Privacy Policy 🔒

Last modified on July 08, 2025

Version 1. This policy is currently undergoing revision and changes will be notified immediately with the last modified notice (above).

At Combe Martin Museum and Information Point, we are committed to protecting the privacy and security of your personal data.

This policy explains how we collect, use, and safeguard the information you provide to us when you visit our website or museum.

Data Collection and Usage

We collect various types of personal data from visitors to our website and museum to enhance your experience and provide relevant information. This data includes:

  • Contact Information: When you contact us through our website or in person, we may collect your name, email address, and phone number to respond to your enquiries and provide information about our exhibits, events, and services.
  • Website Usage Data: We use cookies and similar technologies to collect information about your browsing activity on our website, such as pages visited, time spent on site, and referring URLs. This data helps us improve our website's performance and tailor content to your interests.
  • Cookies: We use cookies and similar technologies to collect information about your browsing activity—such as pages visited, time spent on site, and referring URLs—to improve our website’s performance and personalise your experience. You’ll see a Cookie Notice when you access our site. You can accept or reject cookies.
  • Museum Visit Data: During your visit to Combe Martin Museum, we may collect data for statistical purposes, such as visitor numbers and exhibit popularity. This data is anonymised and used to improve our museum layout and exhibit offerings.

We use this data to:

  • Respond to your enquiries and provide customer support.
  • Personalise your experience on our website and in the museum.
  • Analyse website traffic and improve our online content.
  • Keep you informed about upcoming events, exhibitions, and special offers (with your consent).

Data Controller:

Combe Martin Museum & Tourist Information Point is the data controller at Cross St, Combe Martin, EX34 0DY, England. 

Management of Museum Business and Confidentiality:

Please do not contact the Webmaster for Museum Business or Confidential enquiries. Please email all Museum Business and Enquiries to Management only. 

Webmaster's Role: The webmaster’s role is purely technical and administrative—focused on site maintenance, updates, and user experience. 

Data Protection and Security

We take the security of your personal data seriously and have implemented a range of measures to protect it from unauthorised access, use, or disclosure. These measures include:

  • Personal Information: Please do not provide or offer any personal information which you do not wish to be processed.
  • Encryption: We use encryption to protect sensitive data transmitted online.
  • We use industry-standard encryption (SSL/TLS) to secure data transmitted between your browser and our website.
  • Verify this encryption by looking for "https://" in the address bar and the padlock icon in your browser.
  • Any information you share with us—such as contact details—is protected during transmission.
  • Secure Storage: We store personal data on secure servers with restricted access.
  • Regular Security Audits: We conduct regular security audits to identify and address potential vulnerabilities.
  • Employee Training: Our employees receive training on data protection best practices.

Data Sharing with Third Parties

We do not share your personal data with third parties unless it is necessary to provide our services or comply with legal requirements. The third parties with whom we may share your data include:

  • Service Providers: We may share data with trusted service providers who assist us in operating our website, processing payments, or sending emails. These providers are contractually obligated to protect your data and only use it for the purposes we specify.
  • Legal Authorities: We may disclose personal data to legal authorities if required by law or in response to a valid legal request.

Data Retention and Deletion

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, including providing our services, complying with legal obligations, and resolving disputes.

When personal data is no longer needed, we securely delete or anonymise it.

Our data retention periods vary depending on the type of data and the purpose for which it was collected.

For example, we may retain contact information for customer service purposes for a period of two years after the last interaction. Website usage data is typically retained for one year.

You have the right to request the deletion of your personal data. To do so, please contact the website administrator.

This Privacy Policy will next be reviewed on date: 01 August 2025.