Effective Date 27/02/2018
This website may log some information about website users (such as IP addresses). This information is anonymous and is held purely for system administration purposes.
We may collect personally identifiable information about you, such as your full name, phone number and email address, if you choose to purchase a ticket or product from us, our third-party payment processors World Pay will collect your payment information. World Pay will not retain, share, store or use personally identifiable information for any other purposes. Personal information will be stored on a secure server and will be processed by a Bath and North East Somerset Council as the data controller. This data will be held and processed under the terms of the Data Protection Act 2018. Such information may be shared across Bath and North East Somerset Council for the purpose of providing services to you. We will not give information about you to anyone else, or use information about you for other purposes, unless your consent has been given or the law allows this.
The use of your personal information is also covered by our registration under the Data Protection Act 2018. You can, under this legislation, request a copy of the information we hold about you. If any information we hold about you is incorrect please let us know. We are committed to upholding the principles of the Data Protection Act, and will not process your information in a way incompatible with these principles. An individual who seeks access, or to correct, amend or delete inaccurate data should direct his query to [email protected]. If requested to remove data, we will respond within 30 days.
COVID-19 - Recording customer details: how we use your information
To support NHS Test and Trace (which is part of the Department for Health and Social Care) in England, DHSC has provided guidance which we have chosen to follow. The guidance recommends that we collect and keep a limited record of staff, customers and visitors who come onto our premises for the purpose of contact tracing.
By maintaining records of staff, customers and visitors, and sharing these with NHS Test and Trace where requested, we can help to identify people who may have been exposed to coronavirus.
As a customer or visitor of the Roman Baths you might be asked to provide some basic information and contact details. The following information will be collected:
- the names of the lead booker
- a contact phone number for the lead booker
- an email address for the lead booker
- date of visit
- The venue or establishment as the data controllers for the collection of your personal data, will be responsible for compliance with data protection legislation for the period of time it holds the information. If that information is requested by the NHS Test and Trace service, the service would at this point be responsible for compliance with data protection legislation for that period of time. NHS Test and Trace as part of safeguarding your personal data, has in place technical, organisational and administrative security measures to protect your personal information that it receives from the venue or establishment, that it holds from loss, misuse, and unauthorised access, disclosure, alteration and destruction.
We will only share information with NHS Test and Trace if it is specifically requested by them. For example, if other customers at the venue subsequently tested positive, NHS Test and Trace can request the log of customer, visitor and staff details on a particular day.
Under government guidance, the information we collect may include information which we would not ordinarily collect from you and which we therefore collect only for the purpose of contact tracing. Information of this type will not be used for other purposes, and NHS Test and Trace will not disclose this information to any third party unless required to do so by law (for example, as a result of receiving a court order). In addition, where the information is only collected for the purpose of contact tracing it will be destroyed by us 21 days after the date of your visit.
However, the government guidance may also cover information that we would usually collect and hold onto as part of our ordinary dealings with you (perhaps, for example, your name and phone number). Where this is the case, this information only will continue to be held after 21 days and we will use it as we usually would, unless and until you tell us not to.
Your information will always be stored and used in compliance with the relevant data protection legislation. The use of your information is covered by the UK General Data Protection Regulations Article 6 (1) (f) – legitimate interests of the venue or establishment. The legitimate interest in this case is the interest of the venue/establishment in co-operating with NHS Test and Trace in order to help maintain a safe operating environment and to help fight any local outbreak of coronavirus.
Collection of information from or about children under the age of 18 requires the consent of their parent or guardian.
By law, you have a number of rights as a data subject, such as the, right to be informed, the right to access information held about you, the right to rectification on any inaccurate data that we hold about you. You have the right to request that we erase personal data about you that we hold (although this is not an absolute right). You have the right to request that we restrict processing of personal data about you that we hold in certain circumstances. You have the right to object to processing of personal data about you on grounds relating to your particular situation (also again this right is not absolute). If you are unhappy or wish to complain about how your information is used, you should contact a member of staff in the first instance to resolve your issue.
If you are still not satisfied, you can complain to the Information Commissioner’s Office.
We keep our privacy notice under regular review, and we will make new versions available on our privacy notice page here.
By purchasing a ticket or product from our website you consent to allowing us to contact you in relation to purchase. In addition to this whenever we ask you for information about yourself you may tick the relevant box to opt in to receive marketing communications from us, e.g. e-newsletters. Whenever we contact you through email you will be told how to opt out of being updated by email in the future. If you opt in to receive our marketing communications the information collected through the Mailchimp Service may be stored and processed in the United States, Europe, or any other country in which Mailchimp or its subsidiaries, affiliates or service providers maintain facilities.
This privacy statement only covers the websites run by the Heritage Services section of Bath & North East Somerset Council. Other links within these sites to other websites are not covered by this privacy statement.
We aim to ensure that our websites are up to date and relevant for our visitors. To help us achieve this goal we use Google Analytics and other analytical systems to analyse anonymous data collected by cookies about how visitors use our websites. This data also helps us to measure the success of our marketing campaigns across Heritage Services.
Measuring website usage (Google Analytics)
We use Google Analytics on an ongoing basis to collect information about how people use the website, and from time to time share other third-party services. We do this to make sure we are meeting our users' needs and to understand how we can improve the site.
Google Analytics stores information about what pages you visit, how you got here and what you click on. We do not collect or store any personal information (e.g. your name or address) so this information cannot be used to identify you. We do not allow Google to share our analytics data.
We use Google Analytics Demographics and Interest Reporting to more accurately determine visitors by age, gender and interests. This helps us better establish the types of content we make available and what we produce online is relevant to our audiences.
You can opt out of Google Analytics by implementing the Google Analytics Opt-out Browser Add-on.