Personal data that the Company obtains from you via Our online presence at this website and how it is protected is governed by this Privacy Policy (regardless of where you visit it from) (the “Policy”). This Policy does not cover data that you submit on other websites, even if We communicate with you on those sites. For example, if you post something on Facebook, Twitter, or YouTube, that data is governed by the privacy policies on those websites, and is not governed by this Policy.
1. BACKGROUND
Museum of Illusions London Ltd (“Company,” “We,” “Us,” “Our”) is committed to protecting the personal data you share and/or store with Us. By using Our website (the “Service(s)”), you acknowledge this Privacy Policy, which applies to transactions and activities and data gathered through the Company’s website (the “site” or “website”). We collect data about the apps, browsers, and devices you use to access the Services, which helps Us fulfil and improve this Service and optimise your user experience. This Policy describes Our practices for collecting, using, maintaining, protecting, and disclosing that data and tells you about your privacy rights and how the law protects you.
This Policy applies to data We collect:
- On Our website.
- In email, text, and other electronic messages between you and Our website.
- Through Our mobile applications, which provide dedicated non-browser-based interaction between you and Our website.
- When you interact with Our advertising and applications on third-party websites and services, if those applications or advertising include links to this Policy.
It does not apply to data collected by:
- Us offline or through any other means, including on any other website operated by the Company or any third party; or
- Any third party, including through any application or content (including advertising) that may link to or be accessible from or through Our website.
Our website is not primarily intended for children. However, we may process limited personal data relating to children where this is necessary for bookings or services and such data is provided by a parent or legal guardian. Please read this Policy carefully to understand Our policies and practices regarding your personal data and how We collect or process it so that you are fully aware of how and why we are using your data. If you do not agree with Our policies and practices, your choice is not to use Our website. By accessing or using Our website, you agree to this Policy. This Policy may change from time to time. Your continued use of Our website after We make changes is deemed to be acceptance of those changes, so please check the Policy periodically for updates.
Controller
The Company is the controller and responsible for your personal data.
We have appointed a Data Protection Contact who is responsible for overseeing questions in relation to this Policy. If you have any questions about this Policy, including any requests to exercise your legal rights, please contact the Data Protection Contact using the details set out below.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Contact Details
If you have any questions about this Policy or Our privacy practices, please contact our Data Protection Contact in the following ways:
Full name of legal entity: Museum of Illusions London Ltd
Email address: info@moilondon.uk
Postal address: Museum of Illusions London LTD, C/O Hunters Law Llp, Lincoln's Inn, 9 New Square
London, United Kingdom, WC2A 3QN
Changes to the Privacy Policy
We keep this Policy under regular review.
Your Duty to Inform Us of Changes
It is important that the personal data we hold about you is accurate and current. Please keep Us informed if your personal data changes during your relationship with Us.
Third-party Links
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave Our website, we encourage you to read the privacy policy of every website you visit.
2. WHAT DATA DO WE COLLECT FROM YOU?
Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We collect personal data that may identify you when you voluntarily access Our site from your computer or mobile device, register your email address on Our site, enter a contest or sweepstakes, respond to a survey or communication such as email, or engage with another site feature. The data We may collect, use, store and /or transfer on or through Our website may include data:
- Identity data such as first and last name any previous names, username or similar identifier, and date of birth where required.
- Contact data such as postal address, email address, telephone number, or any other identifier by which you may be contacted online or offline.
- Transaction data includes [details about payments to and from you and other details of products and services you have purchased from Us].
- Profile data includes [your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses].
- Usage data includes [data about how you interact with and use Our website, products and services].
- Marketing and Communications data includes [your preferences in receiving marketing from Us and Our third parties and your communication preferences].
- Technical data including your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access Our website..
- Financial data such as bank account and payment card details for the fulfilment of your orders. Payments are processed by third-party payment providers who act as independent controllers or processors of your personal data in accordance with their own privacy policies.
CCTV data. We may collect personal data through the use of closed-circuit television (CCTV) systems installed at our premises for safety, security and operational purposes. This may include images and video recordings of visitors. CCTV data is processed on the basis of our legitimate interests in ensuring the safety of visitors and staff, preventing and detecting crime, and protecting our property. CCTV footage is retained only for as long as reasonably necessary for these purposes and is accessed only by authorised personnel or shared where required by law. CCTV signage is displayed at our premises.
We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals' Usage data to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users are interacting with our website to help improve the website and our service offering.
