Wednesday to Sunday, 10:00 to 17:00
Last entry at 16:30
Open on Bank Holidays
Entry is free
Sir John Soane’s Museum is committed to protecting your privacy and security. The personal information we collect, process and use is treated securely and in accordance with this privacy notice, the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. This privacy notice explains how and why we use personal data relating to visitors to Sir John Soane’s Museum and its website. It is intended to help ensure that you remain informed and in control of your information.
Sir John Soane’s Museum was founded in 1833 by private Act of Parliament. The Museum is now governed in accordance with the Charities (Sir John Soane’s Museum) Order, 1969 and is a charity registered in England with charity number 313609. It is also a Non-Departmental Public Body funded by a combination of grant-in-aid allocated by the Department for Digital, Culture, Media and Sport (DCMS) and income secured through commercial, fundraising, sponsored and charging activities (the Charity). The Trustees of Sir John Soane’s Museum own and control an associated company, Soane Museum Enterprises, which is registered in England with company number 08171280, which supports the Museum’s mission (the Company).
The official address of Sir John Soane’s Museum and Soane Museum Enterprises is 13 Lincoln’s Inn Fields, London WC2A 3BP.
The Charity and the Company (together, “us”, “we”, “our”) are data controllers of the personal data that you provide to us. The Company’s key activities are described on our website here: https://www.soane.org/about/soane-museum-enterprises.
If you have any questions about this privacy notice, or if you would like to exercise any of your legal rights in respect of your personal data, please contact the Charity’s Data Protection Officer, and the Company’s point of contact using the following details:
2.1 Information you provide to us
We collect personal data you provide to us. This includes information you give when you communicate with us, choose to support us as a member (of the Friends of the Soane, the Soane Patrons’ Circle or the Soane Inspectress’s Fund) or purchase membership as a gift for someone else, purchase tickets, products or services, sign up to receive emails from us, make a donation, or enter into a contract with us. For example, we may collect:
2.2 Information from your visits and involvement with us
Your visits to, activities and involvement with us will result in personal data being collected by us through communications between us, our library log, and CCTV. Personal data collected may include:
2.3 Information from third parties
We sometimes receive personal data about you from third parties, for example, if we are partnering with another organisation or where we may use third parties to help us conduct research and analysis about you to determine the success of our public offer and to help us to provide you with a better experience.
2.4 Information from our website
When you use our website, we collect your information through cookies when you access and navigate around it. We collect information such as your location and internet protocol (IP) address, operating system, browser version, the content viewed during a particular browsing session, and how long you stayed on a particular page (see further information relating to cookies, below).
If you confirm that you are happy for us to do so, we will use your personal data to communicate with you in order to promote our activities and events and to help with fundraising. This includes keeping you up to date with our exhibitions, events and products in our shop, and to send you general information about ways you may be able to support us or benefit from Sir John Soane’s Museum.
We use your personal data for administrative purposes including:
3.3 Internal research
We carry out research and analysis on our visitors, members and other supporters to determine the success of our public offer and programmes and other activities in the public interest and to help us provide you with a better experience (for example so that you only receive communications about areas of our activities or research you are mostly likely to be interested in).
We may evaluate, and categorise your personal data in order to tailor materials, services and communications (including targeted advertising) to your needs and preferences and to help us understand our audiences.
4. Sharing your information with others
We will never sell your personal data.
If you have opted-in to marketing, we may contact you with information about our partners. These communications will always come from us and will usually be incorporated into our own marketing.
We may share your personal data with contractors or suppliers who provide us with services, for example, we may use a mailing house for the distribution of the Annual Review and we use email providers for our marketing communications. Information is transferred to data processors securely and we retain full responsibility for your personal data as the data controller. These activities are carried out under a contract which imposes GDPR requirements on our suppliers to keep your personal data confidential and secure.
Occasionally, we arrange events with other organisations, for example Sir John Soane’s Museum Foundation, a tax exempt organisation under section 501 (c) 3 of the US Internal Revenue Code. We do not share your information with other organisations, we will share information about the event with you and you can choose whether or not to register for those events and share your personal data with them.
We may share your personal data where required to do so for prevention of crime or for taxation purposes (for example with the police, HMRC) or where otherwise required to do so by other regulators or by law (e.g. the Charity Commission, Companies House), in line with our Donations Due Diligence policy.
5.1 Where we have a contractual relationship with you
We will process your personal data because it is necessary for the performance of a contract with you (for example, when you purchase our products or services) or to take steps at your request prior to entering into a contract. In this respect, we use your personal data for the following:
5.2 Legitimate interests
Where the Company is data controller, we also process your personal data because it is necessary for our or a third party's legitimate interests. Our legitimate interests include our commercial interests. In this respect, we may use your personal data for the following:
5.3 Legal obligations
We also process your personal data for our compliance with our legal obligations. In this respect, we may use your personal data for the following:
For these purposes we may provide your data to our auditors, the police and other competent authorities.
We also process your personal data where we have your specific consent to do so (for example, where we have sought and obtained your consent to send you direct marketing by email).
