Poole Museum Foundation privacy statement
Written for GDPR compliance, March 2018
1. We are Poole Museum Foundation, registered charity number 1171114. Our address is 4 High Street, Poole, BH15 1BW, UK.
2. We work closely with, but are not part of, Poole Museum Service. Personal data is not routinely shared between the two organisations. When data is shared, it is done with the data subject’s knowledge and consent. Poole Museum Foundation will not share your personal data with any other organisation or third party individuals without your knowledge.
3. Personal data held by Poole Museum Foundation is used for the following purposes:
- Holding Gift Aid data for six years, as required by law
- Holding contact and Direct Debit details on current members to allow us to communicate with them about their membership and renew annual membership subscriptions
- Holding contact details of current members in order to send them members’ newsletters by email
- Holding name and email contact details of non-members who willingly provide them in order to receive non-members’ newsletters
- Members’ and non-members’ newsletters may occasionally include a call to donate to Poole Museum Foundation. They may sometimes include details of special offers or promotions at Poole Museum’s shop or café, or details of ticketed events coming up at the museum
5. We do not gather sensitive personal data. Non-sensitive personal data including names, addresses, telephone numbers, and email addresses, are securely stored on our database, hosted on a secure server at Poole Museum, operated and maintained by the Borough of Poole. Any data gathered and locally stored, electronically or on paper, will be securely destroyed as soon as it is no longer needed for the fulfillment of contracts, obligations, or services to members and other interested parties. We do not hold any personal data on people unless there is good reason to do so, such as in Section 3 above.
6. Financial data related to electronic donations made by debit and credit card are gathered and processed by Poole Museum Foundation via the CharityClear Payment Gateway. CharityClear is a PCI-DSS Level 1 Compliant Gateway. Poole Museum Foundation does not copy and store this financial data away from the CharityClear Payments Gateway and commits to refund any charges made incorrectly or in error.
7. Sensitive financial data related to Direct Debit membership sign-up are gathered and processed by Poole Museum Foundation via FastPay Ltd. When it is submitted on paper or online, Poole Museum Foundation will hold the mandate forms in a secured file for as long as the related membership continues. This is in compliance with the law. Forms are securely destroyed thereafter.
8. You are entitled to find out exactly what (if any) information Poole Museum Foundation holds about you. Requests of this nature should be sent to email@example.com with the subject line ‘Subject Access Request’. Such requests will be dealt with promptly, and no later than one month after receipt.
11. You can contact Poole Museum Foundation at 4 High Street, Poole, BH15 1BW, UK. You can email firstname.lastname@example.org. You can call Poole Museum Foundation on 01202 262607 or 262600.