3. HOW WILL WE COLLECT YOUR PERSONAL DATA?
We use different methods to collect this data including through:
Your interactions with us. You may give us your personal data by filling in online forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- fill in forms on Our website;
- apply for our products or services including data provided at the time of purchasing tickets;
- create an account on our website;
- subscribe to our service or publications;
- request marketing to be sent to you;
- enter a competition, promotion or survey; or
- give us feedback or contact us.
Automated technologies or interactions. As you navigate through and interact with Our website, we will automatically collect Technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies[server logs] and other similar technologies. We use cookies and similar technologies in accordance with applicable law. We use a cookie consent mechanism to obtain your consent for non-essential cookies in accordance with applicable law. You can manage your preferences through our cookie banner. For further details, please refer to our Cookie Policy.
Third parties or publicly available sources. We will receive personal data about you from various third parties, for example, Our business partners and as set out below:
- Technical data is collected from: (i) analytics providers; (ii) advertising networks; and search data providers based inside the UK.
- Contact, Financial and Transaction data is collected from providers of technical, payment and delivery services.
- Identity and Contact data is collected from data brokers or aggregators.
- Identity and Contact data is collected from publicly available sources such as Companies House and the Electoral Register based inside the UK.
You are not required to provide personal data, however failure to do so may limit your ability to use certain features of the website. When you access Our site from your computer or mobile device (either one, a “device”) to access and use the Services. We may receive data about your location and your computer or mobile device, including a unique identifier for your device. We may use this data to provide you with location-based services, such as advertising, search results, and other personalised content. Most mobile devices allow you to turn off location services. Please contact your mobile service carrier or device manufacturer to learn how to disable location services for your particular device. We use mobile analytics software to allow Us to better understand the functionality of Our site on your device. This software may record data including how often you use the site, events that occur within the site, aggregated usage, performance data, and where the site was accessed from. The data We store within the analytics software is anonymised. In other words, We do not link the data to you. We do not link this information to any personal data you provide through the website.
We do not collect any Special Categories of Personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, data about your health, and genetic and biometric data). Nor do we collect any data about criminal convictions and offences.
4.HOW IS MY DATA USED?
Legal Basis
The law requires Us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases:
- Performance of a contract with you: Where we need to perform the contract we are about to enter into or have entered into with you.
- Legitimate interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud and enable us to give you the best and most secure customer experience. We make sure We consider and balance any potential impact on you and your rights (both positive and negative) before We process your personal data for Our legitimate interests. We do not use your personal data for activities where Our interests are overridden by the impact on you (unless We have your consent or are otherwise required or permitted to by law). Where we rely on legitimate interests, we ensure that such interests are balanced against your rights and freedoms.
- Legal obligation: We may use your personal data where it is necessary for compliance with a legal obligation that We are subject to. We will identify the relevant legal obligation when We rely on this legal basis.
- Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example if you subscribe to an email newsletter.
Purposes for Which We Will Use Your Personal data
We have set out below, in a table format, a description of all the ways We plan to use your personal data, and which of the legal bases We rely on to do so. We have also identified what our legitimate interests are where appropriate
| Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
| To register you as a new customer | (a) Identity (b) Contact | Performance of a contract with you |
| To present Our website and its contents to you and online advertisements to you and measure or understand the effectiveness of the advertising We serve to you; | (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical | Necessary for Our legitimate interests (to study how customers use our products/services, to develop them, to grow Our business and to inform Our marketing strategy) |
| To manage Our relationship with you which will include: (a) Notifying you about changes to Our terms or privacy policy (b) Dealing with your requests, complaints and queries (c) Asking you to leave a review or take a survey or enable you to partake in a prize draw or competition. | (a) Identity (b) Contact (c) Profile (d) Marketing and Communications | (a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for Our legitimate interests (to keep Our records updated and manage Our relationship with you). |
| To process and deliver your order including: (a) Manage payments, fees and charges (b) Collect and recover money owed to Us | (a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications | (a) Performance of a contract with you (b) Necessary for Our legitimate interests (to recover debts due to us) |
| To administer and protect Our business and Our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | (a) Identity (b) Contact (c) Technical | (a) Necessary for Our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation |
| To use data analytics to improve Our website, products/services, customer relationships and experiences and to measure the effectiveness of Our communications and marketing | (a) Technical (b) Usage | Necessary for Our legitimate interests (to define types of customers for Our products and services, to keep Our website updated and relevant, to develop Our business and to inform Our marketing strategy) |
Direct Marketing, Third-Party Marketing and Opting-Out of Marketing
We will only send electronic marketing communications where permitted under the Privacy and Electronic Communications Regulations (PECR). E-mailing list users of the service may be given a choice whether they would like to be included on Our e-mail list and receive e-mail newsletters from Us. If You have opted-in to receive e-mail newsletters from Us, you may periodically receive communications including links to and data regarding sales, promotions, sweepstakes, and other data that We believe you may find interesting. If you have not opted-in to receive e-mail newsletters from Us, you will not receive these e-mails.
