Jane Austen’s House Museum
This Policy applies if you are a supporter of the Museum (visitor, donor, lender, volunteer) or visit our website, use our mobile app, email, call or write to us. In certain circumstances we may also provide an extra privacy notice, which will always refer to this Policy.
We will never sell your personal data and will only share it with organisations we work with when it is necessary and the privacy and security of your data is assured.
We will only use and store your personal data for as long as it is required for the purposes it was collected for. How long it will be stored for depends on the information in question, what it is being used for and, sometimes, statutory legal requirements.
We will keep a list of any amendment requested or deletion request in order that we may be able to confirm that such amendment or deletion has been made as required by you. This list will contain the minimum amount of information required to identify you and will be kept for six years from our financial year end.
WHO WE ARE AND WHAT WE DO
Jane Austen’s House Museum is a charitable organisation with the aim to advance the education and study of English literature, especially the life and works of Jane Austen. Activities in furtherance of this includes the maintenance of a museum for the public benefit in the house at Chawton, Hampshire, that was Jane Austen’s home for the last eight years of her life. The Museum is registered with the Charities Commission (number 1156458).
In this Policy, whenever you see the words ‘we’, ‘us’, ‘our’ or ’Museum’ these refer to Jane Austen’s House Museum and its wholly owned subsidiary JAHM Trading Company Limited.
JAHM Trading Company Limited carries on a range of commercial trading activities to generate income for the Museum including sale of gifts and souvenirs at the Museum shop and online, and commercial activities that are deemed outside the charitable purposes of the Museum.
The website available at www.jane-austens-house-museum.org.uk is owned by Jane Austen’s House Museum CIO.
DATA AUDITS AND PROCEDURE REVIEWS
We have carried out a thorough audit of the data we hold, where it is held and how it is stored. We have also reviewed all of our procedures relating to the data we hold and we will continue to keep these under periodic review. As a result we believe that we have robust internal procedures in place and comply with the legal requirements relating to the holding of data internally.
WHAT PERSONAL DATA DO WE COLLECT?
Your personal data (any information which identifies you, or which can be identified as relating to you personally for example, name, address, phone number, email address) will be collected and used by us. We will only collect the personal data that we need.
The personal data you give us may include your name, title, address, age, gender, employment status, demographic information, email address, telephone numbers, personal description, photographs, opinions.
We collect personal data in connection with specific activities such as placing an order, making loans and donations, volunteering, conducting research, ordering an image, applying for a job etc. You can give us your personal data by filling in forms on our website, subscribing to our newsletter, entering a competition or by corresponding with us by phone, email or by post.
If you visit the Museum or purchase an item from the Museum Shop the personal data you give us may include financial information (payment information such as credit or debit card or direct debit details, and whether donations are Gift-Aided).
You may also give us your opinions and attitudes about the Museum and your experiences of it. At times we will collect sensitive personal data* for reporting to funders or diversity and equal opportunities monitoring, but this is only ever analysed at an aggregate level (anonymised before it is analysed). You do not have to provide this data and we also provide a ‘prefer not to say’ option. We will obtain your consent before giving your personal data (e.g. follow-up contact information) to any research agency carrying out research on our behalf.
Among the above examples there are some communications that we need to send. Examples are transactional messages, such as Shop purchase confirmations or if we wanted to invite you to a job interview.
HOW WE USE YOUR PERSONAL DATA
We will only use your personal data on relevant lawful grounds as permitted by the EU General Data Protection Regulation (from 25 May 2018)/UK Data Protection Act and Privacy of Electronic Communication Regulation.
Personal data provided to us will be used for the purpose or purposes outlined in any fair processing notice in a transparent manner at the time of collection or registration where appropriate, in accordance with any preferences you express. If asked by the police, or any other regulatory or government authority investigating suspected illegal activities, we may need to provide your personal data.
Your personal data may be collected and used to help us deliver our charitable activities, help us raise funds, or complete your order or request. Below are the main uses of your data which depend on the nature of our relationship with you and how you interact with us, our website and activities.
Jane Austen's House Museum offers a regular email newsletter to share news and details of upcoming events and for marketing, research and fundraising purposes. Your email address is uploaded to the third party MailChimp platform as our e-newsletter is processed via MailChimp.
If you agree to receive our e-newsletter you can change your mind at a later date, by contacting us or by using the ‘Unsubscribe’ button at the foot of the newsletter.
We process customer data in order to fulfil our retail activities. Your data will be used to communicate with you throughout the process, including to confirm we have received your order and payment, to confirm dispatch, to clarify where we might need more detail to fulfil an order or booking, or to resolve issues that might arise with your purchase.
