Data Protection Policy

Mission Statement

The name of the Charitable Incorporated Organisation (the CIO”) is Woodbridge Tide Mill Charitable Trust

The objectives of the CIO are:

To administer the building known as the Tide Mill, of which was conveyed within a Deed dated 1^st of March 1977 in perpetuity to Woodbridge Town Council for the benefit of the public and of primarily the inhabitants of Woodbridge in the county of Suffolk as a building of historical and architectural interest, as an installation of historical and technical importance, and as a museum of social and cultural history, which should be retained for the education of the present and future generations and shall be used to provide facilities available to the inhabitants of Woodbridge and to members of the public at large for recreation or other leisure-time occupation with the object of improving the conditions of life for the persons for whom the facilities are primarily intended.

 Introduction

This policy explains how and why we use your personal data, so you can make sure you stay informed and be confident about giving us your information.

We never sell or pass on your personal data unless required by authorities for legislative or law enforcement reasons. We will only share it when it’s necessary, and the privacy and security of your data is assured.

1. Who are “we”

In this notice, whenever you see the words ‘we’, ‘us’, ‘our’ or ‘Museum’ it refers to Woodbridge Tide Mill Charitable Trust. The Museum is a Charitable Incorporated Organisation (CIO) registered with the Charity Commission. We are a ‘data controller’ under Data Protection Law. We are entered in the Information Commissioner’s Register of Data Controllers with registration number ZB290138.

2. What Personal data do we collect?

We collect and use data which identifies you, or which can be identified as relating to you personally in connection with activities such as, but not limited to, membership administration, donations, loans, volunteering, collections management and documentation, conducting research, competitions and online shop purchases.

This data will include but is not limited to, name, title, address, date of birth, age, gender, employment status, email address, and telephone numbers. Your data may be collected by us in writing, online, person or by phone.

Why do we collect personal data?

We ask for your data to fulfil our ‘legitimate interests’ in the running of our organisation. These include but are not limited to:

Membership: – Legal Bases for processing – Legitimate Interest, Legal Requirement

Gifts and donations: – Legal Bases for processing – Legal Requirement

Volunteering: – Legal Bases for processing – Legitimate Interest and Safeguarding

Online Ticketing and Online shop purchases: – Legal Bases of processing – Contract (sale of   product or service)

Salaried Staff: Legal Bases for processing – Legal Requirement

Other: – Legal Bases for processing – Legitimate Interest

3. Examples of how we use your personal data

We will only use your personal data on relevant lawful grounds as permitted by the EU General Data Protection Regulation (GDPR) UK Data Protection Act and Privacy of Electronic Communication Regulation. Personal data provided to us will be used for the purpose outlined above in a transparent manner at the time of collection or registration where appropriate, in accordance with any preferences you express. You can choose how you want to receive these communications (by email, post or phone).

Marketing communications:

We will use your details to keep in touch about things that may matter to you but we will only send you marketing information if you agree to receive it and you will be able to opt out of receiving further marketing emails at any time.

Membership:

We use the personal data you provide as a Member to send you relevant information regarding events, AGM, newsletters and membership renewal.

Fundraising, donations, legacy pledges, volunteering and sales:

If you make a monetary donation, we’ll use personal information you give us to record the nature and amount of your gift, claim Gift Aid if you’re eligible and to thank you for your gift.

If you tell us you want to fundraise to support our cause, we’ll use the personal information you give us to record your plans and contact you to support your fundraising efforts.

If we have a conversation or interaction with you (or with someone who contacts us in relation to your will, for example your solicitor), we’ll note these interactions throughout your relationship with us, as this helps to ensure your gift is directed as you wanted.

We use your personal data to manage your volunteering from your initial enquiry to when you stop volunteering, for example notifying you about your shift rota or sending out instructions.

We use personal data for taking event bookings and ticket sales. We will send you tickets or notify you that they are ready for collection.

We use personal data where online shop purchases are made. We will use the data supplied to process the transaction and to send you details of  the order dispatch.

Salaried Staff

We use the data you provide as a paid member of staff to be able to pay your salary and fulfil our legal obligation to provide the necessary information to Her Majesty’s Revenue and Customs service (HRMC) and pension providers for taxation and pension provision reasons.

4. Online data and our website

Cookies:

Cookies are small text files stored on your computer when you visit certain websites. We use first-party cookies (cookies that we have set, that can only be read by our website) to personalise your online experience. We also use third-party cookies (cookies that are set by an organisation other than the owner of the website) for the purposes of website measurement and targeted advertising. You can control the use of cookies yourself via your browser.