How to Opt-Out of E-mailing List: If you would no longer like to receive e-mail newsletters from Us, you can unsubscribe by selecting the unsubscribe link located in any of Our promotional emails.
We may also analyse your Identity, Contact, Technical, Usage and Profile data to form a view which products, services and offers may be of interest to you so that We can then send you relevant marketing communications.
We will get your express consent before We share your personal data with any third party for their own direct marketing purposes.
5.HOW IS MY DATA STORED AND PROTECTED?
The security of your personally identifiable data is important to us, and We strive to implement and maintain reasonable, commercially acceptable security procedures and practices appropriate to the nature of the data that We store in order to protect it from unauthorised access, destruction, use, modification, or disclosure. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. While We attempt to protect the data in Our possession, no security system is perfect and We cannot promise that data about you will remain secure in all circumstances, including the security of your data during transmission to Us or the security of your data on a computer or mobile device.
We have put in place procedures to deal with any suspected personal data breach and We are committed to alerting you and any applicable regulator of a breach where we are legally required to do so.
6.WHAT DATA IS COLLECTED THROUGH TECHNOLOGY AND BY THIRD- PARTIES?
During your visit, as you browse through and interact with Our site and place orders, We automatically collect and store the following non-personal, or anonymous, data about your visit:
- the date and time you access Our site;
- the pages you visit on Our site;
- if you navigate to Our site by clicking a link, the location of that link;
- the technical capabilities of the device you use to access Our site;
- the internet service provider you use to connect to Our site (for example "companyX.com" if you have a commercial internet account, or "universityX.edu" if you connect from a university); and
- the IP address (a number automatically assigned to your device whenever you are surfing the internet) from which you access Our site.
We use this data, in the aggregate, to make Our website more useful to visitors — to learn about the number of visitors to Our site and the types of technology used, to detect operational problems, and to improve the website’s overall security. Cookies, Beacons, Local Storage and Other Similar Technologies Cookies are small data files which include anonymous, unique identifiers that We may transfer to your device to allow Us or a third-party to recognise you and make your next visit to Our site easier. Recognising your device helps Us provide features such personalised advertisements, improve services, and compile aggregate data about site traffic and interaction. We may also use them to help Us understand your preferences based on previous or current site activity, which enables Us to provide you with improved services. We also use cookies to help Us compile aggregate data about site traffic and interaction so that We can offer better experiences and tools in the future. Similarly, flash cookies (also called Local Shared Objects or "LSOs") are data files similar to cookies, except that they can store more complex data. Flash cookies are used to remember settings, preferences, and usage, particularly for video, interactive gaming, and other similar services. We may transmit non-personally identifiable website usage data to third-parties in order to show you advertising for the Company when you visit other sites. You may choose to have your device warn you each time a cookie is being sent, or you may even choose disable cookies through your device settings. Each device is a little different, though, so please contact your mobile service carrier or device manufacturer to learn how to disable or modify cookies for your particular device. Do note that if you’ve chosen to disable or delete cookies on your device, some of the functionality of Our site may be lost. Some of Our features may not display properly, and We recommend that you leave them turned on.
Do Not Track Signals: Our website does not currently respond to browser-based ‘Do Not Track’ signals. However, you can manage tracking preferences through your browser settings and our cookie banner.
Analytics, Log Files and Reading History: We gather certain data automatically and store it in log files. This data may include IP addresses, browser type, operating system, and other usage data about the use of Our services, including a history of the pages or site features you view and/or interact with. We may combine this automatically collected log data with other data We collect about you. We do this to improve services We offer you, including customized recommendations, advertising, to improve marketing, and to track access and use of the Services across the devices that you may use to access the Services. We have hired third parties to provide Us data, reports, and analysis about the usage and browsing patterns of Our users. They may independently record the type of device and operating system You are using, general location data, as well as events that occur on Our App, such as how often you use Our App.