We use information about your shop purchases including but not limited to the sums you spend and the types of products you purchase. The personal data involved is aggregated to inform our commercial strategy and stock choices.
We process personal data in order to accommodate group bookings. Your data will be used to communicate with you throughout the process, including to confirm your booking, to confirm payment, to clarify where we might need more detail to fulfil the booking, or to resolve issues that might arise with your booking.
We use the third party Eventbrite platform to manage bookings for the events we hold at the Museum. Eventbrite will use your data to communicate with you throughout the process, including to confirm your booking and to confirm payment. We have limited access to the Eventbrite system in order to be able to resolve issues that might arise with your booking and to form guest lists prior to events.
We carry out research with our visitors to get feedback on their experience with us. We use this feedback to improve the experiences that we offer and ensure we know what is relevant and interesting to you. Regular evaluation also helps us to target our outreach work and marketing to those people who do not tend to visit the Museum. For example, we may analyse the postcodes our visitors give us to identify ‘gaps’ in our audiences.
If you choose to take part in research, we will tell you when you start what data we will collect, why and how we will use it. All the research we conduct is optional and you can choose not to take part.
We use Google Analytics to collect information on the use of the Museum’s website. Much of the information we collect is aggregated, however we may invite users of our website to complete questionnaires about their user experience from time to time.
The information we collect about your use of our website may include, but is not limited to the terms that you use to search our website, the city you live in, the full Uniform Resource Locators (URL) and query string, products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page
Jane Austen’s House Museum is entirely reliant on income from visitor admissions, retail sales and donations. We may use our e-newsletter, website and social media to invite you to support our work by donating to the Museum, including through the online donations page run by the third party JustGiving platform. Occasionally, we may invite some supporters to attend special events to find out more about our specific needs.
If you make a donation, we will use any personal information you give us to record the nature and amount of your gift, claim Gift Aid where you’ve told us you’re eligible and thank you for your gift. We may also send you updates on the impact that you make by supporting us in this way, unless you tell us not to.
If you tell us you want to fundraise to support our cause, we will use the personal information you give us to record your plans and contact you to support your fundraising efforts. If you are intending to leave the Museum a gift in your will, we will use the information you give us to keep a record of this.
If we have a conversation or interaction with you (or with someone who contacts us in relation to your will, for example your solicitor), we will note these interactions throughout your relationship with us, as this helps to ensure your gift is directed as you wanted.
Charity Commission rules require us to be assured of the provenance of funds and any conditions attached to them. We follow a due diligence process which involves researching the financial soundness, credibility, reputation and ethical principles of donors who have made, or are likely to make, a significant donation to the Museum. As part of this process we will carry out research using publicly available information and professional resources. If this applies to you, we will remind you about the process when you make your donation.
The Museum must adhere to recognised standards for documenting items in our collection in line with the Arts Council England Museum Accreditation scheme. The required standard includes keeping the personal data of current lenders as well as details of previous owners. Such data is vital for proving the legal title of items, as well as for research purposes in identifying provenance, documenting family history and producing current valuations for insurance purposes.
The Museum regularly passes on enquiries from third parties in relation to items it holds on loan but we will never share the owner’s name or address with third parties without the owner’s express consent. Names of owners and former owners may be shared on labels within the Museum if requested: personal preferences are established in writing when an object is acquired or loaned.
Management of Volunteers
The Museum is supported by over 50 volunteers and we use your personal data to manage volunteering. This could include contacting you about a role you’ve applied for, to organise your volunteering sessions or to pass on information about forthcoming activities, events and changes at the Museum. It might also include asking for your opinions on your volunteering experience, which we may also share this with funders to help them monitor how their funding is making a difference.
We may collect sensitive personal data* about volunteers (e.g. references, criminal records checks, details of emergency contacts, medical conditions, training records etc.). This information will be retained for legal or contractual reasons, to protect us (including in the event of an insurance or legal claim) and for safeguarding purposes.
In certain limited circumstances, we may legally collect and process sensitive personal data without requiring the explicit consent of a volunteer.
(a) We will process data about a volunteer’s health where it is necessary, for example, to record absence from the rota due to sickness, and to make any necessary arrangements or adjustments to the workplace in the case of disability. This processing will not normally happen without the volunteer’s knowledge and, where necessary, consent.
(b) We will process data about, but not limited to, a volunteer’s racial and ethnic origin, their sexual orientation or their religious beliefs only where they have volunteered such data and only for the purpose of monitoring and upholding our equal opportunities policies and related provisions.
(c) Data about a volunteer’s criminal convictions will be held as necessary.
