The Tank Museum takes the safety and security of your personal data very seriously.
We greatly value the trust and confidence you place in us as customers, visitors, supporters, donors and website users.
If you use any of the services we offer, we will collect certain relevant information from you. This will be stored digitally and will only be accessible to those who require it in the provision of that service.
Our rigorous procedures and security measures will protect you against the loss or misuse of the information we have collected. We will only hold this information as long as it is needed to fulfil the service, following which it will be securely destroyed.
This policy sets out in more detail how we will meet our obligations to you under the 2018 General Data Protection Regulation.
In particular we want you to be aware that The Tank Museum will never sell your personal information for other companies or businesses to use for marketing.
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
- Right of access: You have the right to request a copy of the information that we hold about you.
- Right of rectification: You have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten: In certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing: Where certain conditions apply to have a right to restrict the processing.
- Right of portability: You have the right to have the data we hold about you transferred to another organisation.
- Right to object: You have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling: You also have the right to be subject to the legal effects of automated processing or profiling.
- Right to judicial review: In the event that The Tank Museum refuses your request under rights of access, we will provide you with a reason as to why.
OUR MAILING LIST
Your Email: If you register to receive our e-newsletter (or to ‘receive marketing’ as it may be worded elsewhere on our websites), we require an active personal email address so we can send you the information you have requested. For the purposes of audience research, we also ask for your nationality – but submitting this information is not mandatory. When you subscribe, we will send you an email which will ask you to confirm your subscription. You must acknowledge this email in order to be added to our mailing list.
Our Service Provider: We use a third-party provider – Mailchimp – to provide our e-newsletter services. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter and the content we link to. For more information, please see Mailchimp’s Privacy notice here. You may unsubscribe at any time by clicking the unsubscribe link in the email or by emailing email@example.com
BUYING PRODUCTS FROM THE TANK MUSEUM SHOP ONLINE
Our Service Provider: Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
Your Address: will be used to validate your payment option (billing) and to send your purchase to you (shipping). We may also use anonymised elements of this data (postcodes for example) for audience analysis and planning purposes.
Your Email Address: will primarily be used to inform you about the progress of your order. However, we may have to contact you again to ask for your feedback on our products and services. We will not add you to our e-newsletter mailing list unless you have opted in to receive it during your purchase or via the sign up form on our website.
The Friends of The Tank Museum: If you join The Friends of The Tank Museum, your address and contact details will be stored in a secure membership module within our EPOS system as provided by K3 Retail for the duration of your membership. Your details are used to facilitate your membership and the fulfilment of our obligations to you as a member.
Protecting you: Your information will never be supplied to any other third party except where (1) such a transfer is a necessary part of the activities that we undertake (such as taking payment, arranging shipping or producing products to complete your order), or (2) we are required to do so by the operation of the law. In processing your order, we may send your details to, and also use information from credit reference agencies and fraud prevention agencies.
COOKIES & OUR WEBSITES
What are Cookies? Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.
How do we use them? We use Google Analytics to collect and process this anonymised information. We do not make, nor allow Google to make, any attempt to find out the identities of those visiting our website.
The website also creates cookies for an advertising platform - Adform - in order to retarget advertising to website visitors. Adform collects and stores in the cookie-based profiles anonymous statistical information. During web requests to Adform web-servers, their system is exposed to the IP addresses and/or Mobile Device Identifiers of user devices. Adform is in full compliance with local data privacy laws and is anonymising the data according to local regulations. Read their full policy and opt-out of Adform advertising here.
Turning off Cookies: You can set your browser not to accept cookies; these websites tell you how to remove cookies from Chrome, Mozilla or Internet Explorer. However some of our website features may not function as a result.
ACCESSING YOUR DATA
The Tank Museums GDPR representative can be contacted here:
Helen Smith, Deputy Director, The Tank Museum, Bovington, Dorset, BH20 6JG.
T: 01929 4095096 E:firstname.lastname@example.org
21 May 2018