Privacy Notice: Interfaith Sacred Art Forum and Sacred Art in Collections pre-1900 Network
This privacy notice explains how the National Gallery may collect and use your personal data, in connection with our Interfaith Sacred Art Forum and Sacred Art in Collections pre-1900 Network. It describes how we do this and with whom it might be shared, in accordance with the UK General Data Protection (“UK GDPR”) and other applicable information laws. We refer to ourselves throughout this notice as the “Gallery”, “we” or “us”.
The Interfaith Sacred Art Forum (the first network) is for faith community leaders and theologians. The Sacred Art in Collections pre-1900 Network (the second network) is for curators and art historians. Both networks use our collection as a foundation for wide-ranging events and activities that make new connections with sacred art, interfaith dialogue, and public life.
We are the Board of Trustees of the National Gallery. Under the UK GDPR, we are the data controller of the data and registered with the ICO under Data Protection Registration Number: Z5597415. Our address is:
The National Gallery,
Trafalgar Square,
London, WC2N 5DN.
We currently operate the following websites: https://www.nationalgallery.org.uk and https://www.shop.nationalgallery.org.uk.
The National Gallery Global Limited, is a separate wholly owned legal entity whose main purpose is to generate valuable income for the Board of Trustees of the National Gallery. It runs shops in the Gallery, enters into contracts for venue hire at the Gallery, oversees the running of the restaurants and cafes, oversees the sale of audio guides, acts as our agent for ticketed exhibitions and events, and runs our Membership Scheme. It is registered with the ICO under Data Protection Registration Number: Z8038395.
Personal information means any information about an individual from which that person can be identified. This does not include anonymised information. We only collect personal information about you that is necessary to run The Interfaith Sacred Art Forum and Sacred Art in Collections pre-1900 Network.
Special Category Data
We may collect special categories of personal information in limited cases and where there is a clear reason for doing so, such as (in the case of the Interfaith Sacred Art Forum) religious beliefs of faith community leaders and theologians who join this forum; in relation to accessibility, recording accidents, or dietary requirements for events.
We may collect, store, and use the following personal information about you in connection with The Interfaith Sacred Art Forum and Sacred Art in Collections pre-1900 Network:
- your title
- your full name;
- your email address;
- your job role;
- your institution (if affiliated);
- your religious belief, if any (only in the case of the Interfaith Sacred Art Forum);
- your image captured on photography or film taken in the Gallery or at Gallery external events; and
- credit card or other payment information (for paid events).
We will only process your personal information if we have a legal basis for doing so under current UK data protection law, including:
To fulfil our obligations under a contract with you and to otherwise carry out our business, for example to:
- process payment(s) from you (we will not hold your payment details for longer than is necessary to process your transaction);
- fulfil orders for paid events;
- provide important information in relation to The Interfaith Sacred Art Forum or Sacred Art in Collections pre-1900 Network; and
- to respond to your queries (for example, if you email us with a question).
Where we have your consent to process your information, for example when:
- you have asked to receive information about research events; or
- you have agreed to participate in a Gallery-based research project to improve the information we provide on our paintings.
When it is necessary for our legitimate interests, for example to:
- email you about events, news, other opportunities, or updates about the Gallery; and
- storing and retaining your personal information in relation to you on our contact database for the above purposes and to facilitate future bookings.
When we have a legal obligation to do so, for example to:
- detect and reduce the risk of fraudulent transactions in person or online;
- keep our databases up to date including deleting or updating the information we hold about you if we learn such information is inaccurate; and
- invite you to take part in surveys, to improve the Gallery experience and product offering.
We will only retain your personal information for as long as necessary to fulfil our contractual obligations; to comply with legal requirements, tax, and accounting rules, or for other reasonable legal purposes. We shall retain a record of the network conferences (and any personal information contained therein) for our archive.
The retention period will vary according to the nature of the purpose under which the information is held.
We will not sell your personal information to any third parties or external organisations.
As well as sharing within the Gallery companies (i.e., Board of Trustees of the National Gallery and National Gallery Global Limited), we may share your personal information with our service providers/external data processors to carry out work on our behalf. Examples of such service providers/data processors include (we provide detailed information in the Gallery’s main General Privacy Notice):
- Securitas, which provides security and visitor services within the Gallery;
- our email distribution service provider, who sends out our marketing and service communications;
- our ticketing service provider;
- (in relation to events) our catering and other services service providers; and
- named third parties (provided we indicate such persons to you in advance) including our funders and/or sponsors if identified.
Any such companies are acting as our data processors under the UK GDPR and the contracts we enter with them require them to comply with UK data protection laws. This means they can only process your personal information for the purposes we specify, and we ensure they have the appropriate controls in place to protect the security of your information.
You have certain rights concerning your personal information. We provide detailed information about your rights in the Gallery’s main General Privacy Notice, under the section titled ‘What rights do you have in relation to your personal information’.
You acknowledge that it may not always be practicable to remove such personal data from materials which have already been published or otherwise made available to the public. We will use our best endeavours to comply with your wishes in such circumstances.
We follow strict security rules when storing and disclosing your personal information. We provide detailed information in the Gallery’s main General Privacy Notice, under the section ‘How do we keep your information secure’.
All our staff and data processors who have access to and are associated with the processing of your personal information, are legally obliged to respect the confidentiality of your personal information.
The Gallery website uses a technology called ‘cookies’ to improve your experience and personalise the service you receive. We provide further information about this in our Cookies Policy.
If you have any queries or have any concerns about how we process your personal information, you can contact our Data Protection Officer via email at: dataprotection@nationalgallery.org.uk, or by writing to our the Data Protection Officer at: The National Gallery, Trafalgar Square, London, WC2N 5DN.
You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), which oversees the protection of personal information in the UK (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.