This privacy notice provides you with information about how we are handling or intending to handle any personal information that you share with us.

Regulation (EU) 2016/679 of the European Parliament – the General Data Protection Regulation (‘GDPR’) – obliges us to provide you with information about how and why we use your data. We recognise our obligations and your legal rights set out in the GDPR.

Sinai Park House Trust is committed to protecting and respecting your privacy and complying with the principles of the GDPR. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purpose of the GDPR, the data controller is Kate Murphy, Sinai Park House Trust, Shobnall Road, Burton-on-Trent DE13 OQJ. You may contact us using the details below if you would like any information about our data handling practices.
We aim to process information about you fairly and in a transparent manner and the aim of this document is to provide you with sufficient information for you to be able to understand what we are doing with your data. If you are unsure how we are handling information about you or you think we could improve our privacy information, please let us know.

The type and amount of information we collect depends on why you are providing it. The information we collect when you make an enquiry may include your name, address (email and postal), business type and organisation and phone number. It may also include your date of birth if we have a specific need for this (e.g. corporate sponsor).

We may use and process your personal information where you have consented for us to do so for the following purposes:
To monitor the interest shown in visiting Sinai Park House, and b) to send you information about the events held at the venue depending on the preferences you express on the data collection form.
To analyse the use of our website and to improve it.
To measure the effectiveness of our email campaigns, to plan marketing campaigns and to segment our database.
To contact you via email, post or telephone with marketing information about forthcoming Sinai Park House events.
When you are paying for a visit to the house or an event or donating as a sponsor we may require banking information or credit/card details from you. When you donate/purchase online, your card information is not held by us, it is collected by a third party payment processor who specialises in the secure online capture and processing of credit/debit card transactions.
As a volunteer, or seeking advice we will ask for your name and contact details (full address and phone number). We may also ask you for details of your building, your work or the reasons for your interest in building conservation.

We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business for the following purposes:
To perform administration tasks relating to our event planning.
For analysis and profiling to inform our marketing strategy, and to enhance and personalise your visitor experience.
For market research to improve the events we hold.
To administer our website, including testing and for statistical purposes.
For marketing activities (other than where we rely on your consent) e.g. to tailor marketing communications or send targeted marketing messages via social media and other third-party platforms.
To correspond and communicate with you.
To create a better understanding of you as a visitor to our events.
For network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access.
To comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request).
For efficiency, accuracy or other improvements of our databases and systems e.g. by combining systems or consolidating records we hold about you.
To enforce or protect our contractual or other legal rights or to bring or defend legal proceedings; and
For general administration including managing your queries and to send service messages to you.

We will share information about you with some of our suppliers who process data on our behalf to help us to provide services to you. Categories of organisation and purpose below:
Marketing agencies – to provide relevant digital content to our customers.
Marketing agencies, database hosting & cleansing companies, mailing housing and email broadcasters – to provide marketing services.
Database hosting companies – to host our database including data storage.
Venue service providers – for the administration and operation of the events we hold.
Market research companies – to undertake research of our own customers.
We contractually require these recipients to use personal data only for the intended purpose of the disclosure and that they destroy or return it when it is no longer needed.
We may also disclose your personal information to third parties (the police, DVLA or any other public authority body) from time to time if we are under a duty to comply with any legal obligation.

We do not transfer any personal data to any organisation or country which is located outside of the European Economic Area.

We will only hold data for a given period. If we have had no transaction or activity with a contact on our database, it will be deleted after a maximum of three years. This applies to all data, including customers, potential customers and any other information we hold on individuals.

We would like to contact you via email for our marketing and promotional materials about future events and special offers in regard to services and events. We will only send information to you in this way with your consent, which we will ask for on our data collection forms.

We will take all steps reasonably necessary including policies, procedures and security features to ensure that information about you is treated securely and protected from unauthorised and unlawful access and used in accordance with this privacy policy.

The GDPR grants you certain rights (‘information rights’) which we summarise below:
Right of access: You have the right of access to information we hold about or concerning you. If you would like to exercise this right you should contact us using the details below.
Right of rectification or erasure: If you feel that any data that we hold about you is inaccurate you have the right to ask us to correct or rectify it. You also have a right to ask us to erase information about you where you can demonstrate that the data we hold is no longer needed by us, or if you withdraw the consent upon which our processing is based, or if you feel that we are unlawfully processing your data. Your right of rectification and erasure extends to anyone we have disclosed your personal information to and we shall take all reasonable steps to inform those with whom we have shared your data about your request for erasure.
Right to restriction of processing: You have a right to request that we refrain from processing your data where you contest its accuracy or the processing is unlawful and you have opposed its erasure, or where we don’t need to hold your data anymore but you need us to in order to establish, exercise or defend any legal claims, or we are in dispute about the legality of our processing your personal data.
Right to portability: You have a right to receive any personal data that you have provided to us in order to transfer it onto another data controller where the processing is based on consent and is carried out by automated means called a data portability request.
Right to object: You have a right to object to our processing of your personal data where the basis of the processing is our legitimate interests including but not limited to direct marketing and profiling.
Right to withdraw consent: You have the right to withdraw your consent for the processing of your personal data where the processing is based on consent.
Right of complaint: You also have a right to lodge a complaint about any aspect of how we are handling your data with the UK’s Information Commissioner’s Office.

Date of last review 4th May 2018. The privacy policy may be updated as required.
If you would like to find out more about your rights please contact us using the following details: