We are committed to respecting and protecting your privacy – this includes any Personal Data we collect.
This Policy includes information about what Personal Data we collect, why we do so, what we use it for and how long we keep it. It also includes a reminder of your rights regarding your Personal Data, and information about how to contact us if you have any questions or comments relating to your Data Rights.
What Personal Data Do We Collect?
Personal Data means any information that can be used to identify (or make identifiable) a particular living person. This covers many different types of information, so we have broken down the list of what we collect about you into a few broad categories:
- Identity Data includes first name, last name, any online username and your image.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Financial Data includes bank account and payment card details.
- Transaction Data includes records about payments to and from you and other details of products and services you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
- Profile Data includes your username and password, purchases or orders made by you, your stated interests, preferences, feedback and survey responses.
- Usage Data includes information about how you use our website, products and services. It also includes personal information such as age, gender and location, that you may have allowed Facebook to collect, which may be used for advertising purposes.
- Marketing and Communications Data includes your communication preferences, including any marketing information you have chosen to receive from us. This helps us to manage our relationship with you and ensures you only receive communications from us that are relevant and timely.
When Do We Collect Personal Data About You?
We will collect information about you when you book a ticket with us or hire a space or sit in our cafe to eat or drink. We also collect information when you join us as a Member or Patron or make any other donation, and if you sign up to our Mailing List or complete a survey. If you visit our website we collect information using cookies.
When you visit The Horton you may also be recorded on CCTV.
Why Do We Collect & Process Personal Data?
We collect Personal Data about you to:
- process your ticket orders or other bookings and contracts with us;
- manage your account and other customer records with us;
- fundraise and promote the charitable interests of the charity;
- process donations, including Gift Aid;
- manage employees and volunteers;
- ensure the safety of visitors, staff and volunteers;
- administer membership and patron records;
- comply with NHS Track and Trace obligations
- (if you agree) to send you information about The Horton which we think may be of interest to you; and
- comply with any legal obligations.
What Is The Basis For Collecting & Processing Personal Data?
To process your personal data, we rely on the following legal bases:
- for the performance of a contract we have with you (such as booked tickets);
- to comply with a legal obligation to which we are subject (such as tax obligations); or
- to further our legitimate business interests (such as tailoring your experience on our website), provided that such processing does not outweigh your rights and freedoms.
If there is another specific purpose where the above legal bases would not apply to the processing of your Personal Data by us (such as receiving marketing communications), we will seek your consent to do so.
Sharing Your Personal Data
The Horton will never sell any of your Personal Data.
We will not share your Personal Data with any other organisations, individuals or anybody else, except as may be required by law and with the following Third Parties who process data on our behalf:
- Our mailing lists are maintained by MailChimp (US – Privacy Shield compliant)
- Our digital support is Fresh Pies (UK)
- We may share anonymised Identity and Contact Data with National Lottery Heritage Fund (UK) as a condition of receiving funding.
How Long Do We Keep Your Personal Data?
We keep your Personal Data for no longer than is reasonably necessary to comply with our obligations to you and what the law requires (for example, safeguarding children), and to satisfy any accounting or reporting requirements. This means we will generally need to retain your details for a maximum of 24 months after your last transaction or other recorded interaction with us.
In determining the retention period of all Personal Data we take into account the amount, sensitivity and potential risk to you of any unauthorised disclosure and aim to minimise both the amount of Personal Data we hold and the duration we retain it. For example, if you have bought a ticket or booked a room with us we will need to keep your Personal Data at least until the accounts for that year have been audited and filed with Companies House.
What If I Do Not Want To Provide My Personal Data?
We need to collect a certain amount of information about you in order to provide the services we offer. If you decline to provide the Personal Data we require we will not be able to enter any contract with you and could not, for example, sell you a ticket or hire you any rooms.
You have the following rights with respect to your Personal Data:
- The right to request a copy of the Personal Data which The Horton holds about you;
- The right to request that The Horton corrects any of your Personal Data if it is found to be inaccurate or out of date;
- The right to request your Personal Data is erased where it is no longer necessary to retain it;
- The right to withdraw your consent (where relied on) to process any of your Personal Data by The Horton;
- The right, where there is a dispute in relation to the accuracy or processing of your Personal Data, to request a restriction is placed on further processing;
- The right to object to the processing of Personal Data; and
- The right to lodge a complaint with the Information Commissioners Office (ICO).
You can contact the ICO on 0303 123 1113 or online or write to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
Exercising Your Rights
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
To make sure Personal Data is not disclosed to anyone without the right to access it we may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If we are processing your Personal Data based solely on your consent, you can withdraw your consent at any time by contacting us.
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.
For further information visit www.aboutcookies.org or www.allaboutcookies.org.
You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.
If you would like to contact us in respect of the is Policy or any Personal Data which we control, please do so via the following:
by post: Horton Chapel Arts & Heritage Society (Charity no. 1167510) (Company no. CE007433) 24 Hamilton Close, Epsom, Surrey KT19 8RG.
Please address any Data Protection correspondence to Gayle Young.
Changes To This Policy