Links to other websites:

Our website may, from time to time, contain links to and from the websites of other organisations as well as our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and privacy notices and that we don’t accept any responsibility or liability for their policies.

Automatically collected data:

We use respected third parties to process data on our behalf, and provide below links to their respective privacy policies.

• ‘Mailchimp’ – for administering our mailing list. They will be given your email address for this purpose. [URL: https://mailchimp.com/] Privacy Policy at [https://www.intuit.com/privacy/statement]

• ‘Art Fund Tickets’ – for purchasing and delivering tickets to visit Woodbridge Tide Mill. [URL: https://woodbridge-tide-mill-museum.arttickets.org.uk/pages/privacy-policy]
• Online shop – for payment and order processing. [URL:https://www.tidemillshop.com/privacy-policy]
• ‘STRIPE’ for processing financial transactions. [URL: https://stripe.com/gb/privacy]
• Audience Finder – Where you agree to undertake a visitor experience survey. [URL:https://original.audiencefinder.org/audience-finder-privacy-notice]

5. Keeping your information

We will only use and store your information for as long as it is required, depending on the purposes for which it was collected and sometimes, statutory legal requirements. We will keep your information physically secure by taking appropriate technical and organisational measures against its unauthorised or unlawful processing and against its accidental loss, destruction or damage.

Storage of information

Your personal data may be stored in the following ways:

• Electronically on computer, and on cloud storage, and in paper format in a locked location. Electronic files containing personal data will be password protected
• Membership information is held electronically by the Membership Secretary and is password protected
• Emergency contact details for volunteers are kept securely at the Mill

Disclosing and sharing information

Personal data collected by us may be shared with the following groups:

• Museum volunteers and staff, where appropriate for operational reasons
• Audience Finder – for the processing of survey data
• Art Tickets – for the processing of ticket purchases
• Wix – for online shop transaction processing
• MailChimp – for marketing mailings

Our employees and volunteers who have access to and are associated with the processing of personal data are obliged by law to respect the confidentiality of that data.

Retention and disposal of personal data:

We will not keep personal data for any longer than is absolutely necessary. Paper-based data will be disposed of by shredding. Electronic records will be deleted from our computers. While the length of time we retain records will necessarily vary depending on specific purposes, the main parameters are as follows:

Personal data type	Storage duration
Membership forms and data	Membership data will be retained until the end of the year in which a subscription is resigned or lapsed.
Name/address of donor	Data on donors is stored in perpetuity as part of the donated object history file and transfer of title information
Name/address of lender	Data related to loans will be stored in perpetuity as part of the object history file
Volunteer data	Retained for 1 year after resignation or termination of contract for safeguarding and reference request purposes
Financial records	7 years for HMRC tax, and Gift Aid inspection purposes
Research requests and photographs	Until the request has been completed; a record of the photograph(s) and research topic may be retained.
Miscellaneous correspondence	Data is kept for operational purposes only and at the Museum’s discretion. Correspondence related to donations and loans is stored in perpetuity as part of the object history file

6. Updating your data and marketing preferences

If, at any time, you want to update or amend your personal data or marketing preferences please use the options in our electronic communications or contact us on comms@woodbridgetidemill.org.uk with your full name and full address and your request

Post:

Woodbridge Tide Mill

Tide Mill Way

Woodbridge

Suffolk

IP12 1BY

7. Your data protection rights

The Data Protection Act (2018) gives individuals the following rights regarding their personal data:

These can be found at the Information Commissioner’s Office website at:

If you would like further information on your rights or wish to exercise them, please contact us at the address or via email as shown above. You will be asked to provide the following details:

• The personal information you want to access
• The date range of the information you wish to access

We will also need you to provide information that will help us confirm your identity. If we hold personal information about you, we will give you a copy of the information in an understandable format. We will respond to your request as soon as possible. Please allow additional time for more complex requests.

What to do if you are not happy:

In the first instance, please talk to us directly using the contact information above so we can try to resolve any problem or query. You also have the right to contact the Information Commissions Office (ICO) if you have any questions about Data Protection. You can contact them using their helpline 0303 123 1113 or at www.ico.org.uk.

8. Changes to this Privacy Notice

This privacy notice will be reviewed every 3 years and amended as necessary to ensure it remains up to date and reflects how and why we use your personal data and to meet any new legal requirements.

