Privacy Policy
Who we are
Our website address is: museumofscottishfireheritage.org
Contact and sign up forms
If you send us a message through an online form, we will collect your name and contact information so we can get in touch with you.
We do not share these details with anyone.
Cookies
Like most websites this website use ‘cookies’. These are small data files which are stored on your device in order to improve the functionality and management of the site.
Below is an explanation of the cookies we use on this site and elsewhere, and how we manage this information. As these cookies are commonly used across the web, we recommend disabling cookies in your browser if you do not wish them to be installed on your device.
Google Analytics
We use Google Analytics to record anonymised data about how this website is used. This enables us to measure how many people use the website, how they reach the site, and what pages they visit.
This information helps us improve the website by understanding how people use it, and also enables us to report to funders about how well the site is performing.
Google Analytics does not allow us to view individual user details; it only enables us to analyse patterns of behaviour across multiple users. It collects users’ IP addresses, but solely for the purpose of analysing where in the world people are using this site.
WordPress
This website is built with WordPress. This relies on cookies for basic management tasks, such as identifying whether a user is logged into the website.
The Cookie Consent plugin uses cookies to identify whether a user has seen the pop-up notification.
Shop
We collect information about you during the checkout process on our store.
What we collect and store
While you visit our site, we’ll track:
- Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
- Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
- Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!
We’ll also use cookies to keep track of basket contents while you’re browsing our site.
When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number and optional account information like username and password. We’ll use this information for purposes, such as, to:
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Set up your account for our store
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
- Send you marketing messages, if you choose to receive them
If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders. We do not store any payment details on the site
We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for XXX years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.
Who on our team has access
Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:
- Order information like what was purchased, when it was purchased and where it should be sent, and
- Customer information like your name, email address, and billing and shipping information.
Our team members have access to this information to help fulfill orders, process refunds and support you.
What we share with others
We share information with third parties who help us provide our orders and store services to you; for example —
Payments
We accept payments through Square. When processing payments, some of your data will be passed to Square, including information required to process or support the payment, such as the purchase total and billing information.
Please see the Square’s privacy policy for more details.
See our Refund and returns policy
Content from other websites
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Data protection laws provide you with the following rights to:
- request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
- request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
- request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below);
- request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it; and
- request a copy of your personal information which you have provided to us, in a structured, commonly used and machine-readable format and the right to transfer it, or to require us to transfer it directly, to another controller; and
- You also have the right to object to the processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- You will not have to pay a fee to access your personal information (or to exercise any of the other rights above). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
- We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
- Where we rely on your consent to process your personal data, for example if we need your consent to send you any direct marketing, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us using any of the details set out below in the “Contacting Us” section. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
- If you are unhappy about how your personal data has been used please refer to our complaints policy. You also have a right to complain to the supervisory authority, which in the United Kingdom is the Information Commissioner’s Office https://ico.org.uk/, which regulates the processing of personal data.
How we protect your data
Your data is secured by encryption, firewalls and Secure Socket Layer (SSL) technology. This is industry standard encryption technology which manages the security of messages transmitted across the internet. When we receive your data, we store it on secure servers which can only be accessed by the web developer Surface Impression.
What data breach procedures we have in place
Data breaches are rare but in the case of this happening they will pinpoint the exact details of the breach including the time, where it happened on the system, the cause of the breach, and the extent of the damage.
Additional security measures are monitored by the hosting provider.