This policy applies to all employees, volunteers and trustees who process personal data.
Who we are
Tiverton Museum of Mid Devon Life
We are a registered charity 1181976.
Any electronic communications will be made in accordance with the Privacy and Electronic Communications Regulations (PECR)
What information do we collect about you?
We collect the personal data that you may volunteer as part of ticket bookings, online purchases, Membership or donation forms, e-newsletter sign-ups and visitor surveys.
Personal information we collect may include:
- your name and title
- postal address, email address and phone number;
- family and spouse/partner details, relationships to other donors and/or Members;
We will also collect and hold information about any contact you have with us as a visitor, customer, supporter, volunteer or staff member of Tiverton Museum of Mid Devon Life, and may consist of details of:
- online retail purchases;
- contact preferences;
- Gift Aid status;
- details of correspondence sent to you, or received from you;
- any other information provided by yourself at the request of Tiverton Museum of Mid Devon Life.
When we ask you to provide your personal information we will let you know why we are asking, and how we will use your data, by directing you towards this notice.
What we do with your information
Depending on your relationship with Tiverton Museum of Mid Devon Life, and the preferences you have indicated, data we hold may be used by us for the following purposes:
- Send you promotional, marketing or fundraising information by post, telephone or electronic means. These types of communications can include:
- Informing you of other products, services or events related to Tiverton Museum of Mid Devon Life, such as exhibitions, events, or retail offers.
- News and updates about Tiverton Museum of Mid Devon Life, such as via What’s On guides, and marketing or supporter e-newsletters.
- Other relevant communications based upon your relationship with Tiverton Museum of Mid Devon Life.
- Data screening and cleansing, to check if we have accurate contact details for you.
- To send you surveys, and for market research purposes.
- Tools may be used to monitor the effectiveness of our communications with you, including email tracking, which records when an e-newsletter from us is opened and/or how many links are clicked within the message. The data from this tracking is generally used in an aggregated and anonymised form.
You can opt out of any / all of our communications at any point simply by contacting firstname.lastname@example.org
There are some Membership and donation communications that we are required to send regardless of your contact preferences. These are essential communications, deemed necessary to fulfil our contractual obligations to you. This would include advanced notices, thank you letters, Member benefits, Membership cards, renewal reminders, Gift Aid confirmation letters and querying any returned mail.
Who we might share your information with
We do not disclose personal data to any third parties or external organisations, other than data processors carrying out work on our behalf.
Examples of such data processors would be mailing houses for the sending of bulk email distribution services, or wealth screening and data cleaning organisations.
Any such companies are acting as approved data processors for Tiverton Museum of Mid Devon Life, and we retain full responsibility for your personal data. Data processors will act only on our instructions.
We may occasionally need to transfer your personal information overseas, for instance to our bulk email distributor, MailChimp. Where this is necessary, this may be to countries or territories around the world.
We are required to ensure any transfers of data will be done securely, in accordance with best practice, and in compliance with the Data Protection Act 1998.
Your data will never be sold or passed to any third party for any other purpose.
How we keep your information secure
We have implemented security procedures, rules and technical measures to protect the personal data that we have under our control from:
- unauthorised access;
- improper use or disclosure;
- unauthorised modification.
All our employees and data processors, who have access to, and are associated with the processing of personal data, are legally obliged to respect the confidentiality
of our visitors’ and supporters’ personal data.
Data Security Summary
In respecting personal data for which it is responsible, the Trust expects staff, volunteers and trustees to ensure that:
- Computers and laptops are kept password protected at all times and locked when not in use, with screen locks enabled if left unattended. Passwords should not be shared or left visible;
- Data and equipment (e.g. laptops) are never left vulnerable, particularly in public places;
- USB sticks, CDs etc are not used to transport data that would compromised individuals or the Trust if lost.
- All staff, volunteer and member details are kept locked within the museum offices. They are not left at home. If copies are made they should be kept securely and shredded as soon as possible.
- Files containing data are kept locked away when not in use.
- All of the museum’s computers are password protected.
- All of the museum’s databases are password protected.
