The General Data Protection Regulations require us to set out how we will handle any personal information you provide and we need to save in order to ensure effective and efficient communication with you in your dealings with the Telegraph Museum Porthcurno.
We collect information in the following ways:
There are many ways you may give us your information. For example, when you begin volunteering, make a donation or communicate with us either by phone, in writing, including email or in person.
Depending on your settings or the privacy notices for social media and messaging services like Facebook, WhatsApp, LinkedIn or Twitter, you might give us permission to access information from those accounts or services.
This may include information found in places such websites (club, district, action groups etc), Companies House and information that has been published in articles/newspapers.
What personal information we collect and how we use it
The personal data we will usually collect is your name and contact details and nature of your interest in the museum. If you wish to become a volunteer we may ask for other information such as next of kin, bank details if you wish to claim for expenses incurred, and the skill and experience you would bring to the museum. If you make a donation or pay an entrance fee to visit the museum and offer to use gift aid, we are required by law to retain that information for a period of 7 years. If you have obtained clearance through the DBS (Disclosure and Barring Service) we may wish to keep a record of that fact.
How we will use your data
We may wish to communicate with you about events and activities at the museum or to provide you with news items via the web site or via email. We will not provide information about you, personally, to any external organization unless you consent for us to do so, but we will need to provide statistical information, e.g. how many volunteers we have, to organizations such as the Arts Council or other funding bodies.
If you are an employee
We will need to retain and store information relating to your job description, your salary, career development plan and details of individual circumstances relating to your and our wish to provide a flexible and satisfying work environment. You will have access to this information but not to information relating to any other member of staff unless that is necessary in the execution of your own duties e.g. financial control or line management.
However, we may need to disclose your details if required to the police or other legal agencies, for example HMRC, regulatory bodies or our legal advisors. We have a duty to report certain types of personal data breaches to the relevant supervisory authority, and where feasible, we will do this within 72 hours of becoming aware of the breach. If a breach is detected and likely to result in a high risk of adversely affecting you, we will inform you without undue delay.
How we keep your information safe and who has access to it
We ensure that there are appropriate physical and technical controls in place to protect your personal details. For example, confidential paper records are securely stored, our online forms and our network is protected and routinely monitored. Confidential paper waste is shredded at our premises.
We undertake regular reviews of who has access to information that we hold to ensure that your personal information is only accessible by appropriate staff.
Where we store your information
Information is stored in or on equipment owned by The Porthcurno Collection Trust and at property owned by the Trust. Access to such equipment will be password protected. When essential to do so, information may be stored on computers owned by Directors of Porthcurno Ltd., and Charity Trustees of The Porthcurno Collections Trust.
How long we retain your information and how we keep it up to date
We will only keep your information for as long as we need it and will delete or destroy all records that we are legally permitted to if you request us to do so. However, there are statutory timescales on how long we should keep your information, for example financial records must be kept for 7 years, information associated with Health & Safety for three years after an event. Donations and collections loans require that we hold information for longer than 7 years. We shall delete your information according to these statutory limits, or according to guidance issued by the Information Commissioner.
Information we collect through your use of our website
We collect certain information or data about you when you browse www.telegraphmuseum.org anonymously.
This helps us to improve the site by monitoring how you use it and respond to any feedback you send us, if you have asked us to. We cannot personally identify you using this data. If we do want to collect personally identifiable information through our website we will make it clear when we collect personal information and will explain what we intend to do with it.
Opting into and out of marketing and other fundraising communications
With your consent, we may contact you to let you know about upcoming events, offers from the Museum, updates on our plans and progress we are making, and to ask you to join as Friend, make a donation or give other types of support. Occasionally, we may include information from our partner organisations or organisations who support us in these communications.
We make it easy for you to tell us how you want us to communicate, in a way that suits you. Our forms will have clear marketing preference questions and we include information on how to opt out when we send you marketing details.
Who we might share your personal information with
Your personal information might be passed to a third party if they need it to fulfil your order(s) for our goods and services, to execute the communications we send to you, to process a donation, or where you have otherwise consented to being contacted by selected third parties, such as museum partners and associates. We do comprehensive checks on these companies before we work with them, and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal information they have collected or have access to.
Examples of these third parties include our bank (in order to process Direct Debit and other payments), mailing houses (for distributing our museum guides), our bulk email distribution service provider, and audience analyses and data cleansing suppliers, for example to access the Post Office National Change of Address (NCOA) database.
Except as set out in this policy, we shall not disclose your personal information unless obliged to, or allowed to do so by law, or where we need to in order to run our business (e.g. where other people process information for us). In such circumstances, we ask those people to give us confidentiality or non-disclosure undertakings.
The General Data Protection Regulations gives you certain rights and these are available on the Information Commissioners website https://ico.org.uk/.