This section summarises how we obtain, store and use information about you. It is intended to provide a very general overview only. It is not complete in and of itself and it must be read in conjunction with the corresponding full sections of this Privacy Policy.
-
Data controllers: Old Brompton Gallery
-
How we collect or obtain information about you:
-
when you provide it to us by contacting us,
-
subscribing as a paid member,
-
filling in newsletter subscription forms on our website,
-
registering for competitions run by or in association with the Old Brompton Gallery
-
registering your details to attend Old Brompton Gallery's events
-
from your use of our website, using cookies and similar technologies, and
-
occasionally, from third parties.
-
-
Information we collect from you:
Name, contact details, IP address, payment details such as your payment address, credit/debit card details(processed by third party and not stored by us), information from cookies, information about your computer or device (e.g. device and browser type), information about how you use our website (e.g. which pages you have viewed, the time when you view them and what you clicked on, the geographical location from which you accessed our website (based on your IP address), company name or business name (if applicable).
-
How we use your information:
For administrative and business purposes (particularly to contact you and process orders you place on our website), to improve our business and website, to fulfill our contractual obligations, to advertise our goods, services, exhibitions and other internal or 3rd party events, to analyze your use of our website.
-
Disclosure of your information to third parties: only to the extent necessary to run our business, to our service providers, to fulfil any contracts we enter into with you, where required by law or to enforce our legal rights, for external events that you have RSVP'ed using the website (in which case only your name is shared to check names against guestlist at the entry to such events).
-
We do not sell your information to third parties (other than in the course of a business sale)
-
How long we retain your information: for no longer than necessary, taking into account any legal obligations we have (e.g. to maintain records for tax purposes), any other legal basis we have for using your information (e.g. your consent, performance of a contract with you or our legitimate interests as a business). For specific retention periods in relation to certain information which we collect from you, please see the main section below entitled How long we retain your information.
-
How we secure your information: using appropriate technical and organisational measures such as storing your information on secure servers, encrypting transfers of data to or from our servers using Secure Sockets Layer (SSL) technology, not storing credit/debit card numbers, expiry dates, and security numbers internally, processing credit card transactions using 3rd party payment processors, using firewalls, DDOS attack protecting systems and threat monitoring systems.
-
Use of cookies: we use cookies and similar information-gathering technologies on our website including essential, functional, analytical and targeting cookies. For more information, please visit our cookies policy here:
-
Transfers of your information outside the European Economic Area: We will only transfer your information outside the European Economic Area if we are required to do so by law or if our service providers that we store your data with are based in outside the European Economic Area. Where we do so, we will ensure appropriate safeguards are in place. We will store some of our data outside the European Economic Area which includes the emails you sent to us and some of the artwork images.
-
Your rights in relation to your information
-
to access your information and to receive information about its use
-
to have your information corrected and/or completed
-
to have your information deleted
-
to restrict the use of your information
-
to receive your information in a portable format
-
to object to the use of your information
-
to withdraw your consent to the use of your information
-
to complain to a supervisory authority
-
-
Sensitive personal information: We do not knowingly or intentionally collect what is commonly referred to as 'sensitive personal information'. Please do not submit sensitive personal information about you to us. For more information, please see the main section below entitled Sensitive Personal Information.
Information we collect when you visit our website
We collect and use information from website visitors in accordance with this section and the section entitled Disclosure and additional uses of your information.
Web server log information
We use a third party server to host our website. Our website server automatically logs the IP address you use to access our website as well as other information about your visit such as the pages accessed, information requested, the date and time of the request, the source of your access to our website (e.g. the website or URL(link) which referred you to our website), and your browser version and operating system.
Our servers are located in the United Kingdom.
Use of website server log information for IT security purposes
We and our third party hosting provider collect(s) and store(s) server logs to ensure network and IT security and so that the server and website remain uncompromised. This includes analysing log files to help identify and prevent unauthorised access to our network, the distribution of malicious code, denial of services attacks and other cyber-attacks, by detecting unusual or suspicious activity.
Unless we are investigating suspicious or potential criminal activity, we do not make, nor do we allow our hosting provider to make, any attempt to identify you from the information collected via server logs.
Legal basis for processing: compliance with a legal obligation to which we are subject (Article 6(1)(c) of the General Data Protection Regulation).
Legal obligation: we have a legal obligation to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of our processing of information about individuals. Recording access to our website using server log files is such a measure.
Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).
Legitimate interests: we and our third party hosting provider have a legitimate interest in using your information for the purposes of ensuring network and information security.
Use of website server log information to analyse website use and improve our website
We use the information collected by our website server logs to analyse how our website users interact with our website and its features. For example, we analyse the number of visits and unique visitors we receive, the time and date of the visit, the location of the visit, IP address and the operating system and browser used.
We use the information gathered from the analysis of this information to improve our website. For example, we use the information gathered to change the information, content and structure of our website and individual pages based according to what users are engaging most with and the duration of time spent on particular pages on our website.
Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).
Legitimate interest: improving our website for our website users and getting to know our website users' preferences so our website can better meet their needs and desires.
Cookies and similar technologies
Cookies are data files which are sent from a website to a browser to record information about users for various purposes.
We use cookies and similar technologies on our website, including essential, functional, analytical and targeting cookies. For further information on how we use cookies, please see our cookies policy which is available here:
You can reject some or all of the cookies we use on or via our website by changing your browser settings, but doing so can impair your ability to use our website or some or all of its features. For further information about cookies, including how to change your browser settings, see our cookies policy.
Information we collect when you contact us
We collect and use information from individuals who contact us in accordance with this section and the section entitled Disclosure and additional uses of your information.
When you send an email to the email address displayed on our website we collect your email address and any other information you provide in that email (such as your name, telephone number and the information contained in any signature block in your email).
Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).
Legitimate interest(s): responding to enquiries and messages we receive and keeping records of correspondence.
Legal basis for processing: necessary to perform a contract or to take steps at your request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation).
Reason why necessary to perform a contract: where your message relates to us providing you with goods or services or taking steps at your request prior to providing you with our goods and services (for example, providing you with information about such goods and services), we will process your information in order to do so.
Transfer and storage of your information
We use a third party email provider to store emails you send us. Our third party email provider is located in United States and called Microsoft. Their privacy policy is available here: https://privacy.microsoft.com/en-GB/privacystatement
Emails you send us will be stored outside the European Economic Area on Microsoft's servers in United States where our third party email provider stores your emails. For further information please see the section of this privacy policy entitled Transfers of your information outside the European Economic Area.
Contact forms
When you contact us using our contact forms, we collect your name, email address, phone number and IP address. We also collect any other information you provide to us when you complete the contact form.
If you do not provide the mandatory information required by our contact form, you will not be able to submit the contact form and we will not receive your enquiry.
If you do not supply the optional information required by our contact form, we may not be able to respond to your enquiry.
Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).
Legitimate interest(s): responding to enquiries and messages we receive and keeping records of correspondence.
Legal basis for processing: necessary to perform a contract or to take steps at your request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation).
Reason why necessary to perform a contract: where your message relates to us providing you with goods or services or taking steps at your request prior to providing you with our goods and services (for example, providing you with information about such goods and services), we will process your information in order to do so.
Transfer and storage of your information
Messages you send us via our contact form will be stored outside the European Economic Area on our third party email provider's servers in United States.
Our third party email or provider is Microsoft. Their privacy policy is available here: https://privacy.microsoft.com/en-GB/privacystatement
For further information about the safeguards used when your information is transferred outside the European Economic Area, see the section of this privacy policy below entitled Transfers of your information outside the European Economic Area.
Phone
When you contact us by phone, we collect your phone number and any information provided to us during your conversation with us.
We do not record phone calls.
Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation)
Legitimate interest(s): responding to enquiries and messages we receive and keeping records of correspondence.
Legal basis for processing: necessary to perform a contract or to take steps at your request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation).
Reason why necessary to perform a contract: where your message relates to us providing you with goods or services or taking steps at your request prior to providing you with our goods and services (for example, providing you with information about such goods and services), we will process your information in order to do so.
Transfer and storage of your information
Information about your call, such as your phone number and the date and time of your call, is processed by our third party telephone service provider which is located in United Kingdom.
Post
If you contact us by post, we will collect any information you provide to us in any postal communications you send us.
Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation)
Legitimate interest(s): responding to enquiries and messages we receive and keeping records of correspondence.
Legal basis for processing: necessary to perform a contract or to take steps at your request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation).
Reason why necessary to perform a contract: where your message relates to us providing you with goods or services or taking steps at your request prior to providing you with our goods and services (for example, providing you with information about such goods and services), we will process your information in order to do so.
​
​
​​