Woodbridge Tide Mill Charitable Trust
The Woodbridge Tide Mill Shop
1. About us
The Woodbridge Tide Mill Charitable Trust (WTMCT) seeks to preserve and develop the Tide Mill and its Collections as living links to the agricultural, industrial, and maritime heritage of Woodbridge, and to its cultural and social history. The museum endeavours to provide an accessible heritage experience that entertains, educates and inspires all its visitors.
The official address of the Tide Mill Charitable Trust (WTMCT), is Tide Mill Way, Woodbridge, Suffolk, IP12 1BY.
When we talk about “you” or “your” in this policy we mean any living person whose personal data we collect.
When we talk about “Members” and “Membership” we are referring to subscribing members of the Friends of the Tide Mill Scheme.
2. Your Personal Data
We collect “personal data”, which is information that identifies a living person, or which can be identified as relating to a living person.
3. Personal data we hold
We hold the following categories of personal data:
3.1 Personal data you provide
We collect data you provide to us. This includes information you give when you communicate with us, apply for membership, purchase, products or services, sign up to receive communications from us, or make a donation. For example we may hold:
a) personal details, (name, gender, date of birth, email, address, telephone etc.)
b) family and spouse/partner or next of kin details
c) financial information (such as Credit/debit card or direct debit details, and whether your donations are gift-aided)
d) your response to the use of a contact form or use of email communication with us
e) details of the ways in which you wish to be contacted by us
3.2. Personal data generated by your involvement with the Museum
Your activities and involvement with the Museum will result in personal data being generated. This could include:
where you have asked us for information or written to us;
your visits to our websites
your purchasing history;
3.3. Personal data from third parties
We sometimes receive personal data about you from third parties, for example, if we are partnering with another organisation or where we may use third parties to help us conduct research and analysis about you to determine the success of our public offer and to help us provide you with a better experience (and this can result in new personal data being created).
We may collect information from social media about you, or if you post on any of our social media pages.
3.4. Special category (‘sensitive’) personal data
We do not normally collect or store special categories of personal data.
4. How we use your personal data
4.1. General use
We only ever use your personal data with your consent, or where it is necessary in order to:
enter into, or perform, a contract with you;
comply with a legal duty;
protect your vital interests;
carry out a task in the public interest; or
for our own (or for a third party’s) legitimate interests, provided your rights do not override these interests.
In any event, we will only use your personal data for the purpose or purposes for which it was obtained.
We use your personal data to communicate with you in order to promote our activities and events and to help with fundraising. This includes keeping you up to date with our events and products in our shops, and to send you general information about fundraising, membership and other ways you may be able to support us or benefit from The Woodbridge Tide Mill Charitable Trust (WTMCT).
We use your personal data for administrative purposes including:
receiving donations (e.g. direct debits or gift-aid instructions)
maintaining databases of our Members and other supporters
processing membership subscriptions
performing our obligations under Membership contracts and other supporters’ agreements
processing enquiries and requests for information;
managing feedback, comments and complaints we receive;
fulfilling orders for tickets, goods or services (whether placed online, over the phone or in person);
helping us respect your choices and preferences;
5. Disclosing and sharing your personal data
We will never sell your personal data.
We use payment processors for the handling of payments and email providers for our marketing communications. Information is transferred to data processors securely, and we retain full responsibility for your personal data as the data controller. These activities are carried out under a contract which imposes strict requirements on our suppliers to keep your personal data confidential and secure.
We may share your personal data where required to do so for prevention of crime or for taxation purposes (for example, with the police, HMRC) or where otherwise required to do so by other regulators or by law (e.g. the Charity Commission, Companies House).
6. Children and young people
6.1. Information for parents and guardians
We take great care to protect and respect the rights of individuals in relation to their personal data, especially in the case of those aged 13 or younger.
We will not use the personal data of children or young people for marketing purposes and we will not profile it.
Personal data about children and young people is only accessible by our staff on a strictly need to know basis.
7. Data security
We employ a variety of physical and technical measures to protect information we hold and to prevent unauthorised access to, or use or disclosure of your personal data.
Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means). Staff receive data protection training and we maintain a set of data protection procedures which our staff are required to follow when handling personal data.
7.2. Payment security
All electronic forms that ask you for your financial data will use the Secure Sockets Layer (SSL) protocol to encrypt the data between your browser and our servers.
If you use a payment card to donate, to buy Membership or to purchase something from us on-line, you will process your payment card details securely with our payment provider. We comply with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council.
8. Storing your personal data
8.1. Where we store data
We are wholly based in the UK and store data within the European Economic Area. Some organisations which provide data processing services to us do so under contract and may be based outside of the EEA. We will only allow them to do so if your data is adequately protected.
8.2. Retention of your personal data
We will only retain your personal data for as long as it is required for the purposes for which we collected it (e.g. we have a genuine and legitimate reason and we’re not harming any of your rights and interests).This will depend on our legal obligations and the nature and type of information and the reason for which we collected it. For example, should you ask us not to send you marketing emails, we will stop storing your email address for marketing purposes; however we will need to keep a record of your preference.
We continually review what information we hold and will delete personal data which is no longer required.
9. Control of your personal data
9.1. Your rights
We want to ensure you remain in control of your personal data and that you understand your legal rights, which are:
a) the right to know whether we hold your personal data and, if we do so, to be sent a copy of the personal data that we hold about you (a “subject access request”) within one month
b) the right to have your personal data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason)
c) the right to have inaccurate personal data rectified
d) the right to object to your personal data being used for marketing or profiling; and
(where technically feasible) the right to be given a copy of personal data that you have provided to us (and which we process automatically on the basis of your consent or the performance of a contract) in a common electronic format for your re-use.
There are some exceptions to the rights above and, although we will always try to respond to any instructions you may give us about our handling of your personal information, there may be situations where we are unable to meet your requirements in full.
If you would like further information on your rights or wish to exercise them, please contact our Data Protection Controller at the address below.
Should you wish to make a subject access request, we can provide you with a template form which includes guidance on how to do this. Please contact us for a copy of the template for a subject access request.
Should you have a complaint about how we have used (‘processed’) your personal data, you can complain to us directly by contacting our Data Protection Controller in the first instance.
If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to the UK Information Commissioner’s Office which regulates and enforces data protection law in the UK. Details of how to do this can be found at www.ico.org.uk
Our websites use local storage (such as cookies) in order to provide you with the best possible experience and to allow you to make use of certain functionality (such as being able to shop online).
11. Links to other sites
Our websites contain links to other external websites. We are not responsible for the content or functionality of any such websites. Please let us know if a link is not working by contacting firstname.lastname@example.org
or email email@example.com
Your data may also be available to our website provider to enable us and them to deliver their service to us, carry out analysis and research on demographics, interests and behaviour of our users and supporters to help us gain a better understanding of them to enable us to improve our services. This may include connecting data we receive from you on the website to data available from other sources. Your personally identifiable data will only be used where it is necessary for the analysis required, and where your interests for privacy are not deemed to outweigh their legitimate interests in developing new services for us. In the case of this activity the following will apply:
A). Your data will be made available to our website provider
C). Our website provider will not transfer your data to any other third party, or transfer your data outside of the EEA.
D). They will store your data for a maximum of 7 years.