Privacy Policy
Chester Beatty Online Shop
Introduction
The Chester Beatty Shop is committed to protecting your privacy and security. This Privacy Policy explains how and why we use your personal data and is intended to help ensure that you remain informed and in control of your information.
Your Personal Data
We collect “personal data”, which is information that identifies a living person, or which can be identified as relating to a living person.
When we talk about “you” or “your” in this policy we mean any living person whose personal data we collect.
Personal data we hold
The categories of personal data we hold are listed below.
-
Personal data you provide
We collect data you provide to us. This includes information you supply when you communicate with us, purchase products or services or sign up to receive communications from us. For example, we may hold:
- personal details (name, email, address, telephone etc.)
- financial information (credit/debit card details are not retained but encrypted once entered
-
Personal data generated by your involvement with the Chester Beatty Shop
Your activities and involvement with the Chester Beatty Shop will result in personal data being generated. This could include:
- where you have asked us for information or written to us
- your visits to our website
- your purchasing history
-
Website cookies
The museum website located at https://chesterbeattyshop.ie utilises persistent website cookies to support the overall functionality of the resource. The cookies utilised record the following data:
- Tracks return visits to direct the animations presented to the user in the visit content
- Provides anonymised website analytical data to the Google Analytics platform, which includes pages visited
How we use your personal data
-
General use
We only ever use your personal data with your consent, or where it is necessary in order to:
- enter into, or perform, a contract with you
- comply with a legal duty
- protect your vital interests
- Carry out a task in the public interest
- for our own (or for a third party’s) legitimate interests, provided your rights do not override these interests.
In any event, we will only use your personal data for the purpose or purposes for which it was obtained.
-
Administration
We use your personal data for administrative purposes including:
- fulfilling orders for goods or services
- management of suppliers of goods and services
- processing enquiries and requests for information
- managing feedback, comments and complaints we receive
- helping us respect your choices and preferences
-
Internal research and profiling
We occasionally carry out research and analysis on our customers to determine the success of our public offering and to help us provide you with a better experience.
We may evaluate, categorise and profile your personal data in order to tailor materials, services and communications (including targeted advertising) to your needs and your preferences and to help us understand our audiences.
Disclosing and sharing your personal data
We will never sell your personal data. If you have opted-in to marketing, we may contact you with information about our activities. These communications will always come from us.
We may share your personal data with contractors or suppliers who provide us with services. For example, we use Direct Debit processors for the handling of payments and eCommerce platform to enables you to buy items from out online shop. Information is transferred to data processors securely, and we retain full responsibility for your personal data as the Data Controller. These activities are carried out under a contract which imposes strict requirements on our suppliers to keep your personal data confidential and secure.
We may share your personal data where required to do so for the prevention of crime or for taxation purposes or where otherwise required to do so by other regulators or by law.
Data security
-
Payment security
All electronic forms that ask you for your financial data will use secure protocols to encrypt the data between your browser and our servers.
If you use a payment card to buy products, we will pass your payment card details securely to our payment provider. We comply with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council.
-
Where your data is stored
We are wholly based in Ireland and store data within the European Economic Area. Some organisations which provide data processing services to us do so under contract and may be based outside of the EEA. We will only allow them to do so if your data is adequately protected.
-
Retention of your personal data
We will only retain your personal data for as long as it is required for the purposes for which we collected it (for example, we have a genuine and legitimate reason and we are not harming any of your rights and interests). This will depend on our legal obligations and the nature and type of information and the reason for which we collected it.
We continually review what information we hold and will delete personal data which is no longer required, and in line with our Record Retention Policy.
Control of your personal data – Your rights
We want to ensure you remain in control of your personal data and that you understand your legal rights, which are:
- the right to know whether we hold your personal data and, if we do so, to be sent a copy of the personal data that we hold about you (a “subject access request”) within 30 days
- the right to have your personal data deleted (though this will not apply where it is necessary for us to continue to use the data for a lawful reason)
- the right to have inaccurate personal data rectified
- the right to object to your personal data being used for marketing or profiling
- (where technically feasible) the right to be given a copy of the personal data that you have provided to us (and which we process automatically on the basis of your consent or the performance of a contract) in a common electronic format for you to re-use.
There are some exceptions to the rights above and, although we will always try to respond to any instructions you may give us about our handling of your personal information, there may be situations where we are unable to meet your requirements in full.
If you would like further information on your rights or wish to exercise them, please contact the Chester Beatty’s Data Protection Officer: dataprotection@cbl.ie
Complaints
Should you have a complaint about how we have used (‘processed’) your personal data, you can complain to us directly by contacting our Data Protection Officer at the Chester Beatty in the first instance: dataprotection@cbl.ie
If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can write to the Office of the Data Protection Commissioner: Canal House, Station Road, Port Arlington, Co. Laois, R32 AP23, Ireland.
Links to other sites
Our website may contain links to the Chester Beatty’s website and other external websites. We are not responsible for the content or functionality of any external websites. Please let us know if a link is not working by contacting ecommerce@cbl.ie. If a third-party website requests personal data from you (for example, in connection with an order for goods or services), the information you provide will not be covered by this Privacy Policy. We suggest you read the privacy notice of any other website before providing any personal information.
Changes to this Privacy Policy
We may amend this privacy policy from time to time to ensure it remains up-to-date and continues to reflect how and why we use your personal data. The current version of our Privacy Policy will always be posted on our website.
Any questions you may have in relation to this Privacy Policy or how we use your personal data should be sent to our Data Protection Officer at the Chester Beatty: dataprotection@cbl.ie.