Data and Document Retention
|File Type||Paper files – Retention period (in years)||Electronic Records – Retention period (in years)|
|Accounting and Finance|
|Purchase invoices, petty cash records, staff expenses etc||6 from year’s end.||6 from year’s end.|
|Capital expenditure invoices||10 from year’s end||10 from year’s end|
|Supplier correspondence, quotes, tender documentation||6, from year’s end||6, from year’s end|
|Bank paying in counterfoils and bank statements||6 from year’s end.||6, from year’s end|
|Bank reconciliations||6 from year’s end.||6, from year’s end|
|Donor correspondence and remittance advices||6 from year’s end.||6, from year’s end|
|Gift Aid declarations||6 from year’s end.||n/a|
|Legacies||6 after the estate has been wound up||6, from year’s end|
|Payroll records||6 from year’s end.||6, from year’s end|
|Annual returns to HMRC etc||6 from year’s end.||6, from year’s end|
|Investments certificates||retained indefinitely||retained indefinitely|
|Policies||3, after lapse||3, after lapse|
|Claims correspondence and accident reports||3 after settlement||3 after settlement|
|Employer’s Liability insurance certificate||6, from year’s end||6, from year’s end|
|Contracts with public and private sector funders, suppliers and all other agreements or contracts||6 from expiry or termination of contract||6 from expiry or termination of contract|
|Maintenance and repair contracts||10, after performance||10, after performance|
|Service agreements||10, after service ends||10, after service ends|
|Museum Member data|
|Application form, membership and contact details and Gift Aid||Application form shredded as soon as data inputted on electronic database. Kept locked within the office until this point.
See Gift Aid section above.
|Contact details and membership details up to 6 months past the annual renewal date. Limited access to online database (Membership Secretary, Director and IT volunteer).|
|Contact details for recipients of all e-newsletters (museum, museum members, family activities, Tourist Information)||
Any paper records to be shredded as soon as data inputted on Mail Chimp (or similar) account.
Consent forms retained until the recipient opts out of receiving newsletters (and requests to opt out are recorded).
|Use online email distributor (MailChimp) and internal email lists. Kept current and data deleted as soon as recipient requests this.|
|Donor’s to the museum’s collection|
|Entry and Exit forms and associated information inputted onto Modes database||
Entry and Exit forms are retained indefinitely.
|Full catalogue details retained indefinitely|
|Pro forma paperwork created as part of cataloguing process||To be shredded 1 year after inputting into Modes database.||N/a|
|All hard copies of volunteer data eg application forms contained within volunteer files||1 year after a volunteer has stopped volunteering.||N/a|
|Contact list used by staff managing volunteers||List kept current, and volunteer details deleted immediately upon a volunteer leaving the museum.||List kept current, and volunteer details deleted immediately upon a volunteer leaving the museum.|
|Contracts of employment||up to 10 years||up to 10 years|
|References||up to 5 years||up to 5 years|
|Annual performance records||up to 5 years||up to 5 years|
|Current contact details (including address)||up to 5 years.||up to 5 years.|
up to 6 years from year’s end.
up to 6 years from year’s end.
How can I access the information about me, and correction of information?
You can ask us if we are keeping any personal data about you and you can also request to receive a copy of that personal data – this is called a Subject Access Request.
To make a Subject Access Request you will need to provide adequate proof of identity such as a copy of your passport, birth certificate or driving licence before your request can be processed. There may also be a fee of up to £10 depending on the volume of work required.
Please try to be as clear as possible about the information you are seeking.
Once we have received your Subject Access Request, the agreed fee and proof of identity, you will receive a response from us within 40 days and you will be able to get copies of any information we hold on you. This includes whether any personal data is being processed; a description of the data; the reasons it is being processed and whether it will be shared; the source of the data. However, exemptions to disclosure may apply in some circumstances.
Subject Access Requests should be sent to:
Tiverton Museum of Mid Devon Life.
At any time you may request that we delete or correct your personal information. If you wish to correct any information on you held by Tiverton Museum of Mid Devon Life, simply contact email@example.com
Web Log Files
In line with common practise we automatically log certain information about every visit to this website. This includes information provided automatically by your web browser program and will consist of items such as your internet IP address, time and date of access, web pages and images viewed. This information does not allow us to identify you personally and is used only to monitor levels and patterns of use of our website.
Cookies and How We Use Them
Cookies are small text files sent over the internet and which are stored on your computer by your web browser. These files are then sent back to our servers each time you visit our website and allow us to provide continuity as you move from page to page, or return to our website in the future.
What If You Are Not Happy About Us Using Cookies?
If you wish to go ahead and reject cookies from our website, the following resources will tell you more about cookies and how to set up your web browser to suit your preferences:
- All About Cookies– www.allaboutcookies.org,
- BBC “Privacy & Cookies”– http://www.bbc.co.uk/privacy/cookies/about/types-of-cookies.html
- Your Online Choices (UK)– http://www.youronlinechoices.com/uk/
Changes to our privacy notice
We regularly review our privacy notice, and may make changes time to time. Any changes made will be posted to this page, and will apply from the time we post them. This privacy notice was last changed on 18th April 2017.
How to contact us
If you have any comments on our privacy notice, or information we hold about you please contact us:
- by email to firstname.lastname@example.org;
- or write to us at Tiverton Museum of Mid Devon Life, Beck’s Square, Tiverton EX16 6PJ