Any questions regarding this Policy should be sent by email to firstname.lastname@example.org
The Russell-Cotes became a public museum in 1922, having been donated to the people of Bournemouth by its founders in 1908, and became a registered charity in 1962 (number 306288). Its aim is to inspire and enrich the lives of Bournemouth’s residents and visitors by creating a cultural flagship around a unique historic house and international art collections, and ensure that these are housed in safety, conserved, curated, researched and exhibited.
The address is Russell-Cotes Art Gallery and Museum, East Cliff Promenade, Bournemouth, BH1 3AA
Personal data we hold
We collect data you provide to us. This includes information you give when you communicate with us, apply for membership, purchase tickets, sign up to receive communications from us, make a Gift Aid donation, apply for employment, volunteer or enter into a contract with us. For example we may hold:
- personal details (name, gender, date of birth, email, address, telephone etc.)
- family and spouse/partner or next of kin details
- financial information (such as credit/debit card or direct debit details, and whether your donations are gift-aided);
- your enquiry or response to an event, access to information, or your intention to meet a member of our staff;
- details of the ways in which you wish to be contacted by us.
- your visits to our websites (e.g. IP address, and information regarding what pages are accessed, when and in what order for anonymous analysis)
- images of you captured by our CCTV systems (we use CCTV to help provide a safe and secure environment for visitors, for our staff and for the collection and to prevent or detect crime. The system is managed in accordance with our standard operating procedures and with good practice guidance issued by the Information Commissioner’s Office. CCTV images will only be accessed by authorised security staff and are stored for up to 30 days, unless flagged for review.)
If you purchase Museum membership as a gift for someone, your details will be recorded (as will the recipient’s) and your relationship to that person will be recorded.
We do not normally collect or store sensitive data. However there are some situations where we may need to do so. These may include, for example, if you work or volunteer with us or apply to do so, or if we need to know about any access, medical or dietary requirements you, or someone in your care, may have.
How we use your data
We only ever use your personal data with your consent, or where it is necessary in order to:
- enter into, or perform, a contract with you;
- comply with a legal duty;
- protect your vital interests;
- carry out a task in the public interest; or
- for our own (or for a third party’s) legitimate interests, provided your rights do not override these interests.
We will only use your personal data for the purpose or purposes for which it was obtained.
Where consent has been given, we use your personal data to communicate with you in order to promote our activities and events and to help with fundraising. This includes keeping you up to date with our exhibitions and events, and to send you general information about fundraising, membership and other ways you may be able to support us or benefit from the Russell-Cotes.
Application to membership of the Friends of the Russell-Cotes includes the consent to receive the bi-monthly Friends newsletter by email, you can choose to unsubscribe from this at any time.
We use your personal data for administrative purposes including:
- receiving donations (e.g. direct debits or gift-aid instructions);
- maintaining databases of our Friends, Annual Pass holders and other supporters;
- processing membership subscriptions;
- performing our obligations under membership contracts and other supporters’ agreements;
- managing custody of our collection including our intellectual property rights;
- carrying out due diligence to meet our compliance duties (for example, before making any acquisition into our collections, accepting financial support or making agreements for the supply of goods and services);
- processing enquiries and requests for information;
- managing feedback, comments and complaints we receive;
- fulfilling orders for tickets, goods or services (whether placed online, over the phone or in person);
- helping us respect your choices and preferences;
- recruitment and staff management including pay, tax and pensions administration;
- management of suppliers of goods and services;
- managing your visit to the Russell-Cotes (e.g. health and safety, security, lost property, cloakroom and incident management)
Disclosing and sharing your data
We will never sell your personal data.
If you have opted-in to marketing, we may contact you with information about our selected partners. These communications will always come from us and will be incorporated into our own marketing.
We use a software provider for our marketing communications. Information is transferred to data processors securely, and we retain full responsibility for your personal data as the data controller. These activities are carried out under a contract which imposes strict requirements on our suppliers to keep your personal data confidential and secure.
We may share your personal data where required to do so for prevention of crime or for taxation purposes (e.g. with the police, HMRC) or where otherwise required to do so by other regulators or by law (e.g. the Charity Commission, Companies House).
Children and Young People
We take great care to protect and respect the rights of individuals in relation to their personal data, especially in the case of those aged 15 or younger.
We will not use the personal data of children or young people for marketing purposes.
Personal data about children and young people is only accessible by relevant staff on a strictly need to know basis.
We employ a variety of physical and technical measures to protect information we hold and to prevent unauthorised access to, or use or disclosure of your personal data.
Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means). Relevant staff receive data protection training and we maintain a set of data protection procedures which our staff are required to follow when handling personal data.
The purchase of tickets and memberships online is run by the Art Fund’s portal Art Tickets, who take steps to ensure that it’s treated securely. Any sensitive information (such as credit or debit card details) is encrypted and protected. To see their privacy and data policy please visit here.
Storing your data
We will only retain your personal data for as long as it is required for the purposes for which we collected it (e.g. we have a genuine and legitimate reason and we’re not harming any of your rights and interests). This will depend on our legal obligations (e.g. Gift Aid) and the nature and type of information and the reason for which we collected it. For example, should you ask us not to send you marketing emails, we will stop storing your email address for marketing purposes; however we may need to keep a record of that preference.
We review what information we hold and will delete personal data which is no longer required.
Control of your data
We want to ensure you remain in control of your personal data and that you understand your legal rights, which are:
- the right to know whether we hold your personal data and, if we do so, to be sent a copy of the personal data that we hold about you (a “subject access request”) within one month;
- the right to have your personal data erased (although this will not apply where it is necessary for us to continue to use the data for legal reasons);
- the right to have inaccurate personal data rectified;
- the right to object to your personal data being used for marketing;
- (where possible) the right to be given a copy of personal data that you have provided to us
There are some exceptions to the rights above and, although we will always try to respond to any instructions you may give us about our handling of your personal information, there may be situations where we are unable to meet your requirements in full.
If you would like further information on your rights or wish to exercise them, please contact email@example.com
Should you have a complaint about how we have used (‘processed’) your personal data, you can complain to us directly by contacting our Data Protection Officer in the first instance.
If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to the UK Information Commissioner’s Office which regulates and enforces data protection law in the UK. Details of how to do this can be found at www.ico.org.uk. In the unlikely event that a data breach incident occurs which places your personal data at risk, we will notify both you as the affected individual and the ICO of the breach not later than 72 hours after having become aware of it.
Our website uses local storage (such as cookies) in order to provide you with the best possible experience and to allow you to make use of certain functionality, as well as compiling statistical reports on website activity. Further information on cookies and how you can remove them from your browser can be found at www.aboutcookies.org.
Links to other sites
Policy updated May 2018