The Highlanders Museum (Queen’s Own Highlanders Collection) operates from Building 20, Fort George, Ardersier IV2 7TD, and will be referred to as The Highlanders Museum in this document.
The Highlanders Museum is committed to protecting and respecting any personal information you share with us. We understand that customers care about the use and storage of their personal information and data and that you rely upon us to act in a careful and sensible manner in this regard.
This statement describes what types of information we collect from you, how it is used by us, how we share it with others, how you can manage the information we hold and how you can contact us. The Highlanders Museum will always handle information in compliance with the Data Protection Act (1998) and the General Data Protection Regulation (GDPR) (EU) 2016/679.
We will always give you the option not to receive marketing communications from us. We will never send you unsolicited ‘junk’ email or communications or share your data with anyone else who might. We do not sell your information to third parties, but we do work closely with selected partners who help us to provide you with the information, products and services that you request from us.
The contents of this statement may change from time to time so you may wish to check this page occasionally to ensure you are still happy to share your information with us. Where possible, we will also contact you directly to notify you of these changes.
2. What information do we collect?
We collect information about you and your orders when you engage with our website, or staff by email or telephone at either of our locations. We only collect information which is necessary, relevant and adequate for the purpose you are providing it for. The information we collect includes some or all of the following:
a. Name (including title);
c. Phone number;
d. Email address;
e. The date you used our services;
f. The pages you visited on our website and how long you visited us for;
g. Your GPS location (where you have permitted access to this);
h. The internet browser and devices you are using;
j. The website address from which you accessed our website;
k. Details of any transactions between you and us;
l. Where you engage with us in a business context, we may collect your job title, company contact details (including email addresses), company details (some of which we may obtain from an online or public business directories);
m. Voice recordings of calls you make to our business;
n. CCTV recorded images from our businesses; and
o. Any information within correspondence you send to us.
3. How do we use this information?
The Highlanders Museum will only process information that is necessary for the purpose for which it has been collected. You will always have the option not to receive marketing communications from us (and you can withdraw your consent or object at any time). We will never send you unsolicited ‘junk’ email or communications or share your personal information with anyone else who might.
There are various ways in which we may use or process your personal information. We list these below:
Where you have provided your consent, we may use and process your information to:
a. Contact you from time to time about promotions, events, products, services or information which we think may be of interest to you for example
Mailings relating to news and events;
Research from enquiries you have asked us to pursue relating to ancestors;
Aggregate data analysis to monitor visitor statistics;
b. To share your personal information with our recommended third-party marketing partners, so that they can contact you with marketing information about our products and services for example Mailchimp;
c. You can withdraw your consent at any time by contacting us at email@example.com or, in relation to any marketing messages you receive, by using the unsubscribe option included in those messages.
We may use and process your personal information where this is necessary to perform a contract with you and to fulfil and complete your orders, purchases and other transactions entered into with us.
We may use and process your personal information as set out below where it is necessary for us to carry out activities for which it is in our legitimate interests as a business to do so.
Processing necessary for us to support customers with sales and other enquiries
a. To respond to correspondence you send to us and fulfil the requests you make to us (for example: alternative products);
b. Processing necessary for us to respond to understanding customers’ needs;
c. To analyse, evaluate and improve our products and services so that your visit and use of our businesses and website are more useful and enjoyable (we will generally use data amalgamated from many people so that it doesn’t identify you personally);
d. To undertake market analysis and research (including contacting you with customer surveys) so that we can better understand you as a customer and provide tailored offers, products and services that we think you will be interested in. We will only send marketing communications to you if you have provided your consent for us to do so or which we have obtained in the ways mentioned in the paragraph below;
e. For product development purposes (for example to improve quality, performance and safety);
f. In some cases, we may use automated methods to analyse, combine and evaluate information that you have provided to us (We collect and analyse this information in this way so that we can deliver the most appropriate customer experience to you by tailoring and making relevant all our service and communications;
g. Processing necessary for us to promote our business, brands and products and measure the reach and effectiveness of our campaigns;
h. To send you marketing information from time to time after you have purchased a product or service from us or made a purchasing enquiry, closed your browser with items in your shopping basket or other information of interest. We will only contact you with information about our own products and services (and in ways the law allows), which we hope you will like. You have the right to object to us sending you this information at any time;
i. To contact you from time to time with marketing information (unless you object) if you have expressly indicated to us that you are acting on behalf of a business or where we have obtained your business contact details from our manufacturers or an online or public business directory. In relation to any such information we send by email or SMS, we will include an option allowing you to object to receiving future messages by unsubscribing;
k. To contact you if your local The Highlanders Museum business were to move premises or close;
l. Processing necessary for us to operate the administrative and technical aspects of our business efficiently and effectively;
m. To verify the accuracy of information that we hold about you and create a better understanding of you as a customer;
n. For network and information security purposes i.e. in order for us to take steps to protect your information against loss, damage, theft or unauthorised access;
o. To comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);
p. To inform you of updates to our terms and conditions and policies.
We may process your personal information to comply with our legal requirements.
Sometimes we will need to process your personal information to contact you if there is an urgent safety or product recall notice and we need to tell you about it.
How do we share this information?
We do not sell your information to third parties, but we do work closely with third party suppliers who fulfil business activities for us (like marketing, events and market research etc).
