Security & Privacy

Royal Air Force Museum and RAF Museum Enterprises – PRIVACY POLICY

May 2018

Introduction

We (the Royal Air Force Museum and RAF Museum Enterprises Ltd.) are committed to protecting and respecting your privacy. We will only use the information that we collect about you lawfully.

Developing a better understanding of our visitors and supporters through your personal data enables us to make better decisions, fund-raise more efficiently and, ultimately, helps us to reach our goals of telling the story of the Royal Air Force through its people and our collections and ensuing that the RAF’s story endures and enriches future generations.

The purpose of this policy is to outline how the Royal Air Force Museum and RAF Museum Enterprises Ltd. have established measures to protect your privacy and information rights. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

We recognise that you have rights as a ‘data subject’, and that we have an obligation to uphold these. This Privacy Policy outlines how we maintain these rights:

 ·        How we collect and process your information

·         Why we do this

·         How you can exercise your rights 

·         Who to contact in the event you are unhappy with our performance.

Your Information Rights

Right

Explanation

Right to be informed

This encompasses the obligation for us to be transparent in how we collect and use your personal data.

Right of access

You have the right to access your personal data and supplementary information.

Right to rectification

If the information we hold on you is inaccurate or incomplete, you can request we correct this.

Right to erasure

You can request we delete or remove personal data where there is no compelling reason us to continue processing.

Right to restrict processing

You have the right to request we cease processing your data, if:

·         You consider it inaccurate or incomplete

·         Where you object to processing and we are considering whether we still have a legitimate interest to process it

·         Where we don’t need the data for the original reason we collected it, but may need it to support a legal claim.

Right to data portability

 Where you have consented to our processing your data, or where the processing is necessary for us to deliver a contract, you can request a copy of that data be provided to a third party in electronic form. 

Right to object

You have the right to object to our processing under certain circumstances. For example, you can object to:

·         Direct marketing

·         Processing for purposes of scientific/historical research and statistics.

Rights relating to automated decision making including profiling

Where we apply automated decision making, we must

·         Give you information about the processing

·         Introduce simple ways for you to request human intervention or challenge a decision

·         Carry out regular checks to make sure that our systems are working as intended 

Information related to automated decision making is contained later in this notice.

 

Please get in touch with us through the Contact Us section to find out more or to exercise your information rights. The RAF Museum is a registered member of the Fundraising Regulator and works to the Fundraising Code and Promise set out by the Regulator, when processing or holding your data.

  

Information we collect

Why we collect this

How we process this

Contact information including telephone number, email address and home address.

Payment information.

·    To carry out our obligations arising from any contracts entered into between you and us and to provide you with information, products and services that you request from us

·    To administer your purchase or donation or membership or support your fundraising, including processing Gift Aid.

·   Data is processed internally and held in line with our document retention policy 

·   We may share your data with trusted third-party organisations, to carry out our obligations to you.

Contact information including telephone number, email address and home address

 ·    We process this data, with your consent to provide you with information about us, our fundraising campaigns, our events (including challenge events), services, and any other information, products or services that we provide or provide access to (e.g. supporter or membership updates)

·    To keep a record of your relationship with us.

 ·    Data is processed internally and held in line with our document retention policy

·    We may share your data with trusted third-party organisations, to carry out our obligations.

Contact information including telephone number, email address and home address

 ·    To notify you about changes to our service including membership/donor benefits

·    To provide essential event information where you have consented up to take part.

·   Data is processed internally and held in line with our document retention policy

·   We may share your data with trusted third-party organisations, to carry out our obligations.

IP address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform 

·    To administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes

·    To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you

·    To ensure that content from our site is presented in the most effective manner for you and for your computer/mobile device.

 ·   Data is processed internally and held in line with our document retention policy

·   We may share your data with trust third-party organisations, to carry out our obligations to you.

Transfer of Data

We may share some personal data with trusted third-party data processors based outside of the EEA for the purpose fulfilling administering a transaction from our online shop. We conduct checks to ensure that any third-party data processors are compliant with the requirements of GDPR.

