Your privacy is important to us. This policy helps you understand how we protect your security online and make sure that you can choose how your data is handled.
This privacy notice applies to information we collect about:
- Visitors to our digital channels (e.g. website, apps)
- Devices detected by our free Wi-Fi service
- People who use and support our services
- Job applicants
This notice provides information on how we use any personal information we collect about you, your rights to access and correct the information we hold about you and how to contact us for queries or complaints about our use of your personal information, or to unsubscribe from marketing communications.
We make every effort to keep your personal data accurate and up-to-date. If you become aware of any errors or inaccuracies please email email@example.com
At the Goldsmiths’ Centre you would like to make a request to access the information we hold about you see the access to your information section of this notice. Alternatively, you are entitled to raise a concern to the Information Commissioner’s Office (ICO) without first referring your complaint to us. See here for more information: https://ico.org.uk/concerns
What information do we collect?
When we ask you to provide your personal information we will let you know why we are asking, and how we will use your data, and direct you towards this notice for more information. We take great care in storing this data.
When do we collect personal information?
Personal information is collected directly from you when you interact with us and allow us to do so, for example:
- When you register to use our services
- Attend our events
- Make a purchase
- Sending or receiving an email
- Make an enquiry
- Visit our website
- Apply for a role with us
- Hire a space for a corporate or private event
- Participate in a registered event
- When signing up to a campaign or for our e-newsletter
- When you voluntarily complete a survey or attend a consultation event
- Provide feedback
- Participate in competitions and social media conversations.
- Information may be collected in person, over the phone, through our websites, social media or from something you have posted to us.
We also collect information when you allow others to share it with us via third parties, for example:
- Organisations processing data on our behalf, e.g. Direct Debits
What personal information do we collect?
Personal information we collect may include:
- Your name, including your title
- Date of birth, only where needed for age related products
- Postal and email addresses
- Phone numbers
- Bank Details
- Your profession where appropriate
- Your age, ethnicity, disability and family status where appropriate
- Relationships including spouses, partners, work colleagues, connections where appropriate
- Current interest and activities
- Any accredited membership you belong to e.g. livery or trade organisation membership, or any other accredited organisation membership
We will also collect and hold information about any contact you have with us as a visitor or customer, and this may include details of:
- Ticket purchase and event registration/attendance
- Contact preferences
- Direct Debit bank details where applicable
- Details of correspondence sent to you or received from you
- Employment information and professional activities
- Selected media coverage, where relevant
A cookie is a small file which stores information that a website puts on your hard disk so that it can remember something about you at a later time. Typically, a cookie records your preferences when using a particular site. Read our Cookies Policy for more information.
How will we use information about you?
We collect information about you in order to fulfil our public task and provide you with the service/s you have requested. When you sign up to an e- newsletter or opt-in to our communications using our forms (e.g. online form) or in person, then you are giving us your consent to send you marketing materials by the methods you have chosen (e.g. email or phone call). We will never send you marketing by email or SMS without your consent, and you can withdraw your consent at any time.
If you have provided us with your postal or telephone contact details, but haven’t specifically opted-in to receive our communications (for example, making a donation by post), then we will carry out an assessment of whether it would be fair and reasonable to use them to send marketing information to you without your explicit consent (i.e. it is in the interests of our aims and will not cause undue prejudice to you). This is called a legitimate interests assessment. You can opt out of our marketing communications at any time if you don’t want to receive them.
We will ensure we have a legal basis to use your personal information for the other purposes mentioned in this policy (usually with your consent, further to a legitimate interest assessment, or because the use of your data is necessary to comply with a legal obligation).
Processing your purchase
When you make a payment to us, we will use your payment and contact details, payment amount, date and time of payment; to process that payment and take any follow-up administrative action needed (for example, sending a receipt or acknowledgement letter).
There are some membership communications that we are required to send regardless of your contact preferences. These are essential communications, deemed necessary to fulfil our contractual obligations to you. This would include Direct Debit confirmations, thank you and renewal letters, member benefits, and queries regarding returned mail or bounced payments.
Responding to enquiries
If you contact us with a question, comment, compliment or complaint then we will keep a record of this correspondence and any associated documents so that we have the information available in the event of a follow-up, dispute or investigation.
Notifying you of changes to policies
If we make significant changes to our policies which may affect you, we will use your contact details to inform you of the changes.
