1.    Introduction

Museum of East Asian Art is committed to protecting your privacy and security. This policy explains how, and why we collect, store and use your personal data in person and online to ensure you are informed and in control of your information.

MEAA invites supporters, Friends, Volunteers, and others to “opt-in” and give their consent to communications in accordance with the General Data Protection Regulation (GDPR) from 25 May 2018. GDPR is a European Union regulation that replaces the Data Protection Act 1998. This allows you to have authority over what personal information you provide, what communication channels you prefer and what information you receive.

You can “opt-out” of communication or amend your communication preferences at any time, please just let us know. See section 10 at the end of this Policy for contact details.

2.    About us

The Museum of East Asian Art (MEAA) in Bath UK, is the only museum solely dedicated to promoting the arts and cultures from East and South East Asian.  MEAA is an accredited museum under the under Arts Council England’s Museum Accreditation Scheme – the scheme sets an agreed national standard for museums in the UK.  Museum of East Asian Art is a registered charity No. 328725, Limited Company Registration No: 2499752, governed by a Board of Directors.

3.    What information do we collect about you?

MEAA is committed to protecting your privacy and security. There are a number of ways you may provide us with personal data when visiting or interacting with the Museum in person and online. This includes visiting our website, signing up to our mailing list, joining as a Friend or volunteer, making a donation, purchasing a ticket and attending an event.

Such personal information might include (but is not limited to):

  • your name and title
  • your postal address
  • your gender information
  • your age (we usually ask for your age information in the form of bracketed age group)
  • your telephone / mobile phone number
  • your email address, social media account details
  • your computer I.P. address
  • your Gift Aid Status (i.e. Declaration or Refusal)
  • your enquiry and feedback
  • your purchase details and transaction history

When you sign up our E-Newsletter, we will also ask your preferences on what information you would like to hear from us (events, exhibition, fundraising or volunteering etc.), how you would like to receive them (email, telephone or postal etc.).
When you sign up to our Friends mailing list, you will be asked how you would like to receive the monthly newsletters and correspondence from us (Email, Phone, Post, SMS).

In some occasions, other forms of data may include:

  • A record of accidents and incidents:

We do not normally collect or store sensitive personal data. However, if an accident or incident occurs on our property at the Museum or at one of our events off-site involving a member of the workforce (including volunteers), then we are required by law to keep a record of this (which may include personal data and sensitive personal data). If this occurs, we will ensure your privacy rights are protected.

  • A record of your interaction and involvement history with the Museum:

Transaction and payment history; your Friends’ membership history; your volunteering history; your history of attending our events.

  • A record of photographs or video (CCTV) of you:

If you attend in our events where there is presence of a photographer, an additional consent requesting media release will be presented to you which requires your signature.

CCTV cameras are installed throughout the Museum premise for security purpose, your image will be recorded while visiting the Museum. We will only keep the video imagery record for the length of our security requirements.

  • If you are working with MEAA in a paid or voluntary capacity, we may collect information about you (e.g. details of emergency contacts, etc.) and retain it for legal and safeguarding reasons.

4.    How will we use the information about you?

We only use your personal data with your consent for the purpose it was collected.

We use and process your personal information for below purposes:

  • contact you in the way you consented
  • ticketing and events
  • delivering our services
  • process financial payments and invoices
  • marketing and communications about our activities, events and exhibitions and services ONLY with your prior consent
  • administer our Volunteer Programme
  • administer our Friends Membership Programme
  • maintain our database
  • performing our obligations from any contracts entered into by you and us (i.e. providing our services through Friends Membership; contracted work)
  • administer donations and other fundraising activities, including processing Gift Aid and keeping a record of your involvement with us
  • record-keeping of feedbacks and complaints
  • requesting support to our fundraising activities or volunteering ONLY with your prior consent
  • research and analysis: from time to time, we analyse our visitors’ and supporters’ information to determine common characteristics and preferences. This will help us develop understanding on how we can improve our services, provide better experiences and be more effective.
  • process job application and employment records

We use a number of external data processing services, who help us to manage, safely store and use data to enable us to provide efficient services.  These external platforms include:

  • MailChimp – for marketing and communication
  • Donorfy – a Customer Relationship Management (CRM) system for managing and safely store our database
  • SAGE50 – managing our financial information and services
  • Merlin Soft – retail and ticketing system, online and offline
  • Woocommerce membership system – online membership management system
  • Lloyds Cardnet – Card payment processed through museum shop
  • Stripe – payment processing system
  • BT Mydonate – an online fundraising platform
  • iBase – an online collection database

5.    Disclosing and sharing data

We will never sell your personal data with other organisations. If you have opted-in to receive MEAA communications and marketing, we may contact you with information which you have chosen to receive, but these communications will come from MEAA. You can opt-out at any time.

