Privacy Policy

This privacy policy sets out how Yorkshire Sculpture Park (YSP) uses, stores and protects your data. You can contact us with any queries about this policy by emailing comms@ysp.org.uk or find out more via the Information Commissioner's Office (ICO). YSP is registered with the ICO – number ZA080933.


Who we are

[When we talk about 'we' or 'us' in this privacy policy we mean Yorkshire Sculpture Park ("YSP" or "The Company").

YSP is registered as a charity and is a company limited by guarantee. All data is held by the charity.


Your personal data

We collect 'personal data', which is information that identifies a living person, or which can be identified as relating to a living person.

When we talk about 'you' or 'your' in this privacy policy we mean any living person whose personal data we collect.


How we collect your personal data

We collect personal data you provide to us in writing, electronically, over the telephone, and via the website or other social media platforms. This includes information you provide when you make donations, apply for membership of our Friends scheme, purchase tickets, products or services, and ask to be added to our mailing lists. It also includes information you provide when you apply to work with us, volunteer, become a board member or enter into other contractual arrangements with us.


What data we collect

We may collect the following information:

  • Personal details (name, gender, date of birth, email, or other social media account information, postal address, telephone etc.
  • Family and spouse/partner, or next of kin details
  • Financial information (such as credit/debit card or direct debit details, and whether your donations are gift-aided)
  • Details of purchasers and recipients of gift memberships and donations
  • Details of the ways in which you wish to be contacted by us


Your activities and involvement with YSP will result in personal data being generated. This could include:

  • Ticket booking
  • Your attendance at special events
  • Your visits to our website
  • Images of you captured by our CCTV systems, photographers or filmmakers
  • Your use of our public wifi
  • Your car registration details for car park charges and calculating the frequency of your visits to YSP
  • Your purchasing history
  • How you’ve helped us by volunteering or by donating money
  • If you have applied for a job or volunteer role with us
  • Data collected from third party providers and social media providers

We do not normally collect or store special categories of personal data. However, there are some situations where we may need to do so. These may include, for example, if we need to know about any access, medical or dietary requirements you, or someone in your care, may have.


Children and Young People

We take great care to protect and respect the rights of individuals in relation to their personal data, especially in the case of those aged 13 or younger. We will not use the personal data of children or young people for marketing purposes. Personal data about children and young people is only accessible by our staff on a strictly need-to-know basis.


Why we collect this data

We use personal data for our legitimate interests and also in other situations when we have your consent. These uses include:

  • undertaking visitor research
  • to better understand how people choose and/or use our products and services
  • to determine the effectiveness of our promotional campaigns and advertising
  • to comply with our legal duties
  • to protect your vital interests
  • meeting our contractual obligations to you
  • carry out a task in the public interest
  • or our own (or for a third party’s) legitimate interests, provided your rights do not override these interests

We use your personal data for administration purposes. We also use your personal data to provide you with news about our activities and events, and to help with fundraising. You have the choice as to whether you want to receive or continue to receive our marketing messages, and you can change your preferences at any time.

We are participating in NHS Test and Trace, which means (unless you opt out) we may share some of your personal information (full name, contact details and date and time of your visit) with NHS Test and Trace if we are requested to do so.

We also only ever use your data for the purpose or purposes for which it was obtained.


Cookies

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services. You can at any time change or withdraw your consent at any time.

Learn more about how we use cookies in our Cookie Policy.


How we store this data

In order to prevent unauthorised access or disclosure of your personal data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.

Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means). Staff receive data protection training and we maintain a set of data protection procedures which our staff are required to follow when handling personal data.

We only store your data for as long as we need to, and in order to carry out various services for you. We continually review what information we hold and will delete personal data which is no longer required.


Online Security

All electronic forms that ask you for your financial data will use the Secure Sockets Layer (SSL) protocol to encrypt the data between your browser and our servers.

If you use a payment card to make an event booking, to buy membership or to shop online, we will pass your payment card details securely to our payment provider. We comply with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council.


Third Parties

We will never sell your personal data.

We may share your personal data with contractors, research agencies or suppliers who provide us with services. For example, we may use a mailing house for the distribution of our What’s On leaflet; we use Eventbrite for ticket sales; we use Direct Debit processors for the handling of payments and email providers for our marketing communications. Information is transferred to data processors securely, and we retain full responsibility for your personal data as the data controller. These activities are carried out under a contract which imposes strict requirements on our suppliers to keep your personal data confidential and secure.

We may share your personal data where required to do so for prevention of crime or for taxation purposes (for example, with the police, HMRC) or where otherwise required to do so by other regulators or by law (e.g. the Charity Commission, Companies House).

We are wholly based in the UK and store data within the European Economic Area. Some organisations which provide data processing services to us do so under contract and may be based outside of the EEA. We will only allow them to do so if your data is adequately protected.

Our websites contain links to other external websites. We are not responsible for the content or functionality of any such websites. Please let us know if a link is not working by contacting comms@ysp.org.uk

If a third-party website requests personal data from you (e.g. in connection with an order for goods or services), the information you provide will not be covered by this privacy policy. We suggest you read the privacy notice of any other website before providing any personal information.


CCTV

YSP is protected by CCTV and you may be recorded when you visit. Our system includes an automatic car registration recognition system. We use CCTV to help with car parking charges, and to provide a safe and secure environment for visitors, for our staff and to prevent or detect crime. The system is managed in accordance with our standard operating procedures and with good practice guidance issued by the Information Commissioner’s Office. CCTV images will only be accessed by authorised security staff and are stored for up to 30 days, unless flagged for review.


Your rights

We will only retain your personal data for as long as it is required for the purpose for which we collected it.

We want to ensure you remain in control of your personal data and that you understand your legal rights. These are:

  • The right to know whether we hold your personal data and, if we do so, to be provided with a copy of this (a “subject access request”) within one month
  • The right to have your data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason)
  • The right to have inaccurate personal data rectified
  • The right to object to your personal data being used for marketing or profiling

If you would like further information on your rights or wish to exercise them, please contact us at comms@ysp.org.uk or by writing to Yorkshire Sculpture Park, West Bretton, Wakefield WF4 4LG, United Kingdom. You can read more about your rights in details at ico.org.uk. YSP is registered with the ICO – registration ZA080933


Updates to this policy

This policy was last updated on 23 November 2020. We may amend this privacy policy from time to time to ensure it remains up to date and continues to reflect how and why we use your personal data. The current version of our policy is always available on our website.