 

Retention of Data

The RAF Museum retains personal information in line with our Retention Policy.  If you object to this retention, please do get in touch – details are provided in the Contact Us section.

 

Cookies

Our websites use cookies to distinguish you from other users of our website. This helps us to improve your experience when you browse our websites and also allows us to improve our sites. For detailed information on the cookies we use and the purposes for which we use them see our Cookies Policy below.

 

Securing Your Information

We ensure that there are appropriate physical and technological controls in place to protect your personal details, which are documented in our Information Security Policy.

We may use external companies to collect or process personal data on our behalf. We do comprehensive checks on these companies before we work with them, and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal data they collect or access.

If you request to receive no further contact from us, we will keep some basic information to avoid sending you unwanted materials in the future.

We will keep your personal data for no longer than necessary in accordance with our Retention Policy.

 

Contact Us

We recognise that you may have questions on how we process and/or store your data, or may want to change either the data we hold on you or how we communicate with you in the future. 

If you have given consent for processing, you are free to withdraw your consent at any time.  To let us know this is the case please email [email protected] or write to the E-Commerce Administrator, Royal Air Force Museum, Cosford, Shifnal, Shropshire, TF11 8UP.

Instructions for unsubscribing from e-newsletters will also be included in each e-newsletter we send.

If you have any questions in respect of this notice, or would like to exercise your rights as a data subject (for example, to correct data or to exercise your right to access) our Director of Finance and Resources and Data Compliance Officer (DCO) can be contacted via [email protected] or write to the, Data Compliance Officer, Royal Air Force Museum, Grahame Park Way, Colindale, London NW9 5LL.

If you are unhappy that we have responded to your query adequately, or if you have a further complaint, The Information Commissioner’s Office can be contacted via www.ico.org.uk 


Changes to our Privacy Policy

Any changes we may make to our Privacy Policy in the future will be posted on our websites. Please check back to see any updates.

 

Royal Air Force Museum and RAF Museum Enterprises Ltd - COOKIES POLICY

Information about our use of cookies

Our site uses cookies to distinguish you from other users of our Web site. This helps us to provide you with a good experience when you browse our site and also allows us to improve our site.

Due to recent changes in law, all sites which operate across certain parts of the European Union are required to obtain consent using or storing cookies (or similar technologies) on your computers or mobile device. This cookie policy provides you with clear and comprehensive information about the cookies we use and the purposes for using those cookies. To review the privacy policies that apply to users of www.rafmuseumshop.com, please read our privacy policy above.

What is a cookie?

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies as soon as you visit our site.

Key concepts

  • First and third-party cookies: whether a cookie is 'first' or 'third' party refers to the domain placing the cookie. First-party cookies are those set by a website that is being visited by the user at the time (e.g. cookies placed by www.rafmuseum.co.uk).
  • Third-party cookies: are cookies that are set by a domain other than that of the site being visited by the user. If a user visits a website and another entity sets a cookie through that site this would be a third-party cookie.
  • Persistent cookies: these cookies remain on a user's device for the period of time specified in the cookie. They are activated each time that the user visits the website that created that particular cookie.
  • Session cookies: these cookies allow website operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted.

How to delete and block our cookies

You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies as soon as you visit our site.

Can I withdraw my consent?

If you wish to withdraw your consent at any time, you will need to delete your cookies using your internet browser settings.

For further information about deleting or blocking cookies, please visit: 

http://www.aboutcookies.org/ 

How to turn cookies off

Internet browsers allow you to change your cookie settings. These settings are usually found in the 'options' or 'preferences' menu of your internet browser. In order to understand these settings, the following links may be helpful. Otherwise you should use the 'Help' option in your internet browser for more details.

Cookie settings in Internet Explorer

Cookie settings in Firefox

Cookie settings in Chrome

Cookie settings in Safari

What cookies do we use and why?

To find out about specific cookies we use on this site, please see below for details.