We do not sell your information to third parties. However, we may from time to time disclose your information to the following categories of companies or organisations to which we pass the responsibility to handle services on our behalf: direct marketing communications agencies and consultants, market research and market analytics service providers, our legal and other professional advisors.
We will also share your information with our suppliers in situations where we need to pass your information to them in order to manage any request or complaint you have made to us.
We take steps to ensure that any third-party partners who handle your information comply with data protection legislation and protect your information just as we do. We only disclose personal information that is necessary for them to provide the service that they are undertaking on our behalf. We will aim to anonymise your information or use aggregated non-specific data sets where ever possible.
How long do we keep your information for?
We will not hold your personal information in an identifiable format for any longer than is necessary. If you are a customer or otherwise have a relationship with us we will hold personal information about you for a longer period than if we have obtained your details in connection with a prospective relationship.
We do not retain personal information in an identifiable format for longer than is necessary.
If we have a relationship with you (e.g. you are a customer), we hold your personal information for 6 years from the date our relationship ends. We hold your personal information for this period to establish, bring or defend legal claims.
Where we have obtained your personal information following a request for information, quotation or any other information on any of our products or services, we hold your personal information for 18 months from the date we collect that information, unless during that period we form a relationship with you e.g. you repeat order from us. We hold your personal information for this period to give us an opportunity to form a relationship with you.
The only exceptions to the periods mentioned above are where:
a. the law requires us to hold your personal information for a longer period, or delete it sooner;
b. you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see further How can I manage the information we hold about you);
c. you have raised a complaint or concern regarding a product or service offered by us, in which case we will retain your information for a period of 6 years following the date of that complaint or query.
How can you manage the information we hold about you?
You have the right as an individual to access your personal information we hold about you and make corrections if necessary. You also have the right to withdraw any consent you have previously given us and ask us to erase information we hold about you. You can also object to us using your personal information (where we rely on our business interests to process and use your personal information).
You have a number of rights in relation to your personal information under data protection law. In relation to most rights, we will ask you for information to confirm your identity and, where applicable, to help us search for your personal information. Except in rare cases, we will respond to you within 30 days after we have received any request (including any identification documents requested).
CCTV is installed in public areas of our properties for the prevention and detection of crime. Footage is securely stored and is only accessible to authorised personnel. Footage may be shared with authorities if required by law.
Employee Access to your Information
Website Pixel Tabs
The Highlanders Museum and its third-party service providers use pixel tags (also known as ‘clear gifs or beacon gifs). Pixel tags are not visible to the user of the website and consist of a few lines of computer coding delivered with the web page. Pixel tags are not used to collect any personally identifiable information about you apart from what you voluntarily provide us. Pixel tags are used to:
a. Track customer response to the Highlanders Museum advertisements and website content.
b. Determine your ability to receive HTML-based e-mail messages. Our e-mail service provider includes a pixel tag, referred to as a ‘coded sensor’ in all of the HTML-based messages sent on our behalf. The sensor activates when the e-mail is opened and the flags the e-mail address of the user as one that is capable of receiving HTML-based e-mail messages. This capability helps our service provider to send the e-mail in a format you can read. The sensor does not collect or use any other information. If you cannot receive HTML, you will not receive a functioning sensor.
c. Enable us to know how many users open an e-mail and allows our service provider to compile aggregated statistics about an e-mail campaign for us.
d. Allow us to target interactive advertising, enhance customer support and site usability and provide offers and promotions which we believe would be of interest to you.
Responding to a Data Breach
In the unlikely event of any of the below data breaches occur, The Highlanders Museum will notify the Information Commissioner’s Office (ICO) without undue delay. If there is a risk to individuals affected, they too will be notified:
• Access by an unauthorised third party
• Deliberate or accidental action (or inaction) by a controller or processor
• Sending personal data to an incorrect recipient
• Computing devices containing personal data being lost or stolen
• Alteration of personal data without permission
• Loss of availability of personal data
You have the right to:
a. Ask for a copy of the information that we hold about you;
b. Correct and update your information;
c. Withdraw your consent (where we rely on it). Please see further How do we use this information;
d. Object to our use of your information (where we rely on our legitimate interests to use your personal information) provided we do not have any continuing lawful reason to continue to use and process the information. When we do rely on our legitimate interests to use your personal information for direct marketing, we will always comply with your right to object;
e. Erase your information (or restrict the use of it), provided we do not have any continuing lawful reason to continue to use and process that information;
f. Transfer your information in a structured data file (in a commonly used and machine-readable format), where we rely on your consent to use and process your personal information or need to process it in connection with your contract.
g. You can exercise the above rights and/or manage your information by contacting us using the details below:
By post: The Data Protection Officer
The Highlanders Museum
Inverness, IV2 7TD
By email: firstname.lastname@example.org
By phone: 0131 310 8702
If you are unhappy, you have the right to lodge a complaint with a data protection regulator in Europe, in particular in a country you work or live or where your legal rights have been infringed. The contact details for the Information Commissioner’s Office, the data protection regulator in the UK, are below:
Information Commissioner’s Office
Call: 0303 123 1113
Registered Office: The Highlanders Museum Ltd, Building 20, Fort George, Ardersier, IV2 7TD , Company Number: SC385993, Registered Charity Number SC 042160.