Requesting information if you are attending our events
If you participate in an event that we have organised, we may ask you to provide information to make sure we can manage the event safely and efficiently. We may also ask you for details of any accessibility need which you may have, so that we ensure our event is inclusive, in line with the provisions of the Equality Act 2010.
If you participate in an event organised by an external party, then your information may be passed to us by the processor. We would only use it for marketing purposes if you have given your consent for this.
Marketing and Communications
We may use your information to invite you to become involved with us in new ways and grow our supporter base. If you consent we will send you information about activities and services of the Goldsmiths’ Centre that may be of interest to you, by post, telephone or email. Some of these will include:
- Sharing marketing and fundraising materials with you
- Marketing materials that we might share with you include:
- Details of other products, services or events, such as exhibitions, events, retail or café offers
- News and updates such as our marketing, learning or members e-newsletters
- Surveys for market research purposes
Where you have provided your postal address or telephone number we may send this information to you by post or by calling your telephone unless you have asked us not to. We may also email you this information or send by SMS if you have agreed for us to do so.
Targeting and communications
We undertake some research and analysis to inform our decisions on what communications our audiences would prefer, in order to work out whom to contact, what to say and when to get in touch. We want to send the most effective messages that we can in the most efficient way possible.
We undertake some research and analysis to inform our decisions on what events and courses to put on, and what kinds of activities to programme to continually work to offer the best experiences when you visit. Responses to survey questions may be quoted in research reports. All data is anonymised when used for this purpose.
We log the IP address of the computer you are using in order to protect our servers against abuse and malicious activity. The logs are deleted every 30 days. Other information is used to measure the performance of the website, the volume of traffic that the site receives, how site users move around the site and what sort of users the site attracts. You can find out more in our website and cookies policy.
We use Google Analytics to collect information about how our visitors use and navigate this website. We use this information to report to funders and to analyse usage of the website so that we can continually work to improve the website and your experience of it. The cookies collect information such as the number of visitors to the site, which pages they visited and whereabouts they came to the site from. This information is anonymous and cannot be used to identify you personally.
Analysing how emails are opened and read
We track emails which we have sent to you to see which messages have the highest response rates and whether there are messages that generate better engagement with particular groups of people. We do this by logging whether emails we send have been opened, deleted and interacted with (for example, by clicking on links within the emails). Although we only use this information to look at general patterns, it is still personal information because it is linked to your email address.
We analyse all data provided to us by supporters to review behavioural patterns like communication preferences, interests in the Goldsmiths’ Centre, and which events you have attended.
We use this information to tailor our communication with you and invite you to meetings, groups and events which may be of interest to you.
You can request more information on these activities, or change your preferences, by using the information in the ‘Contacting us’ section at the beginning of this document.
You can choose to opt-out of being the subject of data cleaning or analysis simply by contacting us by email at: firstname.lastname@example.org
Compliance with the law
As with all charities, we ensure that our activities comply with the law. Therefore, we may need to share or use your personal information if we are required to do so by law (for example, in response to a warrant or court order) and we may use information from other sources for the purposes of fraud prevention, for example to comply with money laundering regulations, or to protect people’s rights, property or safety.
Who might we share your information with?
We will not sell your details to any third parties, nor disclose personal data to any third parties or external organisations, other than trusted data processors and service providers carrying out work on our behalf. Examples of data processors would be mailing houses, bulk email distribution services, customer relationship management developers and data cleaning organisations.
We do comprehensive checks on any companies working on our behalf before we work with them. We will put a contract in place that sets out our expectations and requirements regarding how they manage the personal data they collect, or have access to, in line with the 1998 Data Protection Act and the General Data Protection Regulation. We will apply for your explicit and informed consent in the event that we need to share your data in any other way that is not covered in this policy.
We will never share your details with other organisations to use for their own purposes, other than where we are required to by law. The Goldsmiths’ Centre will not, under any circumstances, share with or sell your personal information to any third party for marketing purposes and you will not receive offers from other companies or organisations as a result of giving your details to us.
We may also use other companies to provide services and process your personal information on our behalf, including delivering postal mail, making telephone calls to our supporters, sending emails, sending SMS messages, processing credit card payments and analysing our supporter information as outlined above, to help us offer you communications that are most appropriate to you and your interests. In some cases, our suppliers may use software which analyses publicly available information (as outlined above) to build up a picture about you based on the factors set out in the ‘Targeting our communications and researching our supporters’ section.
