Privacy Policy

Millom Folk Museum (“we”, “us”, or “our”) is committed to safeguarding the privacy and personal data of visitors, users, and stakeholders of millomfolkmuseum.com (the “Website”). This Privacy Policy outlines how we collect, use, share, and protect your personal information. Preserving your trust is essential; we operate in full compliance with data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

1. Introduction

We value your privacy and are committed to maintaining the confidentiality and integrity of the personal data we process. This Privacy Policy explains how your information is collected, used, stored, and shared when you interact with our Website. By using millomfolkmuseum.com, you acknowledge the practices described in this policy.

2. Scope of Policy and Role of the Data Controller

This Privacy Policy applies to all data collected through our Website and associated communications. Millom Folk Museum, as the data controller, determines the purposes and methods of processing your personal data. As data controller, we are responsible for ensuring that your data is processed lawfully, fairly, and transparently.

3. Categories of Data Processed

We may collect and process information across the following categories:

a) Usage Data
Information including your IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other similar identifiers. This also includes information regarding your session duration, page interactions, and navigation patterns on our Website.

b) Account Data
If you create an account or register for services, we may collect your full name, postal address, email address, and phone number.

c) Profile Data
Details such as your preferences, purchase history, feedback, and behavioral interaction with the Website (including interests in particular exhibits or events).

d) Communication Data
Data received through inquiries, customer support tickets, email correspondence, or other contact interactions (including time, date, and content of communications).

e) Technical Data
Device identifiers, operating systems, network type, screen resolution, browser settings, and system configurations captured during your interaction with the Website.

f) Transaction Data
Information related to purchases, donations, tickets, or event registrations, including billing details, delivery addresses, and payment methods (note: we do not store full payment card details).

g) Preference Data
Marketing permissions, survey responses, and indicators of your interest in specific services or offerings, including opt-in/opt-out records for promotions and newsletters.

4. Legal Bases for Processing

Our legal justification for the collection and use of your personal data includes:

– Consent: When you actively provide us with personal data, such as signing up for newsletters or using contact forms.
– Contractual Necessity: To fulfill obligations arising from agreements with you, such as processing orders or providing services you request.
– Legitimate Interests: To operate and improve our services, analyze Website traffic, and ensure network and information security, while respecting your privacy.
– Legal Obligation: Where processing is required by applicable laws or regulatory requirements.

5. Your Rights

Under GDPR and certain other data protection laws, you have the following rights:

– Right of Access: To obtain confirmation as to whether we process your personal data and access to that data.
– Right to Rectification: To request correction of inaccurate or incomplete data.
– Right to Erasure: To request deletion of your data under certain legal grounds.
– Right to Restrict Processing: To request that we restrict the processing of your data in certain circumstances.
– Right to Data Portability: To receive your personal data in a structured, machine-readable format and to transmit that data to another controller without hindrance.
– Right to Object: To object to processing based on legitimate interest or for direct marketing purposes.
– Right Not to Be Subject to Automated Decision-Making or Profiling.

To exercise these rights, please contact: [email protected].

6. Security Measures

We implement rigorous measures to protect your personal data, including:

– Encryption using industry-standard protocols during data transmission.
– Secure servers and storage environments.
– Role-based access controls to restrict unauthorized access.
– Regular data backups and verified recovery procedures.
– Staff awareness and training programs in information security and privacy compliance.

We regularly assess the effectiveness of our security practices and update them to address emerging threats.

7. International Transfers

If your data is processed, accessed, or stored outside the European Economic Area (EEA), such transfers will be conducted under appropriate safeguards. This includes the use of European Commission Standard Contractual Clauses or other valid transfer mechanisms ensuring an equivalent level of data protection.

8. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law. Specific retention periods per category include:

– Usage & Technical Data: 12 months for analytics and operational review.
– Account & Profile Data: Retained for the duration of account ownership and 24 months thereafter.
– Communication Data: Retained for 36 months for recordkeeping.
– Transaction Data: Retained for 6 years for accounting and tax compliance.
– Preference Data: Retained until withdrawal of consent or account deletion, whichever is sooner.

After the expiration of the retention period, data is securely erased or anonymized.

9. Cookie Policy

We use cookies and similar technologies to enhance your browsing experience on millomfolkmuseum.com. Cookies may be categorized as follows:

– Essential Cookies: Required for core functionality and security of the Website (e.g., session ID).
– Functional Cookies: Enable personalization, such as remembering your language or regional preferences.
– Analytics Cookies: Collect anonymized usage patterns to help us analyze and improve Website performance.
– Performance Cookies: Help assess server stability, loading times, and technical errors.

10. Cookie Management and Compliance

Upon your first visit, you will be presented with a cookie consent banner allowing full management of preferences. You may customize your cookie settings at any time through the Website. We fully comply with GDPR and CCPA requirements by obtaining explicit user consent (where required) and providing opt-out mechanisms.

For California residents, we support Do Not Sell My Personal Information requests and offer transparency over the categories of cookies and data used.

11. Children’s Data

We do not knowingly collect or solicit personal data from individuals under the age of 13. If we discover that we have inadvertently unknowingly gathered such data, we will take prompt action to delete it. Parents or guardians who believe their child may have submitted information are encouraged to contact us at [email protected].

12. Policy Updates

We reserve the right to revise our Privacy Policy to reflect changes in legal requirements, our processing activities, or technological developments. Substantial changes affecting your rights will be prominently communicated via the Website or, where feasible, directly to affected users.

13. Contact

If you have any questions, concerns, or complaints relating to this Privacy Policy, your personal data, or your rights thereunder, please contact:

Millom Folk Museum
Email: [email protected]

We are committed to the lawful and secure treatment of your data and to providing full transparency in our practices. Please do not hesitate to reach out with privacy-related concerns.

Millom Folk Museum is proudly compliant with all applicable data protection legislation, including GDPR and CCPA. Your privacy rights matter here.