GDPR Statement

Chasewater Railway Museum GDPR Statement.

CHASEWATER RAILWAY MUSEUM

General Data Protection Regulation (GDPR)

Museum Privacy and Data Retention Policy

Effective from 25th May 2018, last updated 30th April 2019

This document describes the nature of personal information held by the Museum in relation to its curatorial and other activities; the manner in which it is held; the purposes for which it is held; the periods of time for which it is retained and the review mechanisms associated with them; and any particular circumstances which influence the retention of data.

Particulars of Museum Volunteers

* Contact details of museum volunteers: names, addresses, telephone numbers, email addresses.
* Held by means of Word document maintained by the Museum Management Committee (MMC) Convenor.
* Information on volunteers is required for Museum Accreditation.
* Information is removed with cessation of engagement with the Museum.
* Reviewed annually by the MMC Chairman.

Particulars of persons who have donated items to the Museum

* Use of item Museum Entry Forms (manual) and inventory database (electronic).
* To identify details of donors to maintain the integrity of the collection.
* To ensure and protect the provenance of historically significant objects.
* The Entry Form is retained in perpetuity.

Particulars of persons who have loaned items to the Museum

* Use of item Museum Loan Forms (manual) and inventory database (electronic).
* To identify owners of items on loan to ensure certainty of ownership.
* To ensure the avoidance of uncertainty regarding returned objects.
* Reviewed annually to identify loans due to terminate or be renewed.
* The Loan Form is retained in perpetuity.

Particulars of persons who have used Museum provided on-line resources

* Use of electronic databases integral to the resources provided for use.
* To identify details of users to enable functionality and provide services requested.
* To enable statistical analysis to improve the museum and its resources.
* To inform users of activities and Museum resources that may be of interest to them.
* The data is retained until the provider requests deletion, whereupon personal information is removed.
* Following removal from the live database(s) data may persist in system backups but will be removed upon data restoration should these backups be put to use.

Images, including photographs, scans, paintings and other media

* Images are held as an essential component part of the Museum?s collections.
* Entry and loans procedures are as described above.
* Images of all museum objects are held with their respective inventory entries.
* Images of persons alive or deceased are held for archive and historical research purposes to assist with an understanding of the history of railways and tramways and the role played by their employees, and of the passengers and goods traffic conveyed by them.

Exemptions and Derogations from provisions of GDPR

* The UK can provide exemptions and derogations in relation to data processed for [inter alia] archive purposes and for historical research. These purposes are consistent with the Museum?s responsibilities set out in the Articles of Association of the Chasewater Light Railway & Museum Company.
* This principle also includes the historical membership records of the Company and its predecessors, and other organisations depositing their archives with the Museum.
* Reference 1: Extract from Association of Independent Museums Guide to successfully managing privacy and data regulations in small museums.
* Reference 2: Extract from Information Commissioner?s Office Guide to the GDPR

Right of Access

* Individuals have the right to access any personal data and supplementary information which may be held by the Museum.
* The right of access allows individuals to be aware of and verify the lawfulness of the processing of any such personal data.
* Requests for disclosure of information can be made free of charge to any member of the Museum staff, using any means of transmission.
* Once received, such requests shall be referred at the earliest opportunity to the MMC Convenor.
* Reference 1: Extract from Association of Independent Museums Guide to successfully managing privacy and data regulations in small museums.
* Reference 2: Extract from Information Commissioner?s Office Guide to the GDPR

Date and Review of this Policy

* This policy document was originally approved by the MMC on 6th March 2018 and became effective on 25th May 2018 (the date upon which the Regulation came into force).
* Updated to add on-line resources section and approved by MMC on 30th April 2019.
* The contents of this document will be regularly reviewed and any necessary changes made from time to time.

Signed on behalf of the Chasewater Railway Museum Management Committee, MMC Convenor, 30th April 2019

Continue
CRMweb