Privacy Notice
Last updated: October 2025
This page explains how the Clan Macpherson Museum Trust collects, uses, and protects personal information about visitors, supporters, and online users, in accordance with the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR).
1. Who We Are
The Clan Macpherson Museum Trust (Scottish Charity No. SC020005) operates the Clan Macpherson Museum in Newtonmore, Scotland and is the data controller for personal data processed through the Museum and this website. We are registered with the Information Commissioner’s Office (ICO), registration Z159876X.
2. How to Contact Us
✉️ museum@clan-macpherson.org
📞 +44 (0)1540 673332
📍 Clan Macpherson Museum, Newtonmore, Inverness-shire, PH20 1DE
For data protection concerns, you may also contact the Convenor of Trustees at museum.convenor@clan-macpherson.org
3. What Information We Collect
We collect information that you provide to us, for example:
- Identity and contact details (name, telephone number, postal address, email, country)
- Membership, donation and sponsorship details (including Gift Aid status)
- Recognition and communication preferences
- Comments or special requests you choose to provide
- Payment information is processed securely by our provider (PayPal) under their own privacy notice
CCTV: CCTV operates in the Museum for security; images are overwritten within seven days unless required in connection with a suspected crime
Visitor Surveys: Used to help improve the Museum; we do not collect personal data within these surveys
All collected data is stored securely and handled only by authorised members of the Clan Macpherson Museum team.
4. How We Use This Information
We use the information provided to:
- Respond to enquiries and administer Museum activities
- Process memberships, donations and sponsorships
- Issue fulfilment materials for supporters
- Acknowledge support where permission has been granted
- Send updates about the Museum and Museum Friends/Guardians to those who have provided consent
We use your information under one or more of the following legal bases as appropriate: contract (e.g. memberships and orders), legal obligation (e.g. Gift Aid and financial records), legitimate interests (to operate and improve the Museum and communicate with supporters in line with their preferences), consent (for example email updates or use of a photograph, which can be withdrawn at any time), and vital interests (rare, e.g. in a serious incident).
Where processing relies on consent for under-13s (e.g. featuring a name or image), we obtain consent from a parent or guardian.
Photography and Social Media: If you are a clan member or visitor connected with the Museum, we may request your consent to take and share a photograph of you on our social media channels (including Facebook, Instagram and X).
Your information will not be used for any other purpose, and you may withdraw consent at any time.
5. Who We Share Information With
- We do not sell or trade your personal information.
- We share data only where necessary with trusted service providers under contract and confidentiality.
- Certain authorised members of the Museum team handle membership, donation and fulfilment communications (e.g., welcome materials or renewal notices). Public recognition is always according to your stated preferences.
- If you follow links to external websites (or use embedded content such as maps or videos), any personal information you provide is covered by those services’ own privacy and cookie policies.
- If a crime is suspected, CCTV images may be shared with the police.
Some trusted service providers may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place so your information remains protected.
6. How We Protect Your Information
We take data security seriously. All personal information is stored on secure systems with access restricted to authorised members of the Museum team. Those with access receive appropriate training in data protection and UK GDPR compliance.
We regularly review security and access controls to ensure ongoing compliance with UK data protection law.
Payment details are handled by our payment provider under their own security standards.
7. Data Retention
We keep personal data only as long as necessary for the purpose collected and to meet legal or accounting requirements. For example:
- Enquiry data — until your question has been resolved
- Membership, donation and sponsorship records — for the period required to administer your involvement and to meet legal obligations (e.g., tax/Gift Aid)
- CCTV images — overwritten within seven days unless needed in connection with a suspected crime
8. Use of Cookies and External Links
This website uses cookies to help it function and to improve your experience. You can manage or delete cookies in your browser settings.
This site may include embedded content such as videos, maps, or social media icons, along with links to other trusted websites. These services may use cookies or similar technologies that are outside our control. We encourage you to review the privacy or cookie policies of any external sites you visit.
9. Your Rights Under UK GDPR
You have the right to:
- Be informed about how we use your personal data
- Access your personal data
- Rectify inaccurate information
- Request erasure (where applicable)
- Restrict or object to processing
- Data portability (where applicable)
- Withdraw consent at any time (for consent-based processing)
To exercise your rights, contact us using the details above.
You may also complain to the Information Commissioner’s Office (ICO) at www.ico.org.uk or by post to Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
10. Policy Review
We review this notice regularly to ensure it remains accurate and compliant.
Last reviewed: October 2025