The Post Office Fellowship of Remembrance Memorial Books reside in the collections of The Postal Museum, the legal entity of which is the Postal Heritage Trust.
This policy tells you about how we collect, use and protect your personal information. We are required to provide you with this notice in accordance with the EU General Data Protection Regulations (GDPR). This policy replaces our Data Protection Policy.
Who we are
The Postal Museum is the public identity of the Postal Heritage Trust. In this policy, whenever you see the words ‘we’, ‘us’ or ‘our’, it refers to the Postal Heritage Trust, Postal Heritage Service Ltd, and Postal Heritage Trading Ltd. Each of these is registered as a ‘data controller’ with the UK information rights regulator: the Information Commissioner’s Office (ICO).
Who The Postal Museum collects information about
We need to collect and use certain types of information about people we interact with in order to operate and to meet our legal obligations. Groups of people we need to collect personal information about include:
Visitors to the museum and Mail Rail – for a range of purposes including processing ticket purchases, answering enquiries, responding to feedback, keeping visitors informed of future events, and supporting visitor safety via CCTV
Staff and volunteers who carry out work for The Postal Museum – for recruitment, payroll and performance review
Donors and members who support our work – for managing relationships
Potential donors – for furthering our charitable aims, including fundraising activities
External stakeholders including suppliers, contractors and other third parties who carry out work on our behalf (such as payroll administration or database management)
Enquirers who want specific questions answered (these people may not visit in person)
Researchers consulting original material in the Discovery Room or requesting copies of that material
Donors of material to the museum and archive collections and those who borrow elements of the collections for various purposes
Customers using our online shop or paid research services – to process orders
Contributors to our history initiatives (such as previous Post Office and Royal Mail employees sharing their stories)
In this context, The Postal Museum is known under data protection regulations as the ‘data controller’ and third parties who process personal data on our behalf are known as ‘data processors’. Those individuals who the personal information is about are known as ‘data subjects’.
We recognise and adhere to the seven principles of data protection as set out in the EU General Data Protection Regulations (GDPR).
The Postal Museum (TPM) is committed to protecting the personal information of all those who interact with us, and to being transparent about what we do with your information. We won’t do anything with your information that you wouldn’t reasonably expect and we will only use your information for the purposes for which it was obtained.
Information about you may be collected when you visit our websites either by automatic tracking devices or, more directly, where you request a specific service, such as subscribing to the newsletter or contacting us via our contact form. By using this website, you consent to the collection and use of your information under the terms of this policy.
Who we share your information with
We promise never to sell or share your personal information with any third party for their own purposes, and you will not receive marketing from any other companies, charities or other organisations as a result of giving your details to us unless you consent to do so.
We will only share your data for these reasons:
To provide services we can’t deliver in house: We sometimes need to share your information with data hosting providers or service providers who help us to deliver our products and services and our internal administration. Examples include providers of systems used for customer relationship management, ticketing, mailing lists, and HR administration.
These third-party providers only act under our instruction as set out in individual data processing agreements with The Postal Museum (TPM). These agreements define TPM as the data owner and prevent use of the data for the provider’s own purposes unless fully anonymised. They also prevent selling or distribution of the data, and address return of data on contract termination.
Third party suppliers also have security and privacy obligations under data protection regulations in their role as ‘data processors’, including the obligation to inform us about the data processors they in turn use (known as ‘sub-processors’).
Some of the third parties we work with operate outside the European Economic Area. In the case of these transfers of information, we ensure that our data processors provide an adequate level of protection and that these measures form part of our agreements with them.
Where legally required: Where sharing of your personal data is required by law, we will act on these obligations. For example, we may disclose your personal information to the government for tax investigation purposes, or to law enforcement bodies for the prevention and detection of crime where a clear need for this is identified. We may also share your information with the emergency services if we think there is a risk of serious harm to you or someone else.
If you’re 13 or under
If you’re aged 13 or under, you must get your parent/guardian’s permission before you provide any personal information to us via the website or in person.
How and why we use your information
How we protect your information
We use technical and organisational safeguards to ensure that your personal information is secure. We limit access to information on a need-to-know basis and ensure that staff are trained in data protection principles.
We utilise SSL (Secure Socket Layer) to encrypt data passed between our website and servers, ensuring all data remains private. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers. Our online forms are always encrypted and our network is protected and routinely monitored.
If you use your credit or debit card to make a booking online, buy something or donate to us, we pass your card details securely to our payment processing partners. We do this in accordance with industry standards and don’t store the details on our website.
However, please be aware that there are always inherent risks in sending information by public networks or using public computers and we cannot 100% guarantee the security of data disclosed or transmitted over public networks.
How long we keep your information
We will keep your personal information related to financial transactions for as long as the law requires us to do so for tax or accounting purposes (usually for the current financial year plus three further years).
If you request that we stop processing your personal information for the marketing purposes, we may need to add your details to a suppression list so we are aware that you don’t wish to be contacted.
Other categories of personal information will only be kept for as long as they are needed for the purpose for which they were collected, and in line with our internal retention policies.
Your rights to your personal information
The Postal Museum (TPM) aims to be as open as possible when giving people access to their personal information. You can find out if we hold any personal information about you by making a ‘subject access request’ under the EU General Data Protection Regulations (GDPR). If we hold any information about you we will, as far as practically possible:
Give you a description of it
Tell you why we are holding it
Tell you who it could be disclosed to
Provide you for a copy of the information in an intelligible form
To make a request to TPM for any personal information we may hold, you need to put the request in writing as detailed below. You may be asked for proof of identification to ensure we are lawfully disclosing information.
If we do hold information about you, you can ask us to correct any inaccuracies or to delete the information if we do not have a legitimate reason to hold it.
Requesting further information
To request information about yourself or to find out more about our privacy, data protection and records retention measures, please write to:
Data Protection Coordinator
The Postal Museum
15 – 20 Phoenix Place
Alternatively email email@example.com. Specify in your communication the exact nature of the information you wish to request.
You can also call us on 0300 0300 700.
For further information about our website please writer to Webmaster at the above postal address or email firstname.lastname@example.org
How to make a complaint
If you are unsatisfied with the information we provide regarding your privacy and data protection, you can raise your concerns with the UK information rights regulator: the ICO (Information Commission’s Office).
We reserve the right to make amends to this policy at any time.