Mission Statement

The name of the Charitable Incorporated Organisation (the CIO”) is Woodbridge Tide Mill Charitable Trust

The objectives of the CIO are:

To administer the building known as the Tide Mill, of which was conveyed within a Deed dated 1^st of March 1977 in perpetuity to Woodbridge Town Council for the benefit of the public and of primarily the inhabitants of Woodbridge in the county of Suffolk as a building of historical and architectural interest, as an installation of historical and technical importance, and as a museum of social and cultural history, which should be retained for the education of the present and future generations and shall be used to provide facilities available to the inhabitants of Woodbridge and to members of the public at large for recreation or other leisure-time occupation with the object of improving the conditions of life for the persons for whom the facilities are primarily intended.

 Introduction

This policy explains how and why we use your personal data, so you can make sure you stay informed and be confident about giving us your information.

We never sell or pass on your personal data unless required by authorities for legislative or law enforcement reasons. We will only share it when it’s necessary, and the privacy and security of your data is assured.

1. Who are “we”

In this notice, whenever you see the words ‘we’, ‘us’, ‘our’ or ‘Museum’ it refers to Woodbridge Tide Mill Charitable Trust. The Museum is a Charitable Incorporated Organisation (CIO) registered with the Charity Commission. We are a ‘data controller’ under Data Protection Law. We are entered in the Information Commissioner’s Register of Data Controllers with registration number ZB290138.

2. What Personal data do we collect?

We collect and use data which identifies you, or which can be identified as relating to you personally in connection with activities such as, but not limited to, membership administration, donations, loans, volunteering, collections management and documentation, conducting research, competitions and online shop purchases.

This data will include but is not limited to, name, title, address, date of birth, age, gender, employment status, email address, and telephone numbers. Your data may be collected by us in writing, online, person or by phone.

Why do we collect personal data?

We ask for your data to fulfil our ‘legitimate interests’ in the running of our organisation. These include but are not limited to:

Membership: – Legal Bases for processing – Legitimate Interest, Legal Requirement

Gifts and donations: – Legal Bases for processing – Legal Requirement

Volunteering: – Legal Bases for processing – Legitimate Interest and Safeguarding

Online Ticketing and Online shop purchases: – Legal Bases of processing – Contract (sale of   product or service)

Salaried Staff: Legal Bases for processing – Legal Requirement

Other: – Legal Bases for processing – Legitimate Interest

3. Examples of how we use your personal data

We will only use your personal data on relevant lawful grounds as permitted by the EU General Data Protection Regulation (GDPR) UK Data Protection Act and Privacy of Electronic Communication Regulation. Personal data provided to us will be used for the purpose outlined above in a transparent manner at the time of collection or registration where appropriate, in accordance with any preferences you express. You can choose how you want to receive these communications (by email, post or phone).

Marketing communications:

We will use your details to keep in touch about things that may matter to you but we will only send you marketing information if you agree to receive it and you will be able to opt out of receiving further marketing emails at any time.

Membership:

We use the personal data you provide as a Member to send you relevant information regarding events, AGM, newsletters and membership renewal.

Fundraising, donations, legacy pledges, volunteering and sales:

If you make a monetary donation, we’ll use personal information you give us to record the nature and amount of your gift, claim Gift Aid if you’re eligible and to thank you for your gift.

If you tell us you want to fundraise to support our cause, we’ll use the personal information you give us to record your plans and contact you to support your fundraising efforts.

If we have a conversation or interaction with you (or with someone who contacts us in relation to your will, for example your solicitor), we’ll note these interactions throughout your relationship with us, as this helps to ensure your gift is directed as you wanted.

We use your personal data to manage your volunteering from your initial enquiry to when you stop volunteering, for example notifying you about your shift rota or sending out instructions.

We use personal data for taking event bookings and ticket sales. We will send you tickets or notify you that they are ready for collection.

We use personal data where online shop purchases are made. We will use the data supplied to process the transaction and to send you details of  the order dispatch.

Salaried Staff

We use the data you provide as a paid member of staff to be able to pay your salary and fulfil our legal obligation to provide the necessary information to Her Majesty’s Revenue and Customs service (HRMC) and pension providers for taxation and pension provision reasons.

4. Online data and our website

Cookies:

Cookies are small text files stored on your computer when you visit certain websites. We use first-party cookies (cookies that we have set, that can only be read by our website) to personalise your online experience. We also use third-party cookies (cookies that are set by an organisation other than the owner of the website) for the purposes of website measurement and targeted advertising. You can control the use of cookies yourself via your browser.

