National Brewery Heritage Trust.

Search both the NBHT collection and the partner brewery archives, in association with The National Archives

 The National Brewery Heritage Trust Limited

A charitable company limited by guarantee

Companies House No: 7754069.  Charity Registration Number: 1147391

Privacy Policy compiled in the light of the General Data Protection Regulations 2018

Agreed by The NBHT Trust Board on 4 September 2025

The privacy of our members and customers is very important to us all at The National Brewery Heritage Trust. Accordingly, we have adopted this Policy so you can understand how we collect, use, communicate and disclose and make use of personal information. The following summarises our privacy policy.

Summary of Privacy Policy:

•     Before or at the time of collecting personal information, we will identify the purposes for which information is being collected.

•     We will collect and use personal information solely with the objective of fulfilling those purposes specified by us and for other compatible purposes, unless we obtain the consent of the individual concerned or as required by law.

•     We will only retain personal information as long as is necessary for the fulfilment of those purposes. 

•     We will collect personal information by lawful and fair means and, where appropriate, with the knowledge or consent of the individual concerned.

•     Personal data should be relevant to the purposes for which it is to be used, and, to the extent necessary for those purposes, should be accurate, complete, and up to date.

•     We will protect personal information by reasonable security safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.

•     We will make readily available to customers information about our policies and practices relating to the management of personal information.

We are committed to conducting our business in accordance with these principles to ensure that the confidentiality of personal information is protected and maintained.

 Purpose of Policy:

•     The Policy has been prepared to comply with the Data Protection Regulations (May 2018).

•     The Policy is aimed at protecting Data Subjects (members, customers, donors and other individuals for whom the Trust might hold personal information).

Responsibilities:

•     The Trustees/Directors have overall responsibility for ensuring that the organisation complies with its legal obligations.

  •  The Trust has appointed a Data Protection Officer for administration purposes. The role sits with the Vice Chair of the Trust.  However, the Board carries the collective responsibility for:

o    Ensuring its members are aware of their Data Protection responsibilities.

o    Reviewing Data Protection and related policies.

o    Handling subject access and any other data related requests.

o    Keeping abreast of the use made by the Trust of the data held.

•     Any volunteers retained by the Trust, or organisations working on the Trust’s behalf, must conform to the Trust’s data protection and privacy policies.

 What information we collect:

  • Personal details (name, email address, organisation, postal address etc.) when you join as a member, give a donation or join the mailing list.
  • whether subscriptions and donations are gift-aided
  • whether you pay by standing order /direct debit
  • personal details (name, email address, postal address, telephone number etc.) when you order a product from us
  • details of your order placed and whether you have opted in to receive marketing correspondence from us

We do not hold credit/debit card details. These are handled by PayPal and covered by its data protection policy.

How we use information:

We use personal data for administrative purposes i.e. to carry on our charity and conservation work. This includes:         

  • receiving subscriptions, donations (e.g. direct debits/standing orders or gift-aid instructions)        
  • maintaining databases of members, donors and customers         
  • performing our obligations under membership contracts        
  • fulfilling orders for goods or services, whether placed online, over the phone or in person         
  • helping us respect your choices and preferences e.g. if you ask not to receive marketing correspondence, we’ll keep a record of this.
  • maintaining a mailing list to keep interested parties up to date with NBHT news (this is saved in a 3rd party system which complies with GDPR legislation).

Otherwise we only ever use your personal information with your consent, or where it is necessary to:        

  • enter into or perform a contract with you        
  • comply with a legal duty         
  • protect your vital interests         
  • for our own (or a third party’s) lawful interests, provided your rights don’t override these.

Sharing personal information: 

We may share personal data with subcontractors or suppliers who provide us with services, in which event we will impose strict requirements on our supplier to keep your information confidential and secure. Other instances where the Trust will share or exchange its personal information will be rare and should these occur Data Subjects will be asked for their permission in advance of such action being taken.  Examples might be an exchange of membership lists between like charitable organisations. The Trust will never sell personal information.

Archiving: 

All data will be reviewed periodically and where the Data Subject is no longer a member or customer of the Trust will be permanently deleted.  However, to comply with financial regulations, data relating to monetary transactions with the Trust will be held for a maximum of 6 years.

Subject access:

The basic provision is that, in response to a valid request in writing to the Company Secretary, a permanent, intelligible copy of all the personal data held on that Data Subject at the time the application was made, will be provided.

Marketing:

Underlying principles – The Trust treats the following activities as Marketing: annual subscription reminders for members, seeking donations, marketing goods and services sold for the purpose of raising funds for the Trust, promoting sponsored events, and keeping you up to date with our news, updates, and fundraising activities, etc.  The Trust will apply the marketing principles of the provisions of the GDPR to such activities, by seeking consent from Data Subjects, via a tick box or equivalent to opt into receiving information on such activities.

Withdrawing consent:

Once given, consent can be withdrawn at any time, (but not retrospectively) either by opting out via our website www.breweryheritage.com, or by writing to National Brewery Heritage Trust c/o Burton Town Hall, King Edward Place, Burton upon Trent, Staffs, DE14 2EB

Links to other sites

Our website contains hyperlinks to other websites. We are not responsible for the content or functionality of those external websites. If an external website requests personal information from you, the information you provide will not be covered by The Trust’s Privacy Policy.  We suggest you read the privacy policy of any website before providing any personal information.

Changes to this Privacy Policy

We will amend this Privacy Policy from time to time to ensure it remains up-to-date and accurately reflects how and why we use your personal data. The current version of our Privacy Policy will always be posted on our website. This Privacy Policy was ratified by the Board on 4 September 2025.