You can visit our website without giving us your personal data, but we may collect personal information about you when you request a specific service using online forms and every time you email us your details. We use this information to:
- contact you to respond to your queries (if you email us with a question, for example)
- provide you with services (send you an email bulletin or enable your progress through an online course, for example)
- compile anonymised statistics about the use and value of our service
When signing up to receive email news (direct marketing):
If you want to receive information via email from us about a specific service we will need to collect the personal information outlined below. If you supply us with details about your interests we may use this information to send you tailored information relevant to these preferences. Unless you withdraw your consent, we’ll keep a record of previous communications and other relevant details in order to optimise the services we recommend to you in the future.
Email newsletters from Museums and Archives
For receiving email newsletters we’ll need to collect your name and email address.
Learning e-newsletter and other learning opportunities
For teachers and other educators, as well as your own name and email we may also record your school or organisation name. If you provide us with an address we may occasionally contact you by post.
Venue hire newsletter
When making a donation:
When you make a donation at one of our museums, it is processed by Bristol City Council employees on behalf of Bristol Museums Development Trust. We may collect personal data such as your name, email address, postal address and phone numbers as well as credit/debit card details (if you are making a donation). We use the data you provide to process your donation, to claim Gift Aid on your donations and verify your financial transactions. We also analyse this information to improve our understanding of you and our donor base in general. This helps us make decisions about our services, and to provide you with a better customer experience. Your data will be stored securely on our database.
We may also use this data to verify the identity of supporters who make major gifts so we can assess any risks associated with accepting their donations. This is based on the recommendations of the official regulator of charities, the Charity Commission.
How long we will keep your data for:
We keep all data on financial transactions for six years after the year the transaction took place in case of an audit by HMRC. These records must provide a clear link between the donor, declaration and donation. After this your information will be deleted. If you have opted in to receive communications from us, we will retain your data until you unsubscribe, which you may do at any time.
Why we need to collect your data:
We use the data you provide to process your donation, to claim Gift Aid on your donations and verify your financial transactions.
Who we share your data with and why:
If you have filled out a Gift Aid declaration your data will be shared with HMRC for the purposes of claiming the Gift Aid. If you have provided us with financial information regarding a donation then this data will be passed on to our processing partners and the bank. We have written agreements with these parties that protects your data and ensures it is not used for any other purposes.
If you have opted-in to receive communications from us we may use a third party supplier (such as a mailing house or a printer) to process the mailing but only if we have a written agreement with them that protects your data.
If we have your consent to use your data:
Depending on your marketing preferences we may use your data to contact you about your donation, the work we do and how to support us in future. You will able to change your preferences or opt-out at any time.
Where we have received your data from a third party:
Depending on how you made your donation, your information may have come to us through a third party (eg. Online Card Donation via Rapidata). We have written agreements with these parties that protects your data and ensures that we are the only recipients of it.
When signing up for an event or purchasing tickets for an exhibition:
We will use your personal information to send you details about the event and any tickets you may need to gain entry. We’ll also get in touch if there are any changes to the event timings. If the event gets canceled or rescheduled, we’ll get in touch to let you know. You are consenting to be contacted with updates specific to the event you are attending including any “Thank You” emails where we may ask for your feedback about the event in order to help us improve future events.
We may use the following third-party suppliers to manage ticket purchases and guestlists:
Using contact forms on this website:
When you supply information through online forms on this website, we’ll pass your contact details on to the relevant team or member of staff so that they can respond to your enquiry. We may keep a record of the enquiry and your contact details in case we need to follow it up with any further action. We will only use these details to respond to your specific request.
When submitting a contact form for M Shed or Bristol Museum & Art Gallery venue hire, your enquiry will be sent to external contractors Compass Group for a response.
When buying something from our online shop:
When you place an order on shop.bristolmuseums.org.uk we will use your personal information such as your address, email address and phone number so that we can fulfill your order. We’ll get in touch if there are any issues or if we need to clarify anything with you while your order is in process. We use third party suppliers Shopify to manage our shop and Stripe to process payments.
Some of our suppliers may offer a service to fulfill orders for us. We may share your details with them so that they can send your order out directly.
If you are buying a gift to send to someone, you can notify us of this in the ‘notes’ section when placing your order. We will include a gift receipt with the order, which states the sender’s name.
You can withdraw your consent for us to process your information at any time. You can contact us by email or in writing to ask for your information to be deleted. If you subscribe to our e-newsletter, there is an unsubscribe option in every issue.
As part of Bristol City Council we use this privacy statement detailing what we do with your personal data.
LIST OF DATA SUB PROCESSORS
We use the following third party data processors to store and manage your personal information.
|Mailchimp||Name, e-mail address||Newsletter||USA||https://mailchimp.com/legal/privacy/|
|Blackbaud||Name, e-mail address, address, phone number||CRM||USA||https://www.blackbaud.com/privacy-policy.aspx|
Yours rights as a data subject:
You have the right to ask for access to your data and where data is found to be inaccurate to have that data corrected. In certain circumstances you have the right to have data held about you erased, or the use of it restricted. You may be able to object to processing, and may also have the right to have your data transferred to another data controller.
You have the right to have any inaccurate information corrected. You also have a right of complaint to the Information Commissioner’s Office (ICO) at www.ico.org.uk if you think we have not dealt with your information in a proper manner.
You can ask to see what information we hold about you and have access to it. You can do this, by contacting:
Senior Data Protection Officer
Bristol City Council
ICT Commissioning and Information Governance
P O Box 3176
Other questions about the data being processed may also be sent to the above address.
Fraud Prevention and Detection:
Bristol City Council is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing, administering public funds, or where undertaking a public function, in order to prevent and detect fraud. For more information visit https://www.bristol.gov.uk/data-protection-foi/fraud-prevention-and-detection