null

FAIR PROCESSING NOTICE (FPN) - SELLY MANOR MUSEUM

Who is responsible for my information?

Bournville Village Trust Group (the ‘Data Controller’) [Registration No. Z5847372], is responsible for the collection, processing, storage and safe keeping of personal data and other information as part of our business activities, which includes Selly Manor Museum. We manage personal information in accordance with the Data Protection Act 1998 and from May 2018, the General Data Protection Regulations.

We take your privacy rights and the security of your information very seriously. This fair processing notice is supported by a detailed Personal Information Management System which we can provide on request. We will now set out in brief our approach to safeguarding the privacy rights of all individuals who engage with us.

This Fair Processing Notice applies to all personal information collected by Selly Manor Museum. A separate notice exists for BVT which relates to the  information they collect to deliver their services.

Our approach to collecting, storing and using personal information

About the personal information we collect

As a customer of BVT, the information we may collect about you and others could include, but is not limited to:

  • Name
  • Date of birth
  • Address
  • Contact details (phone/mobile/email)
  • Communication preferences
  • Gender
  • Racial or ethnic origin
  • Religious or other beliefs
  • Sexual orientation
  • Physical or mental health or condition
  • Photographs and CCTV images

We will not collect information about you that we do not need and we will make sure that the personal information we collect is updated to our systems in a timely and accurate manner. All demographic information held by BVT is used only for research purposes and is anonymised so you won’t be identified. All information held by Selly Manor Museum will be for marketing purposes and to ensure that we provide a range of suitable events and activities for a diverse audience.

How we use your personal information

We use your information to respond to your enquiries, provide you with services and manage your relationship with us. We may also use your personal information for research and development, customer administration, marketing and to identify areas where we can improve the services we provide. We only collect or use personal information for those purposes indicated in our notification with the Information Commissioner’s Office.

We will review the personal information we hold about you every 12 months and make changes to any service or information-handling processes when the law or the Information Commissioner request such changes. Your contact information may be reviewed more frequently as and when you contact us.

How long will we keep your personal information

We will keep the personal information you provide to us for a period of 12 months. After 12 months we will contact you with the information you have provided to ask for your consent to retain the information and to continue to inform you of our events.

It is important that you keep us informed of any changes to your information. You may ask us to either remove or correct inaccurate information at any time.

Visiting our websites

When you visit our websites, we collect standard internet log information for statistical purposes. In short:

  • We use cookies to collect information in an anonymous way, including the number of visitors to the site, where visitors have come to the site from and the pages they visited
  • We do not make any attempt to identify visitors to our websites. We do not associate information gathered from our sites with personally identifying information from any source.
  • When we collect personal information, for example via an online form, we will explain what we intend to do with it.

Our website may from time to time contain links to various third party websites. We are not responsible for the content or privacy practices of any external websites that are linked from our sites.

How we share your personal information

We will not share your information with third parties.  

Our legal obligations

We will share specific and relevant information with law enforcement and government agencies or public bodies where we are legally required to do so. Examples may include:

  • The prevention or detection of crime and fraud
  • The apprehension or prosecution of offenders
  • Research and statistical purposes

Keeping your information secure

We store personal information both electronically and in paper form. We implement security policies, processes and technical security solutions to protect the personal information we hold from:

  • Unauthorised access
  • Improper use or disclosure
  • Unauthorised modification
  • Unlawful destruction or accidental loss.

When you contact us, we may ask you to provide us with some information so that we can confirm your identity. If other people (e.g. family members, support workers, solicitors) act on your behalf, we will take steps to make sure that you have agreed for them to do so. This may include asking them to provide us with supporting information to indicate your consent. We do this to protect you and to make sure that other people cannot find things out about you that they are not entitled to know.

Employees who have access to, or are associated with the processing of, your personal information will be required to ensure compliance with the Data Protection Act 1998 and make reasonable efforts to safeguard it.

Contacting us about your personal information

We will be transparent about what, why and how we collect, use and share your information. Please keep us informed if any of your information changes.

Finding out about the personal information we hold about you

You can ask us whether we are keeping personal information about you by writing to our Data Protection Officer.

The General Data Protection Regulations gives you a number of rights in relation to your personal information. You can find out about your rights, and get further guidance, on the ICO website.

Requesting a copy of your personal information

As part of our service to you, we will supply you with copies of specific pieces of information, for example a copy of your rent statement. If you want a copy of information we have received or shared with third parties or a copy of everything we have on record relating to you, you will be required to put this in writing. This is called a ‘subject access request’.

If you make a subject access request we will provide you with a readable copy of the personal information we hold about you. To make a subject access request you must:

  • Make your request in writing/complete a Subject Access Request form
  • Provide proof of your identity

If we do hold information about you, we will:

  • Give you a description of it
  • Tell you why we are holding it
  • Tell you who it could be disclosed to
  • Let you have a copy of the information in an intelligible form

Please send your request to our Data Protection Officer, Bournville Village Trust, 350 Bournville Lane, Bournville, Birmingham, B30 1QY.

Withdrawing your consent

You have the right at any time to ‘opt out’ of us processing your personal information for direct marketing purposes or to prevent processing that you feel is likely to cause damage or distress. If you wish to do this at any time, please complete a Data Subject Consent Withdrawal form.

If you wish to ‘opt out’ of us processing personal information about a child under 16 who you have parental responsibility for, please complete a Parental Consent Withdrawal form and send to our Data Protection Officer, Bournville Village Trust, 350 Bournville Lane, Bournville, Birmingham, B30 1QY. 

Your request will be actioned immediately.

Questions and complaints

If you are concerned about how we are collecting, using and/or sharing your personal information, you can contact our Data Protection Officer. You can also obtain more information on your rights and our obligations as a Data Controller by contacting the Information Commissioner. You can also apply to the Court for compensation for distress and/or damages due to non-compliance of the Data Protection Act.

We keep our privacy policy under regular review. This privacy notice was last updated in January 2018.