This notice describes the way Chiltern Open Air Museum (‘COAM’) collects and processes your information, and explains our privacy and fair processing policy. We will always refer to this page when we ask you for your consent, and will keep this page up to date to explain the things we do with your personal information so you can be confident when sharing your information with us that it will be only used for what we say here.
2. How we use personal information
Personal information you provide to COAM will only be used for the purposes outlined at the time of collection/registration, in accordance with the preferences you express.
Personal data collected and processed by us may be used for the following purposes:
• Administration of membership(s)
• Fulfillment of orders for goods and services requested
• Administration of donations and legacies
• Research and statistical analysis
• Communication about our conservation work, membership, events, fundraising and other activities that we think may be of interest to you
Personal data collected and processed by us may be shared with the following groups where necessary:
• COAM employees and volunteers, as required for administrative purposes
• Friends of Chiltern Open Air Museum (‘FCOAM’), if you have indicated that you would like to become a Friend and consent to your details being passed on
We do not sell or share your personal information for other organisations to use (although we may pass on your personal information if we have a legal or statutory obligation to do so). You are always in control of how we communicate with you, and you can update your choices by contacting us as explained in Section 6 (below).
Your marketing permissions
COAM will always respect and act upon your choices regarding the type of communications you want to receive and how you want to receive them.
There are some communications that need to happen regardless of your marketing preferences, as they are essential to allow us fulfill our promises to you as a member or buyer of goods or services from us. Examples of this type of communication would be:
• Transaction notification messaging, such as Direct Debit information and confirmation
• Mailings directly related to administration of the membership scheme, such as your renewal reminder
• Experience day and workshop disclaimers, permission forms and important information
As you are interested in the Museum we would also like to keep you up to date with information about our events, activities and other news. However, you have the right to opt in and out of receiving this information, either when your data is registered initially or at any point in the future. All of our emails will contain a clear “unsubscribe” link and you can contact us at any point to request that your details be removed from our mailing lists for non-essential communications.
We will hold your information only as long as is necessary for each purpose we use it, after which we will ensure it is securely destroyed.
Where we need your consent, we will always do our best to ensure that you are as fully informed as possible on what we do with your information, with whom it may be shared and for how long we will keep it. This responsibility is in line with the requirements of the current Data Protection Act and other relevant legislation.
5. Accessing your personal data held by COAM
You have the right to ask us, in writing, for a copy of all the personal data we hold about you (this is known as a ‘subject access request’). A copy will be sent to you as soon as possible but this will not be later than one calendar month from the date of receipt of your request.
If you would like to access your personal data held by us, please apply in writing to Chiltern Open Air Museum, Newland Park, Gorelands Lane, Chalfont St Giles, Buckinghamshire, HP4 8AB.
You can also update or amend your personal data or preferences at any time by writing to us at the address above, and details of alternative communication methods can be found on the “Contact us” page of our website. Verification, updating or amendment of personal data will take place as soon as possible, and not more than one calendar month from the date of receipt of your request.
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. It may also be used to optimise your experience on our website.
You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.
8. Links to third party websites
We are not responsible for the privacy policies of third party websites and advise that you read the privacy policies of other websites before registering any personal data.
COAM holds your personal data in accordance with the security provisions of the GDPR . We use industry standard Secure Server Software (SSL) for your transactions with us. It encrypts all of your personal information, including credit card number, name and address, so that it cannot be read as the information travels over the internet. COAM does not store any sensitive payment card data in our systems.
10. Payment card information
To comply with international standards for safe card payment processes, COAM does not directly collect or store your payment card information (for example, the full 16-digit number on the front of your card or the security code on the back). We do not process card payments online ourselves, but instead utilise Opayo’s secure “payment gateway” for card processing. You communicate directly with Opayo, which protects your financial information with industry-leading security and fraud prevention systems. When you use Opayo, your financial information is not shared with or held by COAM. Once your payment is complete, Opayo will email you a receipt for your transaction.
Card payments made face-to-face or by telephone are handled securely. As part of the industry-level Payment Card Industry Data Security Standard (PCI DSS), the company providing these “merchant services” for us works closely with the PCI Security Standards Council and the Card Schemes (such as VISA, MasterCard and AMEX, for example) to provide customers with a secure and stable payment network. We will not hold your payment details ourselves.
11. Scannable cards
We will shortly start to use barcodes on our membership cards, which we will ask you to scan when you visit. We will use this data (which will include the date/s on which you have visited and your membership number) to help us understand how our members like to visit the Museum. We may also use this information to ensure that our communications to you are as relevant as possible.
12. What this page tells you and how it is updated