Transfer of personal information outside of the EEA
The Goldsmiths’ Centre is aware that countries outside the European Economic Area have differing approaches to data privacy laws, and that enforcement may not be as robust as it is within Europe’s borders. The transfer of your information is governed by EU model contract clauses which set out how the organisation outside the EEA is required to protect your privacy rights by adhering to European data protection standards.
Organisations we work with who process personal information in the USA have verified their data processing standards meet the EU-US Privacy Shield, which sets out clear safeguards and transparency responsibilities for US-based organisations processing personal information from EU citizens.
The Goldsmiths’ Centre takes the care of your information seriously and protects your personal information in a range of ways including secure servers, firewalls and SSL encryption. We follow payment card industry (PCI) security compliance requirements when processing credit card payments. We operate a policy of restricted, password controlled, access to any of your information which is stored on our systems.
If you apply to work at the Goldsmiths’ Centre, we will use the information you supply to process your application and to monitor recruitment statistics. We sometimes use third-party job application platforms to publish and receive applications for roles at the Goldsmiths’ Centre. When you apply through these portals the organisation’s privacy information will be available to you. We only work alongside other organisations in this way if we are satisfied that they will keep your information safely and use it only in the same legal ways that we would.
Personal information about shortlisted, but unsuccessful candidates will be held for 3 months after the recruitment exercise has been completed, and only with your consent.
On accepting an offer of employment with us, we will perform some checks on your identity, your right to work in the UK, your eligibility to work with vulnerable people and your past employment references.
Where we want to disclose information to a third party, for example where we may need to obtain a ‘disclosure’ from the Criminal Records Bureau we will not do so without informing you beforehand unless the disclosure is required or otherwise permitted by law.
CCTV is used throughout the Goldsmiths’ Centre site to monitor the safety and security of our visitors, staff, artefacts, merchandise, and events. The Centre abides by the CCTV Code of Practice in the management of information recorded and retained by surveillance equipment.
While we do not actively collect information from children (under 16s) in the UK, we appreciate that our visitors and supporters are of all ages. Where appropriate, we will always ask for consent from a parent or guardian to collect information about children. All events will have clear rules on whether or not children can take part, and the collection of information will be managed in accordance with each individual event, with appropriate safeguards in place. The Goldsmith’s Centre will only grant access to the Personal Data to persons who need to have access to it for the purposes of performing duties or tasks related to enrolment on courses and for submission to government agencies where applicable.
Access to your information and retention periods
You have the right to request a copy of the information that we hold about you: this is called a Subject Access Request. We will provide it in a clear and easy to follow format. Please note that if you ask for the material to be sent electronically but prefer not to use our secure file transfer, Museum of London cannot be held responsible for the security risk to your information as it travels across the Internet. If you would like a copy of some or all of your information, please email or write to us by contacting the Data Protection Officer (see who we are and how to contact us).
How to ask us to amend or delete your information
We fully comply with the terms of the Data Protection Act (1998) and the incoming General Data Protection Regulations (2018), and will respond to any requests to remove, change or provide any personal details you have given us under the terms of the Act and Regulations, including the right to be forgotten. If you information is incorrect, out of date or if there is no longer justification for us to hold it, you can ask for it to be updated, removed or blocked from our use.
To amend or delete your information you should email email@example.com, use our online unsubscribe or amend your mailing list settings by visiting our preference centre. Please note that whilst we endeavour to update your information in a timely manner there may be a slight delay of up to 48 hours to deal with your request. If you ask us not to contact you, we will keep some basic information about you on our suppression list in order to avoid sending you unwanted materials in the future.
The personal data collected by the Goldsmiths’ Centre is evaluated periodically to determine whether it is current and still needs to be held. Subject to any legal requirements we will keep your personal information for no longer than is necessary for the purposes for which it is processed (in accordance with our internal policies/retention schedule).
You can find out more about your data protection rights on the Information Commissioner’s Office (ICO) website: https://ico.org.uk
Changes and updates to privacy notice
We keep our privacy notice under regular review. You are advised to visit this page periodically in order to keep up to date with any changes. By continuing to use our services you will be deemed to have accepted such changes.