We may share personal data in some circumstances, for example, mentioned in section 3 that we use a number of external data processing services, who help us to manage, safely store and use data to enable us to provide efficient services. We may also share your personal information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.

  • Payment security

The information of the payment card which you use to make payments to us, either remotely through telephone and online, or in our shop, is stored with our payment card processor. When you use your payment card, your consent is given to provide your financial or personal information to those third parties necessary to process your transactions with us. Although you submit credit card or other payment card information to pay purchase an event or membership through our website, we do not receive this information itself.

MEAA complies with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council, and will never store card details, as outlined in the MEAA Information Security Policy.

  • Where we store information

Although MEAA’s operations are based in the UK, the information that we collect from you may be transferred to and stored (typically on remote and backup servers) outside the European Economic Area (EEA). This is due to some of our third party services providers are based outside of the EEA (e.g. MailChimp).  By submitting information to us or using our appointed third party services (e.g. online ticketing platform – Merlin), you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Policy. All appointed third party services to us are also strictly imposed by law to keep your information confidential and secure.

Occasionally, when we partner with other organisations, we may need to share your data with them if you have given us the permission to do so.

6.    How we store data

We store your information and data in various formats: electronically, paper records, video and CCTV footage and photographs. These files are stored in secure database, e-files and locked hard-copies. Our workforce also receives regular data protection guidance and training.

We will only use and store information for as long as it is required for the purposes outlined in the ‘Purposes’ in this Policy. How long information is stored depends on the information and reasons why it is being used.

  • Friends’ Membership, Gift Aid and Volunteer Data

As a legal requirement, we keep all Gift Aid data for six years, as well as Friends membership data. We usually keep our volunteer data for two years, however we may also keep your data for six years if you had declared Gift Aid to the Museum. You may contact us at any time and request your data to be erased.

We will always use your data and information in the most appropriate way and comply with your consents. However, you can always contact us if you believe that your data protection or privacy rights have been infringed. To do this, please get in touch using the details at the bottom of this policy.

7.    Cookies

Cookies are small files placed on your computer by websites that you visit. They are commonly used across the world to make website users access services and information quicker and more efficiently.

We and any appointed third party services may use cookies for website usage data collection, which helps us to improve our website display and services to our users, based on their interaction with our website or appointed third party websites. We only use this information for statistical analysis purposes and the data is not personally-identifiable.

These appointed third party services include, but are not limited by the list in section 4.

Cookies are usually automatically enabled, you can choose not to accept or decline them. You can also delete existing cookies from your browsers or edit your browser options to choose not to allow cookies in future. However, you may not be able to use all the interactive features on our website if cookies are disabled.

You may wish to visit www.aboutcookies.org which contains comprehensive information on how to modify the cookie settings on a wide variety of browsers. You will also find details on how to delete cookies from your computer as well as more general information about cookies.

  • Google Analytics

We use Google Analytics to collect information about how our online visitors interact with our website. We do so to make sure our website is up to date and relevant for our visitors.

Google Analytics collects and stores information about what pages you visit, how you got there and what you click on. We do not collect any personal information (e.g. your name or address) through Google Analytics hence the information we hold cannot be used to identify you.

You can opt out of Google Analytics by implementing the Google Analytics Opt-out Browser Add-on.

8.    Your rights

You have the right to access, rectify and withdraw your data held by us. You also have the right to change your consent for how we use your data. The GDPR provides the following rights to you as an individual:

  • The right to access – to ask what information we hold about you and why, and how to gain access
  • The right to erasure – to have your data erased
  • The right to rectify – to request at any time, to amend your data if you believe it to be inaccurate or incorrect
  • The right to restrict, or object to, us processing your data, including for marketing purpose
  • The right to be informed about how to keep your data up to date, and how we meet data protection obligations

You can find out more information on your rights by contacting UK Information Commissioner’s Office (ICO) www.ico.org.uk:
United Kingdom Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire
SK9 5AF, United Kingdom

9.    Changes to our Privacy Policy

We will update and amend this Privacy Policy from time to time to ensure it remains up-to-date and accurately reflects how and why we use your personal data. The current version of our Privacy Policy is posted on our website www.meaa.org.uk.

10.   Contact us about your data

E-mail: info@meaa.org.uk

Post: Administrator, Museum of East Asian Art, 12 Bennett Street, Bath BA1 2QJ

Tel: 01225 464640