South Western Federation of Museums and Art Galleries

Privacy Policy

This page provides our Privacy Notice and Document Retention Schedule.


1. Document Retention Schedule: Please click here to download the South West Fed Document Retention Schedule (PDF)
2. Privacy Notice: Please read our Privacy Notice below, or click here to download as a PDF:


Privacy Notice

Last Update: May 2018

Purpose of this Privacy Notice

The South Western Federation of Museums & Art Galleries (SWFed) is not a registered ‘data controller’ because the it collects and uses is for not-for-profit purposes, an excemption approved by the Information Commissioners Office and allowed under the General Data Protection Regulations.

This Notice explains how and why we use the information we obtain about individuals and what rights individuals have when the SWFed holds their personal information (known as Personal Data).

This Privacy Notice should be drawn to the attention of all individuals and third parties (such as consultants) when they provide us with Personal Data about themselves.

In addition to the general information set out in this Privacy Notice, please note the attached Schedule provides specific information in relation to areas of our business when you provide your personal information (e.g. Conference/Fora). The Schedule set outs specific reasons for holding your information, the format in which the information will be held, the processing condition is relying upon to hold your information, the time that the information will be held and who the information will be shared with (if any).

The references in this Notice to “you” are to the Data Subject, their legal representative or the third party concerned. References to “we” are the SWFed Trustees and officers and other authorised representatives.


What is Personal Data?
This is information which can be used to identify or contact a living individual.

Personal Data we collect from individuals
The SWFed collects information in electronic and paper format by telephone, email, in person or through the website via e-forms and emails. We collect details such as:

Name

Email address

Residential address

Telephone number

Dietary or Access requirements for events

The SWFed may request sensitive personal data from you where it is appropriate and necessary for the purpose in which it is obtained. This includes information relating to the management of employees or contractors, including equalities monitoring. If you have made contact with us via our website, we will collect your IP address together with your website usage information using Cookies. For more information on how and why we use Cookies, please see our Cookie Policy.

Personal Data we collect from third parties
The SWFed may receive personal information regarding individuals from third parties organisations or individuals. Where the SWFed receives information from third parties we will provide the individual whose information we have received with this Privacy Notice within one month where it is appropriate to do so. When we provide this Privacy Notice we will also specify the source that we obtained the information from and if applicable, whether the source is publicly accessible.

Event bookings made through Eventbrite
Where event bookings are made through the site ‘Eventbrite’ or similar sites for a SWFed event, the SWFed is considered the data controller and Eventbrite is considered the data processer. This means that when you provide personal information as part of the booking process it is treated as part of the SWFed Privacy Policy and the details set out within this document. By using Eventbrite you are agreeing to the Eventbrite Terms of Service.

E-bulletin using MailChimp
The SWFed uses MailChimp as our marketing automation platform. By clicking to receive this bulletin, you acknowledge that the information you provide will be transferred to MailChimp for processing in accordance with their Privacy Policy and Terms.

How we use information
The SWFed endeavours to keep information secure and accurate, and ensure that it is used appropriately at all times. We only keep information for as long as is necessary in accordance with our Document Retention Policy.

We will use your personal data in accordance with data protection principles which require that personal data is:
1. processed lawfully, fairly and in a transparent manner;
2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
4. accurate and, where necessary, kept up to date. Reasonable steps must be taken to ensure that inaccurate personal data is erased or rectified without delay;
5. keep in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; and
6. processed in a manner that ensures appropriate security of the personal data.

Why we use the information: The SWFed uses personal information to provide a range of services to our members and in the management of the Charity:

1. promoting the services we provide
2. marketing the region e.g. for local tourism
3. carrying out relevant regional surveys
4. managing SWFed Assets
5. supporting and managing SWFed employees
6. administering the assessment and collection of membership fees and other revenue including grants
7. corporate administration and all activities we are required to carry out as a charitable company (e.g. holding information about Trustees)
8. undertaking research
9. managing archived records for historical and research reasons

Sharing of Personal Data
We will not share your data with any other individual or organisation. Should this change through future projects will contact members to seek explicit permission.

Does the SWFed require consent to use the information?
We may require your consent to use your Personal Data when we do anything other than:

1. Perform activities as set out above or task in the public interest;
2. Comply with a legal obligation;

You can withdraw your consent by phoning, emailing or writing to us on any of the details in ‘Contact us’ below.

Your rights
You have various rights in respect to the management of your Personal Data, as explained below in this section. Where a request is made pursuant to any of these rights, the SWFed will provide the requested information or take the relevant action without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.

The right to access your information: You have the right to request a copy of the information that we hold about you. If you would like to request some or all of the information that we hold about you, you may do so by making a Subject Access Request by contacting us in writing at the details provided in Section 10 below.

The right to have your information rectified: You have the right to request that we update any information you think we hold about you that is inaccurate or incomplete. If you would like to exercise this right, please contact us. If we decide not to take action in response to your request, we will provide you with reasons as to why this is. If you are not satisfied with our response, you are entitled to seek a judicial remedy and to lodge a complaint with the Information Commissioner’s Office (ICO) details of which can be found below in the ‘Raise a complaint’ section.

The right to object to us using your information: You have the right to request that we stop using your information in relation to any SWFed activity, and particularly if it affects your interests, rights and freedoms. However, please note that if this is approved, this may cause delays or prevent us from delivering a service to you. If this is the case, you will be informed of the consequences. If you would like to exercise this right, please contact us.

The right to request the use of your information is restricted: You have the right to request that we restrict using your information in a certain way in the following circumstances, although if we consider we do not have to comply with your request, we will provide you with reasons which may include:

1. You have already objected to us using your information;
2. You have made us aware that you think the information we hold about you is inaccurate.

The right to have your information erased: You have the right to request that we destroy all of the information that we hold about you in the following circumstances:

1. We no longer have your consent to use the information and we relied upon this to collect it;
2. We used your information unlawfully;
3. The information is no longer necessary in relation to the purpose for which it was originally collected and used; or
4. The information has to be erased to comply with a legal obligation.

If you would like to exercise this right, please contact us. If we need your information to undertake any of the following, we are not required to erase your information but we will provide you with the reasons as to why:

1. Exercise the right of freedom of expression and information;
2. Perform activities as set out above or task in the public interest
3. Comply with a legal obligation;
4. Exercise or defend legal claims;

How is your personal data protected?
The SWFed has procedures in place to prevent accidental or unlawful destruction, loss, alternation, unauthorised disclosure of or access to personal data that we hold. We use the following security measures to protect your data:

1. Encryption on website with SSL technology.
2. Access controls on systems and to information, including password protection; and
3. Security awareness at induciton for Trustees and Staff (we treat it is a disciplinary matter if they misuse or do not look after information properly).


Raise a complaint
You are welcome to raise any concerns you have about how the SWFed has dealt with Personal Data by contacting the SWFed's Company Secretary in the first instance:

By email: privacy@swfed.org.uk

or, if you prefer, the Information Commissioner’s Office (ICO) which is the body responsible for ensuring that the SWFed complies with data protection law.

By email:casework@ico.org.uk or on the ICO website


Changes to this Privacy Notice
We keep this Privacy Notice under regular review to comply with changes in the law. We will place any updates on this webpage.

Contact us
If you would like to contact us because you have questions about our Privacy Notice or the information that we hold about you, you can do so in the following ways:

By email: privacy@swfed.org.uk