Privacy Policy

Millom Folk Museum (“we,” “our,” or “us”) is committed to respecting and protecting your privacy. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal data in compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws. Your trust is of paramount importance to us, and Millom Folk Museum ensures the highest standards of data governance and transparency.

1. Introduction

At Millom Folk Museum, accessible via millomfolkmuseum.com, we place privacy and data protection at the center of everything we do. This Privacy Policy explains how we process personal information when you interact with our website, engage with our services, or communicate with us. We are committed to maintaining the confidentiality, integrity, and security of your personal data.

2. Scope and Data Controller

This Privacy Policy applies to all users and visitors of millomfolkmuseum.com, as well as customers, supporters, donors, and newsletter subscribers. For the purposes of applicable data protection laws, Millom Folk Museum is the data controller responsible for determining the purposes and means of data processing. If you have any questions about, or need further information concerning, our data processing, you may contact us at [email protected].

3. Categories of Personal Data We Process

We may collect and process the following categories of personal data:

a) Usage Data
Information such as your IP address, browser type, operating system, access times, and pages viewed. This also includes log data, referring URLs, and session durations.

b) Account Data
Personal identifiers like your full name, mailing address, email address, and telephone number when you register an account or make inquiries.

c) Profile Data
Includes user interactions, event participation, purchasing history, preferences, and behavioral activity related to your engagement with our offerings.

d) Communication Data
Records of your correspondence with us, including support requests, email communications, and responses to surveys or inquiries.

e) Technical Data
Device information, internet service provider, screen resolution, language settings, and system configurations collected during your use of our website for technical optimization purposes.

f) Transaction Data
Payment details (processed via secure third-party providers), order records, donation information, and associated shipping or delivery information.

g) Preference Data
Your preferences regarding marketing communications, areas of interest related to museum exhibits or events, and your explicit consent for receiving newsletter or promotional content.

4. Legal Bases for Processing

We rely on the following lawful bases for the processing of personal data, depending on the nature of your interaction with us:

– Consent: Where you provide explicit permission for specific processing activities, such as subscribing to newsletters or accepting cookies not strictly necessary.
– Contractual necessity: Where processing is required to fulfill a contract with you, such as processing membership or ticket purchases.
– Legal obligation: Where we are required to process your data to comply with legal and regulatory obligations.
– Legitimate interests: Where processing is necessary for our legitimate business interests such as improving website functionality, ensuring network security, or promoting museum events—provided those interests are not overridden by your rights and freedoms.

5. Your Data Protection Rights

As a data subject under the GDPR and CCPA, you have the following rights in connection with your personal data:

– Right of Access: You have the right to request access to the personal data we hold about you.
– Right to Rectification: You are entitled to request correction of any inaccuracies in your data.
– Right to Erasure (“Right to be Forgotten”): You may request deletion of your personal data, subject to legal or contractual obligations.
– Right to Restrict Processing: You may request that we temporarily cease processing your data in certain circumstances.
– Right to Data Portability: You are entitled to receive your data in a structured, commonly used, and machine-readable format and to have it transmitted to another controller where feasible.
– Right to Object: You may object to processing based on legitimate interests or to direct marketing.
– Right to Non-Discrimination (CCPA): We will not discriminate against you for exercising your rights under applicable data privacy laws.

Requests regarding your rights may be submitted to [email protected]. We will respond within the timeframes required by applicable law.

6. Security Measures

We implement robust technical and organizational measures to ensure a high level of security and confidentiality in your data, including but not limited to:

– End-to-end encryption of data transferred via our website.
– Controlled access to servers and databases using authentication mechanisms.
– Regular data backups with secure storage policies.
– Staff training on privacy policies, data handling procedures, and incident response.

7. International Transfers

Where personal data is transferred outside of the United Kingdom or European Economic Area (EEA), we ensure such transfers are made in accordance with applicable data protection laws using appropriate safeguards, including Standard Contractual Clauses approved by the European Commission. Data transfers to US-based service providers are limited to those that commit to ensuring data protection compliance, including where necessary adherence to CCPA standards.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

– Usage and Technical Data: up to 12 months for analytics and security.
– Account and Communication Data: retained for the active period of service and up to 3 years following last activity.
– Transaction Data: retained for a period of 7 years to comply with financial and tax regulations.
– Preference Data: retained until you withdraw consent or opt out.
After the applicable retention period, data is securely deleted or anonymized.

9. Cookie Policy

millomfolkmuseum.com uses cookies and similar technologies to enhance user experience, personalize content, and analyze site usage. Cookies fall into the following categories:

– Essential Cookies: Necessary for core website functions (e.g., login, shopping carts).
– Functional Cookies: Enable site personalization and remembering preferences.
– Analytics Cookies: Help us understand website usage by collecting aggregated data.
– Performance Cookies: Improve page load times and responsiveness under various conditions.

10. Cookie Management

Upon your first visit to our website, a cookie consent banner invites you to accept or customize your preferences. You can manage cookie settings at any time via your browser or our cookie consent tool. Under GDPR and CCPA, you have the right to:

– Withdraw cookie consent at any time
– Refuse the use of tracking cookies
– Request access to collected behavioral data
Our cookie management tools enable compliance with consent and opt-out regulations.

11. Children’s Privacy

We do not knowingly collect personal data from children under the age of 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at [email protected]. We will take steps to promptly delete such information.

12. Policy Updates

We may revise this Privacy Policy from time to time in order to reflect changes in legal requirements, our data practices, or the functionality of our website. Any material updates will be clearly communicated via our website or through direct notices, where appropriate. Continued use of millomfolkmuseum.com constitutes your acceptance of any revised terms.

13. Contact Us

For any questions, concerns, or requests related to this Privacy Policy or your personal data, you may contact us at:

Millom Folk Museum
Email: [email protected]
Website: https://millomfolkmuseum.com

We are committed to full compliance with GDPR, CCPA, and other applicable privacy frameworks. Please do not hesitate to reach out if you have privacy-related concerns.