Privacy

1. Introduction

At the Crewe Heritage Trust ("we", "us", "our"), we regularly collect and use personal data about consumers who visit our museum or browse our websites. Personal data is any information that can used to identify you as an individual. The protection of your personal data is very important to us, and we understand our responsibilities to handle your personal data with care, to keep it secure and to comply with legal requirements.

The purpose of this privacy policy ("Policy") is to provide a clear explanation of when, why and how we collect and use personal data. We have designed it to be as user friendly as possible, and have labelled sections to make it easy for you to find the information that is most relevant to you. 

Please read this Policy carefully. It provides important information about how we use personal data and explains your legal rights. This Policy is not intended to override the terms of any contract that you have with us (for example, Season Pass  terms and conditions) or any rights you might have available under applicable data protection laws. We will make changes to this Policy from time to time for example, to keep it up to date or to comply with legal requirements or changes in the way we operate our business.

2. Who is responsible for your personal data?

Crewe Heritage Trust Limited (“The Trust") is a British-based company, with a registered office at Heritage Centre, Vernon Way, Crewe, Cheshire, CW1 2DB, who operate the Crewe Heritage Centre and Crewe Heritage Centre website. Crewe Heritage Trust Limited (02700697) is Private Limited Company by guarantee without share capital use of 'Limited' exemption.

3. What personal data do we collect?

In relation to potential customers, historic customers and current customers and museum visitors ("consumers"), we collect the following data: Information that you provide by filling in forms on our site. This includes subscribing to our service, posting material or requesting further services. We will also ask you for information when you report a problem with our site.

When you complete a survey to tell us how your experience of our museum was and how we can improve this attraction in the future. Details of transactions you carry out through our site, online shop and of the fulfilment of your orders including your credit/debit card details. Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access. Your name, address, telephone number and/or email address in order to contact you with details of your order or in the unlikely event that we need to contact you about cancelling your order or booking. This includes the collection of contact details such as your name, address, date of birth, telephone number and email address.

4. When do we collect your personal data?

We will collect information from you directly when you sign up for a newsletter from the Heritage Centre website, when you purchase a product, pass or ticket. We will not knowingly collect any personal data about children for the purpose of marketing without making it clear that such information should only be provided with parental consent, if this is required by applicable laws - so we will only use the personal data of children as far as is permitted by law where the required parental or guardian consent has been obtained.

5. Why do we need your personal data?

We will use your personal data to ensure that content from our site is presented in the most effective manner for you and for your computer. We also use your data to provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.

6. Who do we share your data with?

We can share data with internal departments within the trust and Heritage Centre where that data is required to fulfil an agreement between us and yourself.

We also share the data with third parties, to help manage our business and deliver related services. These third parties may from time to time need to have access to your personal data, and include: Squarespace (service provider), PayPal (service provider), Stripe (service provider), Fulfil (service provider), Google (service provider) and Railcam UK Limited (service provider).

7. Targeted Marketing

We may use your personal data to send you direct marketing communications about our attraction, products, events and functions.  This will be in the form of email, post or targeted online advert. Where we require explicit opt-in consent for direct marketing in accordance with the Privacy and Electronic Communications Regulations we will ask for your consent. Otherwise, for non-electronic marketing or where we can rely on the soft opt-in exemption under the Privacy and Electronic Communications Regulations.

8. Profiling

'Automated Decision Making' refers to a decision which is taken through the automated processing of your personal data alone - this means processing using, for example, software code or an algorithm, which does not involve any human intervention. We do not carry out any automated decision making, however we do carry out profiling using automated processing to tailor marketing materials for a specific customer.

Where we have permissions to send a consumer marketing updates, we may use profiling to ensure that marketing materials are tailored to your preferences and to what we think you will be interested in.  

9. How long do we keep your personal data?

We will retain your personal data for as long as is reasonably necessary for the purposes listed in this Policy. In particular, where there has been no interaction from a consumer (e.g. a purchase, email open, newsletter sign up), a record will be archived after 1 year and deleted after 3 years. Where we are required to do so to meet legal, regulatory, tax or accounting requirements, we will retain your personal data for longer periods of time, but only where permitted to do so, including so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a possibility of legal action relating to your personal data or dealings.

We maintain a data retention policy which we apply to records in our care. Where your personal data is no longer required and we do not have a legal requirement to retain it, we will ensure it is either securely deleted or stored in a way such that it is anonymised and the Personal Data is no longer used by the business.

10. What are your rights?

You have a number of rights in relation to your personal data. In summary, you have the right to request: access to your data; rectification of any mistakes in our files; erasure of records where no longer required; restriction on the processing of your data; objection to the processing of your data; data portability; and various information in relation to any automated decision making and profiling or the basis for international transfers. You also have the right to complain to your supervisory authority.

We take the confidentiality of all records containing personal data seriously, and reserve the right to ask you for proof of your identity if you make a request.

We will not ask for a fee to exercise any of your rights in relation to your personal data, unless your request for access to information is unfounded, repetitive or excessive, in which case we will charge a reasonable amount in the circumstances.

We will aim to respond to any valid requests within one month unless it is particularly complicated or you have made several requests, in which case we aim to respond within three months. We will let you know if we are going to take longer than one month. We might ask you if you can help by telling us what exactly you want to receive or are concerned about. This will help us to action your request more quickly. Local laws, including in the UK, provide for additional exemptions, in particular to the right of access, whereby personal data can be withheld from you in certain circumstances, for example where it is subject to legal privilege.

11. Contact and complaints

The primary point of contact for all issues arising from this Policy, including requests to exercise data subject rights, is our Director of IT. The director can be contacted via crewehc.co.uk/contact.

If you have a complaint or concern about how we use your personal data, please contact us in the first instance and we will attempt to resolve the issue as soon as possible. You also have a right to lodge a complaint with your national data protection supervisory authority at any time. In the UK, the supervisory authority for data protection is the ICO (https://ico.org.uk/). We do ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time. 

Last Reviewed: 03/12/2023