Cart Icon My Basket (empty)

Privacy Policy


The Munnings Art Museum is committed to protecting your privacy and security. This privacy policy explains how and why we use your personal data and is intended to help ensure that you remain informed and in control of your information.

1. About us

The Museum is governed by the Castle House Trust. The objective of the Trust is to operate an art Museum for the benefit of the public. The Museum’s premises at Castle House, Dedham, Essex was once the home of artist, Sir Alfred Munnings. The paintings within the collection and on display are predominately by Munnings. Sir Alfred’s widow endowed the Trust in the 1960s with the house and surrounding land along with the collection of paintings which form the core of the collection.

The official address of The Munnings Art Museum is Castle House, Castle Hill, Dedham, Colchester, Essex, CO7 6AZ.

2. Your Personal Data

We collect “personal data”, which is information that identifies a living person, or which can be identified as relating to a living person.

When we talk about “you” or “your” in this policy we mean any living person whose personal data we collect.

When we talk about “Supporters” we are referring to subscribing members of The Munnings Art Museum.

3. Personal data we hold

We hold the following categories of personal data:

3.1. Personal data you provide

We collect data you provide to us. This includes information you give when you communicate with us, apply for a year pass, purchase tickets, products or services, sign up to receive communications from us, make a donation, apply for employment, volunteer or enter into a contract with us. For example we may hold:

3.2. Personal data generated by your involvement with the Museum

Your activities and involvement with the Museum will result in personal data being generated. This could include:

3.3. Personal data from third parties

We sometimes receive personal data about you, for example if we are partnering with another organisation, conducting research and analysis to determine the success of our public offering and to help us provide with you a better experience, or from social media.

Occasionally, we may collect personal data about you from the media or elsewhere.

3.4. Special category (‘sensitive’) personal data

We do not normally collect or store special categories of personal data. However there are some situations where we may need to do so. These may include, for example, if you work or volunteer with us or apply to do so, or if we need to know about any access, medical or dietary requirements you, or someone in your care, may have.

4. How we use your personal data

4.1. General use

We only ever use your personal data with your consent, or where it is necessary in order to:

4.2. Marketing

We use your personal data to communicate with you in order to promote our activities and events and to help with fundraising. This includes keeping you up to date with our exhibitions, events and products in our shops, and to send you general information about fundraising and other ways you may be able to support us or benefit from The Munnings Art Museum.

4.3. Administration

We use your personal data for administrative purposes including:

4.4. Internal research and profiling

We carry out research and analysis on our visitors to determine the success of our public offer and programmes and other activities in the public interest and to help us provide you with a better experience (for example so that you only receive communications about areas of our activities or research you are mostly likely to be interested in).

We may evaluate, categorise and profile your personal data in order to tailor materials, services and communications (including targeted advertising) to your needs and your preferences and to help us to understand our audiences. For example, we may keep track of the amount, frequency and value of your support. This information helps us to ensure communications are relevant, timely and in the best interest of our charitable purposes.

5. Disclosing and sharing your personal data

We will never sell your personal data.

If you have opted-in to marketing, we may contact you with information about our selected partners. These communications will always come from us and will usually be incorporated into our own marketing.

Where necessary we may share your personal data with contractors or suppliers who provide us with services. For example, we may use a mailing house for the distribution of our leaflets; we use Direct Debit processors for the handling of payments and email providers for our marketing communications. Information is transferred to data processors securely, and we have to retain full responsibility for your personal data as the data controller. These activities are carried out under a contract which imposes strict requirements on our suppliers to keep your personal data confidential and secure.

Occasionally, we arrange events with other organisations, for example The Friends of Palace House: The National Heritage Centre for Horseracing Museum and Sporting Art, Newmarket. We may share your personal data with such organisations, for example where you register to attend events. We will only share information when necessary and only for the purposes of the event in question.

We may share your personal data where required to do so for prevention of crime or for taxation purposes (for example, with the police, HMRC) or where otherwise required to do so by other regulators or by law (e.g. the Charity Commission, Companies House).

6. Fundraising and marketing communications

6.1. Consent

Unless you have already given us your email address or telephone number so that we can tell you about events and activities, making donations to us or about the supply of goods and services, we will ask you to “opt-in” to receive newsletters and marketing emails from us. You have the choice as to whether you want to receive or continue to receive these messages. You are also able to select how you want to receive them (post, phone, email, text) and to change your preferences at any time.

When you receive a communication from us, we may collect information about your response and this may affect how we communicate with you in future.

7. Children and young people

7.1. Information for parents and guardians

We take great care to protect and respect the rights of individuals in relation to their personal data, especially in the case of those aged 13 or younger.

We will not use the personal data of children or young people for marketing purposes and we will not profile it.

Personal data about children and young people is only accessible by our staff on a strictly need to know basis.

8. Data security

8.1. Protection

We employ a variety of physical and technical measures to protect information we hold and to prevent unauthorised access to, or use or disclosure of your personal data.

Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means). Staff receive data protection training and we maintain a set of data protection procedures which our staff are required to follow when handling personal data.

8.2. Payment security

Online payments for tickets are made through ArtTickets, a booking system managed and maintained by the Art Fund. Payments for shop goods are processed through PayPal. The information you provide to ArtTickets and Paypal will not be covered by this privacy policy. We suggest you read the privacy notice of these websites before providing any personal information.

If you use a payment card to donate or to purchase something from us over the phone we will process your payment card details promptly and securely with our payment provider. We comply with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council.


The Munnings Art Museum premises are protected by CCTV and you may be recorded when you visit the Museum. We use CCTV to help provide a safe and secure environment for visitors, for our staff and for the collection and to prevent or detect crime.

The system is managed in accordance with our standard operating procedures and with good practice guidance issued by the Information Commissioner’s Office. CCTV images will only be accessed by authorised staff and are stored for up to 30 days, unless flagged for review.

10. Storing your personal data

10.1. Where we store data

We are wholly based in the UK and store data within the European Economic Area.

10.2. Retention of your personal data

We will only retain your personal data for lawful purposes and for as long as it is required.

11. Control of your personal data

11.1. Your rights

We want to ensure you remain in control of your personal data and that you understand your legal rights, which are:

There are some exceptions to the rights above and, although we will always try to respond to any instructions you may give us about our handling of your personal information, there may be situations where we are unable to meet your requirements in full.

11.2. Complaints

Should you have a complaint about how we have used (‘processed’) your personal data, you can complain to us directly by contacting our Data Controller in the first instance.

If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to the UK Information Commissioner’s Office which regulates and enforces data protection law in the UK. Details of how to do this can be found at

12. Cookies

Our websites use local storage (such as cookies) in order to provide you with the best possible experience and to allow you to make use of certain functionality (such as being able to shop online). Further information can be found in our Cookies Policy at:

13. Links to other sites

Our websites contain links to other external websites. We are not responsible for the content or functionality of any such websites. Please let us know if a link is not working by contacting

If a third party website requests personal data from you (e.g. in connection with an order for goods or services), the information you provide will not be covered by this privacy policy. We suggest you read the privacy notice of any other website before providing any personal information.

14. Changes to this privacy policy

We may amend this privacy policy from time to time to ensure it remains up-to-date and continues to reflect how and why we use your personal data. The current version of our privacy policy will always be posted on our website.

Any questions you may have in relation to this privacy policy or how we use your personal data should be sent to our Data Controller, The Munnings Art Museum, Castle House, Castle Hill, Dedham, Colchester, Essex, CO7 6AZ or email

This Policy was revised in 2021 and will be reviewed no later than 2024.