The cookies used on our site are categorised as follows:

  • Strictly necessary
  • Performance

Strictly necessary

'Strictly necessary' cookies let you move around the site and use essential features like accessing your profile and posting feedback. Without these cookies, these services cannot be provided. Please note that these cookies do not gather any information about you that could be used for marketing or remembering where you've been on the internet.

We use these strictly necessary cookies to:

  • identify you as being logged in to our site; and
  • enable you to submit information via online forms such as registration and feedback forms.

Accepting these cookies is a condition of using the site, so if you prevent these cookies we can't guarantee your use of our site or how the security on our site will perform during your visit.

Performance

'Performance' cookies collect information about how you use our site e.g. which pages you visit, and if you experience any errors. These cookies do not collect any information that could identify you and is only used to help us improve how our site works, understand what interests our users and measure how effective our content is.

We use Web Analytics performance cookies to provide anonymous statistics on how our site is used.

Some of our performance cookies are managed for us by third parties. However, we don't allow the third party to use the cookies for any purpose other than those listed above.

By using our site, you accept the use of 'Performance' cookies. Accepting these cookies is a condition of using the site, so if you prevent them we cannot guarantee how our site will perform for you.

More information about cookies

What specific cookies do we use on rafmuseum.co.uk?

First party cookies

Name

Description

Expiration

Third party cookies

Google Analytics sets the following cookies as described in the table below. A default configuration and use of Google Analytics sets only the first 4 cookies in the table.

Name

Description

Expiration

__utma

This cookie is typically written to the browser upon the first visit to your site from that web browser. If the cookie has been deleted by the browser operator, and the browser subsequently visits your site, a new __utmacookie is written with a different unique ID. This cookie is used to determine unique visitors to your site and it is updated with each page view. Additionally, this cookie is provided with a unique ID that Google Analytics uses to ensure both the validity and accessibility of the cookie as an extra security measure.

2 years from set/update.

__utmb

This cookie is used to establish and continue a user session with your site. When a user views a page on your site, the Google Analytics code attempts to update this cookie. If it does not find the cookie, a new one is written and a new session is established. Each time a user visits a different page on your site, this cookie is updated to expire in 30 minutes, thus continuing a single session for as long as user activity continues within 30-minute intervals. This cookie expires when a user pauses on a page on your site for longer than 30 minutes. You can modify the default length of a user session with the _setSessionCookieTimeout()method.

30 minutes from set/update.

__utmc

This cookie is no longer used by the ga.js tracking code to determine session status.

Historically, this cookie operated in conjunction with the __utmb cookie to determine whether or not to establish a new session for the user. For backwards compatibility purposes with sites still using the urchin.js tracking code, this cookie will continue to be written and will expire when the user exits the browser. However, if you are debugging your site tracking and you use the ga.js tracking code, you should not interpret the existence of this cookie in relation to a new or expired session.

Not set.

__utmz

This cookie stores the type of referral used by the visitor to reach your site, whether via a direct method, a referring link, a website search, or a campaign such as an ad or an email link. It is used to calculate search engine traffic, ad campaigns and page navigation within your own site. The cookie is updated with each page view to your site.

6 months from set/update.

__utmv

This cookie is not normally present in a default configuration of the tracking code. The __utmv cookie passes the information provided via the _setVar() method, which you use to create a custom user segment. This string is then passed to the Analytics servers in the GIF request URL via the utmccparameter. This cookie is only written if you have added the _setVar() method for the tracking code on your website page.

2 years from set/update.

__utmx

This cookie is used by Website Optimizer and only set when the Website Optimizer tracking code is installed and correctly configured for your pages. When the optimizer script executes, this cookie stores the variation this visitor is assigned to for each experiment, so the visitor has a consistent experience on your site.  See the Website Optimizer Help Center for more information.

2 years from set/update.

 guest_id

 This cookie is used by Twitter and serves as your unique identification number associated with Twitter.

2 years from set/update.

For more information on Google Analytics see:https://developers.google.com/analytics/resources/concepts/gaConceptsCookies.