This privacy notice describes how Haynes Motor Museum and Haynes Motor Museum Trading ('’we’’) collects and uses your personal data.
Personal data is information about you from which you can be identified (either directly or indirectly). We are a "data controller", which means we are responsible for deciding how and why we hold and use personal data about you, and for explaining this clearly to you.
It is important that you read this notice, together with any other privacy information or notices we may provide on specific occasions. This is to help ensure that you are aware of how and why we use such information.
This privacy notice is intended to be brief and clear. It does not provide exhaustive detail of all aspects of our processing activities, but we are happy to provide you with any additional information or explanation (please see the “contact us” section below).
Who we are
The Haynes Motor Museum is an Educational Charitable Trust located in Sparkford, Yeovil (Charity Number: 1176857).
Haynes Motor Museum
Tel: 01963 440804
Email: firstname.lastname@example.org or email@example.com
What personal information we collect
We collect information that is necessary for us to provide the goods and services you request from us, to keep you updated and informed and that which is otherwise necessary for us to operate.
We may process the following information about you (non-exhaustive list):
- Contact information including email and postal address
- Payment details
- Email and marketing preferences
- Details of goods and/or services purchased by you
- Information you provide when you enter a competition or promotion
- Information you provide when you contact us
- Special category data: We don't normally collect or store special categories of personal data. However, there are some situations where we may need to do so, for example, the dietary requirements of those attending catered events.
How we collect your personal information
We collect information when you interact with us including (but not limited to):
- When you visit our website, including if you sign up for email updates and marketing, complete forms, shop online, purchase tickets or become a member. If you have cookies enabled on your browser, we may use these to collect information (please see “cookies” section).
- When you book a ticket (either online, in person or over the phone) to the Museum or one of our events
- When you become a member
- When you use or order from our online shop
- When you interact with us on social media
- When you make a donation
- When you apply for a job; we advise job applicants to read our Privacy Notice for Job Applications prior to applying for a position
- If you otherwise use services provided by us
- If you otherwise contact us by telephone, email, post, or social media
Why we collect your personal information and how we use it
The main purposes for which we process the details of our customers, visitors, service users, enquirers and other stakeholders is to provide the services, goods and/or information that they have requested:
- To conduct business administration
- To contact you with information in relation to your purchase of goods and/or services
- To respond to your enquiries
- To fulfil purchases you have made and process payments
- To analyse customer data for business development
- To further our charitable aims
- To comply with the obligations that result from a contract with you
- To comply with our legal and regulatory obligations
- To send you updates on the Museum such as events, news and shop offers (see “Marketing” section for more information)
If we intend to use your personal information for certain types of marketing or other purposes where your consent is required, we will ask for specific consent for the intended purpose. Whenever we seek your consent, we will explain how we intend to use your information. Consent will require a positive affirmation from you, generally in the form of an opt-in such as ticking an agreement box.
We may send you marketing material or information where there is a legitimate interest to do so, for example, if you have an existing relationship with us such as an annual membership. Such processing does not require opt-in consent but your right to object remains, you can do this by contacting us with the contact details given at the end.
We may market to you via email, phone or post. We may also use third-party advertisers such as META (Facebook), for matching purposes to enable us to send you marketing material via social media. We will do this where we have your consent to do so, or where there is a legitimate interest for us to do so. Legitimate Interests can be your own interests or the interests of third parties. They can include commercial interests, individual interests or broader societal benefits.
Should you wish to stop receiving marketing material you will be given the chance to opt-out. If you tell us you don’t want to receive marketing messages it might take a few days for all our systems to be updated, so we will ask for your patience if you receive messages from us whilst we process your request. Please note that opting out of marketing messages will not stop service communications.
Conditions under which we process your information
We process personal information in line with the principles of fairness and lawfulness. The information we process is carried out under one of the available lawful bases, such as, if:
- You have consented to the use of your personal data for the specific purpose in question
- We need to deliver a contracted service
- The processing is necessary for us to comply with the law
- To protect your vital interests
- To carry out a task in the public interest
- for your own legitimate interests
Sharing your personal information and keeping it secure
We may share your personal information with contractors or suppliers who are performing services on our behalf. For example, processors handling payments, email providers for our marketing communications, ticketing providers, and third-party advertisers such as META, identifying users who have recently interreacted with the Museum allowing - us to send you information relating to the Museum. Any sharing of personal information is done securely.
We may share your personal information where required to do so for the prevention and/or detection of crime or for taxation purposes or where otherwise required to do so by the law and/or regulators.
We will not sell your data or share personal data with third party organisations for their own marketing purposes.
We are committed to keeping your personal information secure.
If any of your personal information is transferred to, and stored, at, a destination outside the European Economic Area (EEA) we will ensure appropriate security safeguards are implemented.
Our online store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products. If you use the Haynes Motor Museum Shopify Site your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
When using Credit Cards your details are encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. For more information, you may also want to read Shopify’s Terms of Service and Privacy Statement.
Museum Tickets and Breakfast Club Events
Tickets to our Museum, Breakfast Club and any other events the Museum hosts are processed through our ticketing provider system, VisiSoft. This provider may have access to your information to assist us in the delivery of our products and may be asked to investigate any potential issues with your booking or transaction. More information on this third-party provider can be found on VisiSoft’s Privacy Notice. Please also see our Terms and Conditions for more information on how our booking system collects and stores your information.
Mailchimp Email Marketing
For our newsletter and other marketing material we use a third-party provider, Mailchimp. For more information, please see Mailchimps’ Privacy notice.
Where your personal information is held in physical form, we will ensure appropriate access and security restrictions are applied.
The information that we hold about you will only be kept for as long as it is required to perform the required purpose. We may use your information for a purpose other than that which it was collected if we consider the purposes compatible.
You have the following rights regarding the processing of your personal information:
- to obtain access to, and copies of, the personal data that we hold about you
- to require us to correct any inaccurate personal data
- to require us to restrict our processing of your personal data
- to object to us processing your personal data
- to object to receiving marketing communications from us
- to withdraw your consent to processing of your personal data
- to require us to erase your personal data ('right to be forgotten')
- to obtain from us the personal data which you have provided, in order to transmit it to another organisation ('data portability')
Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.
You also have the right to refer your concerns or queries to the supervisory authority, the Information Commissioner’s Office.
To exercise any of the above rights, please contact us using the detail in the “Contact us” section. Below.
Most browsers accept cookies automatically, but you can alter the settings of your browser to erase cookies or prevent automatic acceptance if you prefer. You generally have the option to accept all cookies, to be notified when a cookie is issued or reject all cookies. Visit the “options” or “preferences” menu on your browser to change settings.
Visitors to the Museum, Cafe 750, Haynes Heritage and Engineering Workshop and Venue Hire facilities should be aware that there is CCTV monitoring in place throughout the site. We use CCTV to help provide a safe and secure environment for visitors, for our staff and for the collection and to prevent or detect crime. Recorded images are stored for 7 days.
We are a venue for filming and photography which covers business purposes and third party media companies. Your image maybe captured as and when this type of activity takes place, unless you notify a member of our staff on the day of your visit to confirm you do not wish to be captured on camera. When we choose to explicitly feature individuals (adults and children) we will gain your permission prior to using the images.
If you would like more information or would like to raise any queries, exercise your rights or make a complaint in relation to our use of your personal information, you may contact us using the following information:
Haynes Motor Museum
By email: firstname.lastname@example.org or email@example.com
We keep our privacy notice under regular review. Please visit this page periodically to keep up to date with any changes.