like to discuss data we hold about you, please contact us in writing at our address below:
Data Controller, Norfolk Tank Museum, Station Road, Forncett St Peter, Norfolk NR16 1HZ.
If any information we hold about you is wrong, you can ask us to change it or delete it if appropriate.