Privacy and data protection statement
This is the current Privacy and Data Protection Statement for Wales Millennium Centre website.
Your personal data
Wales Millennium Centre will use all reasonable endeavours to ensure that the User's privacy is protected. When the User registers with Wales Millennium Centre and places an order Wales Millennium Centre will require the name, delivery address, email address and telephone number. This information allows Wales Millennium Centre to fulfil the User's order and notify the User of the status of the order. Details of payment card numbers will be held on a secure server.
Wales Millennium Centre may ask the User to answer various general questions about themselves including any areas in which the User is interested so that information can be tailored to cover the areas in which Wales Millennium Centre believe the User might be interested for future reference.
Wales Millennium Centre would like to use the User's information for the purpose of providing them with material about any special areas of the Corporation which is believed may be of interest to the User and for related marketing purposes. Wales Millennium Centre will only provide the User with this material if the User has ticked the "opt-in" box on their Registration Form.
If at any time the User wishes to receive material about any other Wales Millennium Centre areas which they currently do not receive or if the User wishes to stop receiving any material the User may request amendment or removal of their preferences by amending the "opt-in" box on their Registration Form.
The personal data collected by Wales Millennium Centre will be evaluated periodically to determine whether it should continue to hold such data. The User may notify the Corporation if they do not wish data to be continually held by email.
Wales Millennium Centre does not intend to export User data outside the European Union and will only be storing the information supplied together with details of the activities the User has undertaken with Wales Millennium Centre and mailings that have been sent.
Statistics
Wales Millennium Centre may provide aggregate statistics about customers, sales, traffic patterns and related site information to reputable third party vendors but these will not include any personally identifying information.
Monitoring of user traffic
Wales Millennium Centre may monitor user traffic on an aggregate basis in order to help it develop and improve the website for the benefit of all users.
Security
Users are advised that the Internet is not a fully secure medium. Wales Millennium Centre will use reasonable endeavours to keep user information confidential and store it on a secure server which is password protected and hidden behind a firewall from the outside world. Internal procedures cover the storage access and disclosure of user information. Wales Millennium Centre will not sell or pass user information on to any third parties without first obtaining the user's consent.
Transmission of data outside the EU
Because the Internet infrastructure is global and it is not possible to predict the routes that information sent over the Internet will take, the information the User provides may be transferred temporarily via a route which takes it outside the European Economic Area as it passes between the User and the Corporation. By submitting your information you consent to this transfer.
Disclosure
Wales Millennium Centre may disclose personal information if required to do so by Law or in good faith believes it is required to do so by any order of the Courts or other competent body or agency or may do so to protect or defend the rights or property of the Corporation or to protect the personal safety of the User's employees or the public at large.
Links
Wales Millennium Centre website has links to other websites which will have different privacy trading and use policies and conditions and the User should familiarise himself with the same.
Data protection
Wales Millennium Centre uses all reasonable endeavours to comply with the Data Protection Act 1998 and the following principles:
- Personal data should be processed fairly and lawfully. This means that individuals should not be deceived or misled into supplying information
- Data should only be obtained for a specified purpose and should not be used for any other purpose
- Personal data should be adequate relevant and not excessive in relation to its purpose
- Personal data should be accurate and up to date where necessary
- Personal data should not be kept longer than is needed for its intended purpose
- Personal data should be processed in accordance with the rights of the individual which the information concerns
- Appropriate measures should be taken against unlawful processing or destruction of records Computer systems should have back up facilities and security provisions
- Personal data should not be transferred outside the European Economic Area (the EU states plus Liechtenstein Iceland and Norway)
For more information on the Data Protection Act, you can call (UK) 01625 545 700 or visit the Information Commissioner's website at http://www.informationcommissioner.gov.uk