Links to other websites:

Our website may, from time to time, contain links to and from the websites of other organisations as well as our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and privacy notices and that we don’t accept any responsibility or liability for their policies.

Automatically collected data:

We use respected third parties to process data on our behalf, and provide below links to their respective privacy policies.

• ‘Mailchimp’ – for administering our mailing list. They will be given your email address for this purpose. [URL: https://mailchimp.com/] Privacy Policy at [https://www.intuit.com/privacy/statement]

• ‘Art Fund Tickets’ – for purchasing and delivering tickets to visit Woodbridge Tide Mill. [URL: https://woodbridge-tide-mill-museum.arttickets.org.uk/pages/privacy-policy]
• Online shop – for payment and order processing. [URL:https://www.tidemillshop.com/privacy-policy]
• ‘STRIPE’ for processing financial transactions. [URL: https://stripe.com/gb/privacy]
• Audience Finder – Where you agree to undertake a visitor experience survey. [URL:https://original.audiencefinder.org/audience-finder-privacy-notice]

5. Keeping your information

We will only use and store your information for as long as it is required, depending on the purposes for which it was collected and sometimes, statutory legal requirements. We will keep your information physically secure by taking appropriate technical and organisational measures against its unauthorised or unlawful processing and against its accidental loss, destruction or damage.

Storage of information

Your personal data may be stored in the following ways:

• Electronically on computer, and on cloud storage, and in paper format in a locked location. Electronic files containing personal data will be password protected
• Membership information is held electronically by the Membership Secretary and is password protected
• Emergency contact details for volunteers are kept securely at the Mill

Disclosing and sharing information

Personal data collected by us may be shared with the following groups:

• Museum volunteers and staff, where appropriate for operational reasons
• Audience Finder – for the processing of survey data
• Art Tickets – for the processing of ticket purchases
• Wix – for online shop transaction processing
• MailChimp – for marketing mailings

Our employees and volunteers who have access to and are associated with the processing of personal data are obliged by law to respect the confidentiality of that data.

Retention and disposal of personal data:

We will not keep personal data for any longer than is absolutely necessary. Paper-based data will be disposed of by shredding. Electronic records will be deleted from our computers. While the length of time we retain records will necessarily vary depending on specific purposes, the main parameters are as follows:

Personal data type	Storage duration
Membership forms and data	Membership data will be retained until the end of the year in which a subscription is resigned or lapsed.
Name/address of donor	Data on donors is stored in perpetuity as part of the donated object history file and transfer of title information
Name/address of lender	Data related to loans will be stored in perpetuity as part of the object history file
Volunteer data	Retained for 1 year after resignation or termination of contract for safeguarding and reference request purposes
Financial records	7 years for HMRC tax, and Gift Aid inspection purposes
Research requests and photographs	Until the request has been completed; a record of the photograph(s) and research topic may be retained.
Miscellaneous correspondence	Data is kept for operational purposes only and at the Museum’s discretion. Correspondence related to donations and loans is stored in perpetuity as part of the object history file

6. Updating your data and marketing preferences

If, at any time, you want to update or amend your personal data or marketing preferences please use the options in our electronic communications or contact us on comms@woodbridgetidemill.org.uk with your full name and full address and your request

Post:

Woodbridge Tide Mill

Tide Mill Way

Woodbridge

Suffolk

IP12 1BY

7. Your data protection rights

The Data Protection Act (2018) gives individuals the following rights regarding their personal data:

These can be found at the Information Commissioner’s Office website at:

If you would like further information on your rights or wish to exercise them, please contact us at the address or via email as shown above. You will be asked to provide the following details:

• The personal information you want to access
• The date range of the information you wish to access

We will also need you to provide information that will help us confirm your identity. If we hold personal information about you, we will give you a copy of the information in an understandable format. We will respond to your request as soon as possible. Please allow additional time for more complex requests.

What to do if you are not happy:

In the first instance, please talk to us directly using the contact information above so we can try to resolve any problem or query. You also have the right to contact the Information Commissions Office (ICO) if you have any questions about Data Protection. You can contact them using their helpline 0303 123 1113 or at www.ico.org.uk.

8. Changes to this Privacy Notice

This privacy notice will be reviewed every 3 years and amended as necessary to ensure it remains up to date and reflects how and why we use your personal data and to meet any new legal requirements.