5.5 Public task
Where the Charity is data controller, we also process your personal data because it is necessary for the performance of a task carried out in the public interest. This may include processing personal data for administrative purposes in order to allow the public free access to the Museum; to encourage the public to appreciate and explore all aspects of the Museum and its collections whether as visitors or at a distance; and to provide opportunities for education in its broadest sense in all aspects of architecture and the history of art.
Unless you have already given us your email address or telephone number so that we can tell you about making donations to us or about the supply of goods and services we must ask you to ‘opt-in’ to receive fundraising and marketing emails from us. You have the choice as to whether you want to receive or continue to receive these messages. You are also able to select how you want to receive them (post, phone, email,) and to change your preference at any time.
When you receive a communication from us, we may collect information about your response and this may affect how we communicate with you in future.
6.2 Newsletters and magazines
If you are a Friend, Patron, Member of the Inspectress’s Fund or have supported us recently, we will send you the Annual Review (unless you specifically ask us not to) and you can choose to unsubscribe from receiving the Annual Review and other general marketing communications at any time.
7.1 Information for parents and guardians
We take great care to protect and respect the rights of individuals in relation to their personal data, especially in the case of those aged 16 or younger.
We will not use the personal data of children or young people for marketing purposes.
Personal data about children and young people is only accessible by our staff on a strictly need-to- know basis.
8.1 Technical and organisational measures
We employ a variety of physical and technical measures to protect information we hold and to prevent unauthorised access to, or use or disclosure of your personal data.
Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means). Staff receive data protection training and we maintain a set of data protection procedures which our staff are required to follow when handling personal data.
8.2 Payment security
All electronic forms that ask you for your financial data will use the Secure Sockets Layer (SSL) protocol to encrypt the data between your browser and our servers.
If you use a payment card to donate, to support as a Member or purchase something from us on-line, we will pass your payment card details securely to our payment provider. We comply with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council.
Sir John Soane’s Museum premises are protected by CCTV and you may be recorded when you visit the Museum. We use CCTV to help provide a safe and secure environment for visitors, our staff and for the collection and to prevent or detect crime.
The system is managed in accordance with our standard operating procedures and with good practice guidance issued by the Information Commissioner’s Office. CCTV images will only be accessed by authorised security staff and are stored for 6 months.
10.1 Where we store data
We are wholly based in the UK and store data within the European Economic Area.
10.2 Retention of your personal data
We will only retain your personal data for as long as it is required for the purposes for which we collected it (e.g. we have a genuine and legitimate reason and we are not harming any of your rights or interests). This will depend on our legal obligations and the nature and type of information and the reason for which we collected it. For example, should you ask us not to send you marketing emails, we will stop using your address for marketing purposes; however, we will need to keep a record of your preference.
We continually review what information we hold and will delete personal data which is no longer required.
11. International transfers of personal data
In the course of providing services to you, some of the personal data we process about you may be transferred to suppliers at a destination outside of the European Economic Area. In these circumstances, your personal data will only be transferred on one of the following bases:
We want to ensure you remain in control of your personal data. Under the GDPR you have the following rights in relation to our processing of your personal data:
Please note that the above rights are not absolute, and we may be entitled to refuse your requests where exceptions apply. For example, if you ask for your personal data to be erased, we may nevertheless continue to maintain certain details about you for our accounting and audit purposes and to comply with our legal obligations.
If you would like further information on your rights or wish to exercise them, or have a complaint about how we have used your personal data, please contact our Data Protection Officer or point of contact using the contact details provided at the start of this privacy notice.
13.1 About Cookies
Cookies are small text files stored in your browser and are used by most websites to help personalise your web experience. You can change your browser settings to block cookies at any time – there is a guide on how to do this at aboutcookies.org. Please note that if you do block cookies, some features on this site will not be available to you and some pages may not display properly.
13.2 Google Analytics Cookies
These cookies allow us to count page visits and traffic sources so we can measure and improve the performance of our site, using a service provided by Google Analytics. The data collected by these cookies is anonymised. Cookies used: _ga; _gat; _gid; _gali
13.3 Third Party Cookies
These cookies may be set through our website by other companies. Data may be collected by these companies that enable them to serve up adverts on other sites that are relevant to your interests. The list of third party cookies currently set on the Soane website include:
13.4 Mailchimp Cookies: SSL
13.5 Twitter Cookies: _ga; _gat; _gid; _twitter_sess; ads_prefs; auth_token; ct0; dnt; eu_cn; guest_id; kdt; personalization_id; remember_checked_on; twid
Our websites contain links to other external websites. We are not responsible for the content or functionality of any such websites. Please let us know if a link is not working by contacting firstname.lastname@example.org
If a third party website requests personal data from you (e.g. in connection with an order for goods or services), the information you provide will not be covered by this privacy notice. We suggest you read the privacy notice of any other website before providing any personal information.
We may amend this privacy notice from time to time to ensure it remains up-to-date and continues to reflect how and why we use your personal data. The current version of our privacy notice will always be posted on our website.
This Policy was approved in February 2019 and will be reviewed no later than 2021.