The needs of running a museum are such that some volunteer personal information needs to be available to those dealing with emergency situations as set out in the Museum’s Emergency Plan. This information is kept in secure areas.
Furthermore the Museum operates in the public domain and in the course of volunteering it is possible that volunteers’ personal data including photographs could appear not only in our own publicity but also in third party areas including the press, online reviews and social media. When publicity is within our control, we use the minimum amount of identifying data required by the context, and verbal consent is sought on each occasion. If a volunteer does not want to be publicly identifiable they can inform the Data Protection Officer in confidence.
YOUR DATA PROTECTION RIGHTS (DPO)
Where the Museum is using your personal data on the basis of consent, you have the right to withdraw that consent at any time.
You also have the right to ask the Museum to stop using your personal data for direct marketing purposes.
You can tell us this by contacting us using the details above.
SUBJECT ACCESS RIGHTS
If you would like further information on your rights or wish to exercise them, please write to
The Data Protection Officer, Jane Austen’s House Museum, Winchester Road, Chawton, Hampshire GU34 1SD
Or email us at firstname.lastname@example.org
Or telephone us on 01420 83262 during office hours.
You will be asked to provide the following details:
The personal information you want to access;
Where it is likely to be held;
The date range of the information you wish to access
We will also need you to provide information that will help us confirm your identity. If we hold personal information about you, we will give you a copy of the information in an understandable format together with an explanation of why we hold and use it.
Once we have all the information necessary to respond to your request we will provide your information to you within one month. This timeframe may be extended by up to two months if your request is particularly complex.
If you are unhappy with our response, please talk to us directly so we can resolve any problem or query. You also have the right to contact the Information Commissions Office (ICO) if you have any questions about Data Protection. You can contact them using their help line 0303 123 113 or at www.ico.org.uk
COOKIES AND LINKS TO THIRD PARTY WEBSITES
HOW WE SECURE YOUR DATA
Information system and data security is imperative to us to ensure that we are keeping our visitors, volunteers, employees and contractors safe.
We operate a robust and thorough process for assessing, managing and protecting new and existing systems which ensures that they are up to date and secure against the ever changing threat landscape.
Our staff complete information security and data protection training at induction and annually thereafter to reinforce responsibilities and requirements.
When you trust us with your data we will always keep your information secure to maintain your confidentiality. By utilizing strong encryption when your information is stored or in transit we minimize the risk of unauthorized access or disclosure; when entering information on our website, you can check this by right clicking on the padlock icon in the address bar.
PAYMENT CARD SECURITY
The Museum has an active PCI-DSS compliance programme in place. This is the international standard for safe card payment processes. As part of our compliance to this very stringent standard, we ensure that our IT systems do not directly collect or store payment card information; for example the full 16 digit number on the front of the card or the security code on the back.
Till-based payments are carried out using a 'payment gateway' (e.g. Mastercard/Worldpay) which is a direct connection to a payment service provided by a bank. This means that when you input card data you are communicating directly with the bank and the bank passes your payment to us. Your payment card information is handled by the bank and not processed or held by us.
We have stringent internal procedures for handling and disposing of the data you give us in order for us to process a card payment in your absence.
DISCLOSING AND SHARING INFORMATION
When we allow third parties acting on behalf of the Museum to access your information, we will always have complete control of what they see, how long they see it for and what they are allowed to do with it. We do not sell or share your personal information for other organisations to use.
Personal data collected and processed by us may be shared with the following groups where necessary:
Museum employees and volunteers
Research companies contracted to undertake visitor research and evaluation on our behalf
Third party cloud hosting and IT infrastructure providers who host the website and provide IT support in respect of the website;
Also, under strictly controlled conditions:
Service Providers providing services to us
STORAGE OF INFORMATION
The Museum has Closed Circuit Television (CCTV) and you may be recorded when you visit us.
CCTV is used to provide security and protect both our visitors and the Museum. CCTV will be only be viewed when necessary (e.g. to detect or prevent crime) and footage is stored for set period of time after which it is recorded over. The Museum complies with the Information Commissioner’s Office CCTV Code of Practice and we put up notices so you know CCTV is used.
CHILDREN AND VULNERABLE ADULTS
We have a separate Child & Vulnerable Adult Policy detailing the additional safeguarding measures we take in relation to collecting and storing the personal data of vulnerable adults and those under the age of 18.
Please Remember: We want you to remain in control of your personal data. If, at any time, you want to update or amend your personal data or marketing preferences please contact us at the above address.
*‘Sensitive personal data’ is defined in the Data Protection Act as information about racial or ethnic origin, political opinions, religious beliefs or other similar beliefs, trade union membership, physical or mental health, sexual life, and criminal allegations, proceedings or convictions.