Your Basket

Subtotal: Excluding Delivery

Privacy Policy

This privacy policy sets out how Yorkshire Sculpture Park (YSP) uses, stores and protects your data. You can contact us with any queries about this policy by emailing comms@ysp.org.uk or find out more via the Information Commissioner's Office (ICO). YSP is registered with the ICO – number ZA080933.

How we collect your personal data

We collect personal data over the telephone, via the website and in writing. 


What data we collect

We may collect the following information:
– Personal details (name, gender, date of birth, email, address, telephone etc.)
– Family and spouse/partner, or next of kin details
– Financial information (such as credit/debit card or direct debit details, and whether your donations are gift-aided)
– Details of the ways in which you wish to be contacted by us
– Cookies
Your activities and involvement with YSP will result in personal data being generated. This could include:
– Your attendance at special events
– Your visits to our website
– Images of you captured by our CCTV systems, photographers or filmmakers
– Your use of our public wifi 
– Your purchasing history
–How you’ve helped us by volunteering or by donating money 
– Where you have applied for a job or volunteer role with us
We do not normally collect or store special categories of personal data. However, there are some situations where we may need to do so. These may include, for example, if we need to know about any access, medical or dietary requirements you, or someone in your care, may have.
Children and Young People
We take great care to protect and respect the rights of individuals in relation to their personal data, especially in the case of those aged 13 or younger. We will not use the personal data of children or young people for marketing purposes. Personal data about children and young people is only accessible by our staff on a strictly need-to-know basis.


Why we collect this data

We collect your data in order to make your interaction with YSP as positive and easy as possible. We only ever use your personal data with your consent, or where it is necessary in order to:
– Enter into, or perform, a contract with you
– Comply with a legal duty
– Protect your vital interests
– Carry out a task in the public interest 
– For our own (or for a third party’s) legitimate interests, provided your rights do not override these interests
We also only ever use your data for the purpose or purposes for which it was obtained.
We use website cookies for a number of different reasons as listed below. You can manage these small files yourself and learn more about them from allaboutcookies.org
– To enable a service to recognise your device so you don’t have to give the same information again 
– To recognise that you have already given a username and password so you don’t need to enter it for every web page requested
– To measure how many people are using our services, so they can be made easier to use and so that there is enough capacity to ensure a speedy service
– We use AddThis on our website so that you can share our content across email and social networks. These cookies allow us to anonymously track how many users recommend our web pages on social media
We use Google Analytics to collect information about how people use our website. We do this to make sure it’s meeting its users’ needs and to understand how we could do it better. Google Analytics stores information about what pages you visit, how long you are on the site, how you got here and what you click on. We do not allow Google to use or share our analytics data. This is a list of data stored by Google Analytics cookies:
_utma stores each user’s number of visits, time of the first visit, the previous visit and the current visit
_utmb and _utmc checks how long a visitor stays on the site: when a visit starts and ends
_utmz tracks where a visitor came from (search engine, search keyword, link)
_utmv and _utmd track visitor journeys through the site and classifies them into groups
These cookies each last different amounts of times:
_utma expires two years after your last visit to this site
_utmb expires 30 minutes after your visit, or after 30 minutes of inactivity
_utmc expires at the end of a session (when you close your browser)
_utmz expires six months after it was last set
_utmv (not set) expires immediately
_utmd (not set) expires immediately


How we store this data 

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. 
Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means). Staff receive data protection training and we maintain a set of data protection procedures which our staff are required to follow when handling personal data.
We only store your data for as long as we need to, and in order to carry out various services for you. We continually review what information we hold and will delete personal data which is no longer required.
Online Security
All electronic forms that ask you for your financial data will use the Secure Sockets Layer (SSL) protocol to encrypt the data between your browser and our servers.

If you use a payment card to make an event booking, to buy membership or to shop online, we will pass your payment card details securely to our payment provider. We comply with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council.

Third Parties

We will never sell your personal data.
We may share your personal data with contractors or suppliers who provide us with services. For example, we may use a mailing house for the distribution of our What’s On leaflet; we use Direct Debit processors for the handling of payments and email providers for our marketing communications. Information is transferred to data processors securely, and we retain full responsibility for your personal data as the data controller. These activities are carried out under a contract which imposes strict requirements on our suppliers to keep your personal data confidential and secure.
We may share your personal data where required to do so for prevention of crime or for taxation purposes (for example, with the police, HMRC) or where otherwise required to do so by other regulators or by law (e.g. the Charity Commission, Companies House).
We are wholly based in the UK and store data within the European Economic Area. Some organisations which provide data processing services to us do so under contract and may be based outside of the EEA. We will only allow them to do so if your data is adequately protected.
Our websites contain links to other external websites. We are not responsible for the content or functionality of any such websites. Please let us know if a link is not working by contacting comms@ysp.org.uk
If a third-party website requests personal data from you (e.g. in connection with an order for goods or services), the information you provide will not be covered by this privacy policy. We suggest you read the privacy notice of any other website before providing any personal information.



YSP is protected by CCTV and you may be recorded when you visit. We use CCTV to help provide a safe and secure environment for visitors, for our staff and to prevent or detect crime. The system is managed in accordance with our standard operating procedures and with good practice guidance issued by the Information Commissioner’s Office. CCTV images will only be accessed by authorised security staff and are stored for up to 30 days, unless flagged for review.


Your rights

We want to ensure you remain in control of your personal data and that you understand your legal rights. These are:
– The right to know whether we hold your personal data and, if we do so, to be provided with a copy of this (a “subject access request”) within one month
– The right to have your data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason)
– The right to have inaccurate personal data rectified
– The right to object to your personal data being used for marketing or profiling 
If you would like further information on your rights or wish to exercise them, please contact us at comms@ysp.org.uk or by writing to Yorkshire Sculpture Park, West Bretton, Wakefield WF4 4LG, United Kingdom. You can read more about your rights in details at ico.gov.uk


Updates to this policy

This policy was last updated on 16 May 2018. We may amend this privacy policy from time to time to ensure it remains up to date and continues to reflect how and why we use your personal data. The current version of our policy is always available on our website.


Get your art without walls kick by following YSP on Instagram and share your photos using #yorkshiresculpturepark