7.DO WE SHARE YOUR PERSONAL DATA WITH ANYONE?
We do not sell, trade, or otherwise transfer to outside parties your personal data unless We provide you with advance notice, except as described below. The term “outside parties” does not include the Company, its affiliates, or Our website. It also does not include website hosting partners and other parties who assist Us in operating Our website, conducting Our business, or servicing you, so long as those parties agree to keep your data confidential.
Third Parties: We may share data about Our visitors in aggregate or de-identified form with third parties for the purposes set out in the table ‘Purposes for which we will use your personal data’ above. Nothing in this Policy is intended to indicate a restriction of Our use or sharing of aggregated or de-identified data in any way. We may share your personal data with third-party service providers who act as data processors on our behalf, including providers of IT services, payment processing, analytics, marketing and customer support. These providers are contractually required to process personal data only in accordance with our instructions and applicable data protection laws. We may also include links to third party websites on Our site in an attempt to provide you with increased value. These linked websites or other apps may have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, We seek to protect the integrity of Our site and welcome any feedback about these linked sites (including whether a specific link works).
Disclosure by Necessity: We may occasionally access, preserve, and/or disclose personal data as required by law, for example, to comply with a court order or subpoena or We have a good faith belief that such action is necessary to (1) comply with the law or with legal process; (2) protect and defend Our rights and property; (3) protect against misuse or unauthorised use of Our Services; or (4) protect the personal safety or property of Our users or the public (among other things, this means that if you provide false data or attempt to pose as someone else, data about you may be disclosed as part of any investigation into your actions).
As We continue to develop Our business, We or Our affiliates may sell or buy other businesses or entities, or We may merge with another company, or be bought by another company. In such transactions, personal data may be among the transferred assets. Your data may be stored and processed in any country in which We maintain facilities or conduct operations and as set out in this Policy.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
8.YOUR LEGAL RIGHTS
Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data We hold about you and to check that We are lawfully processing it.
- Request erasure of your personal data that We hold about you. This enables you to ask Us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your data unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Request correction of the personal data that We hold about you. This enables you to have any incomplete or inaccurate data that we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Object to processing of your personal data where We are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where We are processing your personal data for direct marketing purposes. In some cases, We may demonstrate that We have compelling legitimate grounds to process your data which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask Us to suspend the processing of your personal data in the following scenarios:
If you want Us to establish the data's accuracy.
Where Our use of the data is unlawful but you do not want Us to erase it.
Where you need Us to hold the data even if We no longer require it as you need it to establish, exercise or defend legal claims.
You have objected to Our use of your data but We need to verify whether We have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated data which you initially provided consent for us to use or where we used the data to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of these rights please submit a request to this designated email address: info@moilondon.uk. For further data on your legal rights please visit the ICO website (https://ico.org.uk/).
No Fee Usually Required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, We may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, We could refuse to comply with your request in these circumstances.
What We May Need From You
We may need to request specific data from you to help Us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further data in relation to your request to speed up our response.
Time Limit to Respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, We will notify you and keep you updated.
9. INTERNATIONAL TRANSFERS
We may transfer your personal data outside the United Kingdom where necessary for the provision of our services or where we use service providers located outside the United Kingdom.
Where we do so, we ensure that appropriate safeguards are in place, including the use of UK-approved standard contractual clauses or transfers to countries deemed to provide an adequate level of protection.
Please contact us if you require further information about such safeguards.
10. DATA RETENTION
How Long Will We Use your Personal data For?
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes We collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if We reasonably believe there is a prospect of litigation in respect to Our relationship with you.
To determine the appropriate retention period for personal data, We consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which We process your personal data and whether We can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
By law We have to keep basic data about our customers (including Contact, Identity, Financial and Transaction data) for six years after they cease being customers for tax purposes.
In some circumstances you can ask Us to delete your data: see your legal rights above for further data.
In some circumstances We will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case We may use this data indefinitely without further notice to you.
AMENDMENTS
We reserve the right to update or change this Policy at any time. Your continued use of the Service after We inform you of and/or post any amendments to the Policy at the website will constitute your acknowledgement and acceptance of such amendments.
11. QUESTIONS AND FEEDBACK
We welcome your questions, comments, and concerns about privacy. Please feel free to send any comments and/or concerns regarding this policy to info@moilondon.uk.