Introduction

Amersham Museum aims to comply with the Data Protection Act (1998) and the new General Data Protection Regulations (GDPR) 2018. This policy was created in April 2018 following the completion of a data audit, with updated in May 2018. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By using our service and completing any forms you agree to your data being used for the purposes specified below.

For the purpose of GDPR, the data controller is Amersham Museum Limited (company number 01790935) (“Amersham Museum“).

 

Data Collection

The museum collects personal data from staff, volunteers, Friends of the Museum, donors, people participating in events and activities (both to join the activity and to evaluate it). Their data is gathered in different ways, for different purposes.

The museum will ensure that personal information is only used for the purposes stated when the information is provided. If an individual would like to be contacted about other museum activities they are asked to complete a consent statement and given the privacy notice and a link to this policy (click here for privacy notice and consent statement).

Data Storage: Security

All data is kept securely, with limited access, either in locked cabinets or secure folders, on our server or a GDPR compliant server. Your information will be kept for the minimum amount of time before it is disposed of securely. 

Data Storage: Time

All data is kept for a reasonable amount of time, in relation to its uses:

  • Staff records are kept for one year after a member of staff has left
  • Volunteer records are kept for one year after a volunteer has left
  • Information related to Gift Aid returns must be kept for six years after the return is made
  • Personal details related to donations to the museum’s collection are held indefinitely
  • Personal details relating to joining a club or activity are deleted once the activity is completed
  • Personal details relating to Friends of the Museum are only held during membership; if someone does not renew their membership their details are removed and deleted
  • Evaluation forms are kept for two years after completion and then destroyed

Consent

Where it is necessary to obtain consent to contact people – primarily in relation to promoting the museum’s activities – a consent form must be completed. The consent form will be accompanied by a short privacy statement, which will detail the following:

  • information about the museum including address and charity number
  • what data the museum collects
  • what happens to data, how it is stored and kept secure
  • cookies on the website,
  • how to ask for a ‘subject access request’
  • how the policy is updated, the date of the last update
  • how to get in touch and where the policy is available.

When personal data is used to contact people – primarily through our mailing list to promote activities – the option to opt out of being contacted will always be given.

Storage of Consent Information

All consent information will be recorded on an excel spreadsheet, which is in a  folder on the museum server. Only the curator, learning officer and trustees have access to the folder. Any paper versions of the consent form will be destroyed. The spreadsheet will also record the date that the information was collected and the place where the information was completed.

Subject Access Requests

The museum will respond to any Subject Access Requests within two weeks of application. Applications can be made in writing to the Curator or by email to info@amershammuseum.org

The museum will provide information on what data is held on that individual, how that data is used and the source of the data.

Review and Update

This policy will be reviewed once a year, every April. It will be reviewed by the curator and presented to the board of trustees for approval. Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.

 

Privacy and using our website

IP addresses

We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns.

Location information

We may also use technology to determine your current location (or the location of your IP address). Some of our services are barred from delivery to certain geographical locations; other services require your location data for the features to work.

Cookies

To enable us to provide you with the best possible experience of our site and services we may obtain information about your general Internet usage by using a cookie file which is stored on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service. Some of the cookies we use are essential for the site to operate.

If you continue to use our site, you agree to our use of the disclosed cookie file.

Cookies are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

Cookie Name Purpose Expiry
__utma __utma Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing __utma cookies exists. The cookie is updated every time data is sent to Google Analytics. 2 years from set/update
__utmt __utmt Used to throttle request rate. 10 minutes
__utmb __utmb Used to determine new sessions/visits. The cookie is created when the javascript library executes and no existing __utmb cookies exists. The cookie is updated every time data is sent to Google Analytics. 30 mins from set/update
__utmz __utmz Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics. 6 months from set/update
__utmv __utmv Used to store visitor-level custom variable data. This cookie is created when a developer uses the _setCustomVar method with a visitor level custom variable. This cookie was also used for the deprecated _setVar method. The cookie is updated every time data is sent to Google Analytics. 2 years from set/update
WordPress Session wordpress_logged_in_{hash} Used to authenticate the current user expire when you close your browser
WordPress Cookie test wordpress_test_cookie Used to test if cookies are enabled expire when you close your browser
Transversal Video player __distillery This cookie is used by Transversal video player to remember where you are in a video so that if playback is interrupted (for example, by losing your internet connection) then you can get right back to where you left off. expire when you close your browser
WordPress Admin configuration wp-settings-{user_id} used to persist a user’s wp-admin configuration. expire when you close your browser
WordPress Action Tracker wp_sharing_{id} used to track whether or not a user has already performed an action. expire when you close your browser
Is Mobile? akm_mobile stores whether a user has chosen to view the mobile version of a site. expire when you close your browser
Is Logged in? wordpress_logged_in* used to check whether the current visitor is a logged in WordPress.com user. expire when you close your browser

You can block cookies by activating the setting on your browser which allows you to refuse the setting of all or some cookies. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies as soon you visit our site.

Where we store your personal data

All information you provide to us is stored by us on our secure servers.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

 

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

 

For further information contact Emily Toettcher, the curator, info@amershammuseum.org or call 01494 723700

 

 

 

 

Plan Your Visit

49 High Street
Old Amersham
Buckinghamshire
HP7 0DP

01494 723700
info@amershammuseum.org

OPENING TIMES
In 2018, the museum is open from 10th February, every Wednesday to Sunday (and Bank Holiday Mondays) from 12 noon to 4.30pm.
We are open throughout the week for groups, schools, workshops and special events.

£3 Adults | Children are free

“Enjoyed our visit to this wonderful interactive museum where you are positively encouraged to touch things!”

Staying In Touch

Subscribe to our newsletter for all the latest news & events