Data Protection

The EU General Data Protection Regulation 2016 (GDPR) comes into force 25 May 2018. This regulation will govern the way everyone in the European Union looks after information relating to identifiable living individuals (which is classed as ‘personal data’ under the regulation), and try to ensure that information is handled with care and respect for the privacy of the individuals it concerns.

This webpage is designed to let you know in a user-friendly way what sorts of personal data the Heritage and Arts Services of Wiltshire Council holds, and why, and what we do with your data. It should be used alongside the Policies section of our website for the more detailed, and formal, Wiltshire and Swindon History Centre policy on Data Protection.

This is a list of the main types of personal data collected by WSHC – it is not completely exhaustive. Please see our policy for a complete list of all the purposes for processing, and details of who we share data with.

Type of personal data collected

How is it stored?

Why is it kept?

How long is it kept?

Reasons

Names, addresses, and (if willing to share) age and ethnicity of WSHC members.

Personal data is input by Wiltshire Council’s Heritage Services staff to a computerised database managed by the Libraries and Heritage Service, which is remotely hosted by a company called Axiell.

For the purpose of providing leisure and cultural services – eg allowing access to our search room where the public can use unique and irreplaceable archives. We need to record who used which item(s) on what day in the event of any archives or books being damaged or misplaced.

Information about age and ethnicity is used in statistical form only for visitor profiling, enabling us to see which audiences use us and which don’t currently, so that we can try to make our service more inclusive.

Up to 6 months from the end of membership then the system automatically deletes the data. (Membership lasts for three years at a time unless otherwise requested.)

Not required for permanent preservation

Names and addresses of temporary visitors to WSHC

Excel spreadsheet filled in by Wiltshire Council’s Heritage Services staff, stored inside Council firewall.

For the purpose of providing leisure and cultural services – eg allowing access to our search room where the public can use unique and irreplaceable archives. We need to record who used which item(s) on what day in the event of any archives or books being damaged or misplaced.

One year

Not required for permanent preservation

Names and contact details of people who wish to be contacted about WSHC or Arts events

There is an ‘opt-in’ box for our mailing list on the membership form plus a separate form for non-members to give consent. This data is input to password protected Excel spreadsheets kept inside Council firewall then (in the case of WSHC members’ mailing) uploaded to the Mailchimp website to create a direct marketing mailing.

This data is kept for direct marketing purposes in order to tell people what’s on at the History Centre or for local Arts events, depending on which list people sign up for.

Indefinitely, until the data subject chooses to withdraw consent, then their data will be deleted.

Not required for permanent preservation

Names, addresses, financial information and contact information for individuals buying or selling goods and services to or from Wiltshire Council

Wiltshire Council staff input the information onto spreadsheets; the SAP finance database; and legal contracts. Information may also be kept in e-mail or word-processed form inside the corporate firewall.

To facilitate the buying and selling of goods and services to or from the Council and to meet our legal, contractual obligations

See corporate retention schedule

Not normally required for permanent preservation

Names, addresses and contact information of the owners of heritage and arts assets (eg archives and local studies collections; museums and heritage organisations etc)

Kept on computerised databases by Wiltshire Council staff, stored behind Council firewall, and in hard copy form in the form of signed receipts and correspondence with owners

For the purpose of providing leisure and cultural services and for archiving purposes in the public interest

Permanent (for archives and local studies collections);

until data subject has left organisation (for museums and heritage organisations)

May be needed for legal purposes to authenticate the provenance of heritage and arts’ assets

Names and addresses in archives and books (eg electoral registers, trade directories)

Kept in hard copy form by the archive service at WSHC

For archiving purposes in the public interest, to allow historical research

Permanent

Kept for archival purposes.

Special category   data (ie sensitive personal data) in archives and books, which may include records of: charities; hospitals;

schools and educational bodies;

law courts; businesses; churches;

local government and the police as well as families and individuals

The amount of data available will vary considerably from individual to individual and we may not have any information for some individuals.

Kept in hard copy form (and in some cases in electronic form) by the archive service at WSHC. Many, but not all, records are catalogued and the catalogue is available on-line at:

http://www.wshc.eu/catalogues.html

For archiving purposes in the public interest, to allow historical research

Permanent

Kept for archival purposes. Access restrictions will apply to prevent unlawful access to sensitive information.

Please see our Collection Information Policy for information about closure periods and how to request access to closed records under a subject access request.

Records which are not closed are freely available during our opening hours – see www.wshc.eu for details.

Archives and GDPR

There is, unfortunately, a certain amount of misunderstanding about what GDPR means in terms of record-keeping. Contrary to what some have alleged, these regulations do not mean that all records containing personal data should be destroyed, redacted or removed from now on. Where appropriate, it is completely acceptable to retain records permanently as archives, to preserve our nation’s memory and provide public accountability for decision-making.

Article 5 of the GDPR states that personal data must be:

b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;

e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and

f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”

Article 9 states that special category data (ie sensitive data eg relating to race, sexuality, health, beliefs, etc) can only be processed under strict conditions including:

“(j)  processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.”

find-us

flickr

200px Pinterest logo

Follow us on Instagram

hp logo