Website and cookies
The Story Museum is committed to protecting the personal information of all visitors to this web site. We recognise our obligation to keep personal information secure and believe it is important for you to know how we treat information about you.
The information we collect
Users of our website can visit without revealing their identity or providing information about themselves.
We collect information directly from users when they voluntarily submit their personal information to us. At certain parts of our web site, we provide the opportunity for users to make purchases of goods and services, join a mailing list and request information.
When this sort of information is collected we will provide the reason for collection and how the information will be used. We reserve the right to add to this list of opportunities available to our users to interact with us. It is completely up to users whether or not to provide us with their personal information.
A ‘cookie’ is a small text file which collects browser information. Although presently The Story Museum website does not use cookies to collect the personal information of users, The Story Museum reserves the right to use cookies in others ways in the future.
You can choose to accept or decline cookies. You can usually modify your browser setting to decline cookies if you prefer. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.
Find out how to manage cookies on popular browsers:
Google Chrome
Microsoft Edge
Mozilla Firefox
Microsoft Internet Explorer
Opera
Apple Safari
To find information relating to other browsers, visit the browser developer's website.
To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout
Strictly Necessary Cookies
Cookie Name | Description | Duration |
CRAFT_CSRF_TOKEN | This cookie is used by Cloudflare to identify trusted web traffic. | Session Cookie |
CraftSessionId | This cookie name is associated with the Craft web content management system, where is functions as an anonymous session identifier. | Session Cookie |
__cf_bm | The __cf_bm cookie is a cookie necessary to support Cloudflare Bot Management, currently in private beta. As part of our bot management service, this cookie helps manage incoming traffic that matches criteria associated with bots. This is a CloudFoundry cookie | Session Cookie |
Performance Cookies
Cookie Name | Description | Duration |
_hjid | Hotjar cookie. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID. | 365 Days |
_ga | This cookie name is associated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners._ga | 730 Days |
_gat_UA-nnnnnnn-nn | This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites. | Session Cookie |
_hjAbsoluteSessionInProgress | This cookie is used by HotJar to detect the first pageview session of a user. This is a True/False flag set by the cookie. | Session Cookie |
_hjIncludedInPageviewSample | This cookie is set to let Hotjar know whether that visitor is included in the data sampling defined by your site's pageview limit. | Session Cookie |
_hjTLDTest | When the Hotjar script executes we try to determine the most generic cookie path we should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). To determine this, we try to store the _hjTLDTest cookie for different URL substring alternatives until it fails. After this check, the cookie is removed. | Session Cookie |
_gid | This cookie name is associated with Google Universal Analytics. This appears to be a new cookie and as of Spring 2017 no information is available from Google. It appears to store and update a unique value for each page visited._gid | 1 Day |
_gat | This cookie name is associated with Google Universal Analytics, according to documentation it is used to throttle the request rate - limiting the collection of data on high traffic sites. It expires after 10 minutes._ga | Session Cookie |
_hjFirstSeen | Identifies a new user's first session on a website, indicating whether or not Hotjar's seeing this user for the first time. | Session Cookie |
Targeting Cookies
Cookie Name | Description | Duration |
_fbp | Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers | 90 Days |
test_cookie | This domain is owned by Doubleclick (Google). The main business activity is: Doubleclick is Googles real time bidding advertising exchange | Session Cookie |
YSC | YouTube is a Google owned platform for hosting and sharing videos. YouTube collects user data through videos embedded in websites, which is aggregated with profile data from other Google services in order to display targeted advertising to web visitors across a broad range of their own and other websites. | Session Cookie |
VISITOR_INFO1_LIVE | This cookie is used as a unique identifier to track viewing of videos | 180 Days |
CONSENT | YouTube is a Google owned platform for hosting and sharing videos. YouTube collects user data through videos embedded in websites, which is aggregated with profile data from other Google services in order to display targeted advertising to web visitors across a broad range of their own and other websites. | 5995 Days |
Other Cookies
Cookie Name | Description | Duration |
ASPSESSIONIDXXXXXXXX | This cookie name is generally associated with use as a general purpose platform session cookie, used by sites written with Microsoft ASP based technologies. The structure of the cookie name is a common root - ASPSESSIONID, followed by a series of unique letters. It is usually used to maintain an anonymised user session by the server. | Session Cookie |
incap_ses_457_15701 | Incapsula DDoS Protectiona and Web Application Firewall: cookie for linking HTTP requests to a certain session (AKA visit). Re-opening the browser and accessing same site are registered as different visits. In order to maintain existing sessions (ie, session cookie) | Session Cookie |
visid_incap_15701 | Incapsula DDoS Protectiona and Web Application Firewall: cookie for linking certain sessions to a specific visitor (visitor representing a specific computer). In order to identify clients that have already visited Incapsula. The only cookie that is persistent for the duration of 12 months. | 364 Days |
visid_incap_15701 | Incapsula DDoS Protectiona and Web Application Firewall: cookie for linking certain sessions to a specific visitor (visitor representing a specific computer). In order to identify clients that have already visited Incapsula. The only cookie that is persistent for the duration of 12 months. | 364 Days |
incap_ses_457_15701 | Incapsula DDoS Protectiona and Web Application Firewall: cookie for linking HTTP requests to a certain session (AKA visit). Re-opening the browser and accessing same site are registered as different visits. In order to maintain existing sessions (ie, session cookie) | Session Cookie |
Our use of collected information
Generally, visitors to our website are informed of the intended use for their personal information at the time of collection. Normally, personal information provided or collected is used to complete purchase of goods and services, and to respond to enquiries.
In accordance with the Privacy and Electronic Communications Regulations (PECR) we may from time to time send you emails based on your past booking history. We will always give you the opportunity to opt out of any such emails in the future. In addition we give users the opportunity to opt in to a range of mailing preferences. You may update your mailing preferences at any time by logging into your account page or by clicking on the unsubscribe link on our email newsletters.
We do not sell or share visitor data with third parties, unless we have obtained your explicit consent to do so eg we may ask you if you would like to give your consent to receive marketing materials from a visiting company if you have booked tickets for an appearance by them at The Story Museum.
We also share anonymised visitor information (eg attendance figures) with our major funders as part of our funding agreements.
For further information on the data that we collect and we use it please refer to our Privacy Statement.
Keeping collected information secure
The Story Museum maintains strict physical, electronic and administrative safeguards to protect users’ personal information from unauthorised or inappropriate access. Workers, affiliates and business partners who misuse a user’s personal information are subject to legal or disciplinary actions.
Third party providers
The website contains payment and booking iFrames owned and operated by third parties. Our ticket services are provided by Spektrix and payment transactions are processed by Sage Pay. These third party websites have their own privacy policies, including cookies, and we recommend that you review them. They will govern the use of personal information you submit or are collected by cookies whilst visiting these websites. We do not accept any responsibility or liability for the privacy practices of such third party websites and your use of such websites is at your own risk.
Access to your account and the personal information stored by us
You can access your account on our webpages any time by following the screen prompts. Once logged in, you can update your personal information and change your preferences. You may also contact us direct by calling 01865 807600 or emailing tickets@storymuseum.org.uk to request that your details be updated or to amend your communications preferences.
The Story Museum complies with the provisions of The General Data Protection Regulation (GDPR) which applies in the UK and across the EU from May 2018. Our full Data Management Policy is available on request.
Last reviewed 21 May 2018