The Postal Museum (TPM) respects the privacy of every individual who visits our websites. We operate in accordance with the Data Protection Act 1998. For further information about our Data Protection Policy, please see our Policies page.
We collect personal information (such as your name, contact details, credit card information) that you supply to us. Your information is collected when you contact us, make a booking with us, purchase items from us, including Membership and e-tickets, or make donation to us. The credit card information you give for any online transaction is used solely for the purpose of processing that transaction.
We will never share your information with other organisations to use for their own purposes. We will share it with trusted companies who act as “data processors” on our behalf in order to fulfil your request (see the sections below for further details).
You may indicate your preferences for receiving direct marketing from us. You will be given the opportunity on every communication we send you to change your marketing preferences.
Who are TPM?
The Postal Museum is the public identity of the Postal Heritage Trust. In this policy, whenever you see the words ‘We’, ‘Us’ or ‘Our’, it refers to the Postal Heritage Trust, Postal Heritage Services Ltd, and Mail Rail Trading Ltd. Each of these is registered as a data controller in their own right.
Information about you may be collected when you visit our websites either by automatic tracking devices (see ‘Tracking our visitors’ below) or, more directly, where you request a specific service, such as subscribing to the newsletter or contacting us via our contact form. By using this website, you consent to the collection and use of your information under the terms of this policy.
It is TPM’s policy not to sell your information on to any third party.
Tracking our visitors
TPM monitors how people use our websites and aggregates general statistics about customers, traffic patterns and related site information in an anonymous form. In order to collect this data, TPM uses software that collects statistics from IP data. This software can determine what times of day people access our site, which country they access the websites from, how long they visit for, what browser they are using, etc.
This information is collected primarily to measure the popularity of particular content, and of the websites as a whole, allowing us to judge visitor needs and tailor future content.
Most web browsers allow you to control the cookies stored on your computer through your browser’s settings. The ICO (Information Commissioner’s Office) provides more information on cookies, including how to see what cookies have been stored and how to manage and delete them.
Removing or disabling cookies
You may choose to remove or block cookies at any time by adjusting your browser settings, but in some cases, this may impact your experience of our website. Certain functions, such as registering for our newsletter or adding a product to your basket on our online shop, need cookies enabled.
The information below lets you know what cookies this site uses and what they are.
Postal Museum Cookies
This cookie is used on our catalogue website, catalogue.postalmuseum.org. It stores information about the current user session on your computer. No personal information is stored in this cookie.
This cookie stores information about usage of the site’s Reader Order Management System, which users who are logged in to our online catalogue can use to arrange access to particular collections items.
Third Party Cookies – Google Analytics
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site and your experience.
The information collected is anonymous and does not identify a visitor. The data includes the number of visitors to the site, where visitors have come from and the pages they visited.
Third Party Cookies – Hotjar
Hotjar is an analytics and feedback tool that we use to understand how our website is used and improve usability. Hotjar sets cookies to help us track behaviour across pages and to control visitor polls. The cookies carry no personally identifiable information.
When you buy something from our online shop
The Postal Museum (TPM) has entered into a partnership with Shopify to assist us in providing an online shop. In order to purchase products online, you will have to submit personal information about yourself (name, address, email address and telephone number).
This personal data is collected by Shopify on behalf of TPM (excluding card details). They have entered into an agreement with TPM to hold all details in a secure way. They are not permitted to use the data for their own purposes nor to sell or distribute it on to any other individual, organisation or business under any circumstances.
If, for whatever reason, our agreement with Shopify ends, they are contractually obliged to hand back the data to TPM and to delete all of TPM’s personal data from their system.
TPM’s shop payment process is powered by Sage Pay. Sage Pay is a secure platform used by our shop for processing your online payments. Information entered is fully encrypted and the system is audited by the Payment Card Industry Security Standards Council.
TPM will not retain your credit card details after your order has been processed. We will retain your email and postal address to complete your order but these will not be used by a third party. When you complete your order, you will be added to our mailing list; you will have an option to ‘opt-out’ at the bottom of each email.
When you purchase a ticket to The Postal Museum, Mail Rail, Sorted!, or an event or exhibition
Tickets to The Postal Museum, Mail Rail, Sorted!, and events and exhibitions are provided by Syx RecreateX. When you click on a link to book a ticket, you are redirected to a web portal hosted by Syx. They collect personal information on our behalf to process each transaction and only use personal data where it is necessary to fulfil your order. Our Data Sharing Agreement with Syx provides that they will not share personal data with other parties and will delete all data on termination of our contract. Syx are ISO 27001 certified, meaning that they meet the highest international standards for information security.
When you complete your order, you will be added to our mailing list; you will have an option to ‘opt-out’ at the bottom of each email.
When you subscribe to our newsletter
TPM has entered into a partnership with MailChimp to assist us in providing an e-mail newsletter service. In order to sign up to this service, you will have to submit personal information about yourself (name and e-mail address only).
This personal data is collected by MailChimp on behalf of TPM. They have entered into an agreement with TPM to hold all details in a secure way. They are not permitted to use the data for their own purposes nor to sell or distribute it on to any other individual, organisation or business under any circumstances.
If, for whatever reason, our agreement with MailChimp ends, they are contractually obliged to hand back the data to TPM and to delete all of TPM’s personal data from their computers.
You can ‘opt out’ of the newsletter at any time by unsubscribing.
When you donate to us online
TPM will not retain your credit card details after your donation has been processed.
When you purchase Archive copying or research services
In order to purchase these services, you will have to submit information about yourself (name, address, email address and telephone number).
Your payment is processed by Worldpay. Information entered is fully encrypted and the system is audited by the Payment Card Industry Security Standards Council.
TPM will not retain your credit card details after you order has been processed. We will retain your email address and postal address to complete your order but these will not be used by a third party.
When you apply for a job via our website
Data is hosted on Digital Ocean (London) and Amazon Web services which are ISO Certified for information security compliance.
When you use our Social Media platforms and third party sites
TPM maintain a presence on several social media and third party websites, such as Facebook, Twitter and Instagram. We suggest you refer to the privacy policies on those sites and take care when giving out personal information. TPM undertakes to operate within the guidelines of these sites and will not seek to collect your personal information.
We take every reasonable effort to ensure the security of your data. To maintain the security and integrity of your information, we have appropriate administrative (both electronic and physical) in place. We utilise SSL (Secure Socket Layer) to encrypt data passed between our website and servers, ensuring all data remains private. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.
TPM tries to be as open as it can be in terms of giving people access to their personal information. You can find out if we hold any personal information about you by making a ‘subject access request’ under the Data Protection Act 1998. If we do hold information about you we will:
- give you a description of it;
- tell you why we are holding it;
- tell you who it could be disclosed to; and
- let you have a copy of the information in an intelligible form.
To make a request to TPM for any personal information we may hold, you need to put the request in writing as detailed below.
If we do hold information about you, you can ask us to correct any mistakes or to delete the information.
Further information and requests
To request information about yourself or to find out more about our privacy and data protection measures, please refer to our Data Protection Policy or write to:
Data Protection Coordinator
The Postal Museum
Alternatively email firstname.lastname@example.org.
Please specify in your communication the exact nature of the information you wish to request.
For further information about our website and our digital partners please write to Webmaster at the above postal address or email email@example.com.
If you are unsatisfied with the information we provide regarding your privacy and data protection, you can raise your concerns with the ICO (Information Commissioner’s Office).
Changes to this Policy
This policy was last updated on 22 May 2017.