Includes collecting; storing; accessing; and deleting.
Who We Are
Royal Engineers Museum
Prince Arthur Road
We are registered as a charity and our registration number is: 295173.
We are registered with the Information Commissioner’s Office and our registration number is: A8348007
The RE Museum is one of a number of charities linked to the Corps of Royal Engineers and the Ministry of Defence through the management of the Regimental Headquarters of the Royal Engineers. We share our governance and Trustees with the Institution of Royal Engineers (Registered Charity No. 249882).
Our website address is: http://www.re-museum.co.uk.
What Information We Collect About You
We collect the personal data that you may give as part of ticket booking, research or museum service enquiry, online purchase, Friends of the Museum or learning club membership, object donations, newsletter sign up and visitor surveys. This may include:
• Details of financial transactions including the payment of membership fees and service charges.• Address, email address and phone number.
• Name, title, gender and age.
• In the case of our learning service customers, we may keep details of special education needs and disabilities that you provide.
We will also collect and hold information about you as a visitor, service customer or supporter of the RE Museum. This may include:
• Details of financial transactions including the payment of membership fees and service charges.
• Details of financial donations.
• Gift Aid status.
• Details of correspondence sent by or to you.
Images and video footage of you as a visitor may also be collected by the Museum.
• CCTV is in place as a crime prevention measure for the security and safety of the Museum Collection, staff and visitors.
• Staff may also take photographs of visitors at Museum events and activities. Notices will inform visitors and invite those not wanting to be photographed to inform Museum staff.
We will also hold personal and career information of our staff and volunteers. This may include:
• Payroll and pension information.
• Next of Kin details.
• Details of sick and maternity leave.
• Performance and disciplinary records.
• When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
• Visitor comments may be checked through an automated spam detection service.
WEBSITE CONTACT FORMS
Your submitted content is collected.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
EMBEDDED CONTENT FROM OTHER WEBSITES
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
We use Google Analytics to track user activity – this data is anonymised.
How We Use Your Data
Your data will be used only to support the legitimate purposes of the Royal Engineers Museum. Depending on your relationship with the Museum and, where necessary, the consent you have given we may use your information to:
• Deliver a service requested by you, process a payment or to fulfil a contract with the Museum, for example, the payment of an image reproduction request or purchase of online tickets.
• Enable the collection of Gift Aid.
• Inform you or events, exhibitions and activities organised by the Museum.
• Send you our e-newsletter or Friends of the Museum annual newsletter/report.
• Keep records of provenance and ownership of objects donated to the Museum.
• Inform you of the Museum’s fundraising activities, including details of new fundraising campaigns and targets.
• Meet the legal requirements of an employer towards its employees and, where appropriate, the management of volunteers.
• In the case of CCTV, for the security and safety of the Museum Collection, staff and visitors.
• Develop Museum services and tailor them to specific user needs.
How Long We Keep Your Data
We will retain your data:
• Until you inform us that you no longer wish to be contacted by the Museum.
• While you are a member of any Museum club or association.
• As required under UK law; for seven years in the case of financial transactions and for a minimum of 6 years after employment ceases in the case of employee basic personal data (name, address and contact details).
• Details of object donors will be retained in perpetuity or as long as the Museum holds said objects.
• As stated in the terms of specific agreement entered into, e.g. permissions for child photography are held for 5 years.
• If you leave a comment on the website, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
• For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Information will be destroyed or deleted in a manner appropriate to its sensitivity.
How and When We Share Your Data
The RE Museum is one of a number of charities linked to the Corps of Royal Engineers and the Ministry of Defence through the management of Regimental Headquarters of the Royal Engineers (RHQ RE). The Museum uses the services of a charitable accounts department and personnel manager provided by the MOD.
All Corps charities also use the same single database to manage, where appropriate, their members, contact and customer details. Personal data will be shared between the charities in order to ensure that any changes you make with one charity automatically update your membership details of other Corps charities to which you subscribe. We will only share any sensitive data (e.g. bank details; family or benevolence details) with your express permission.
The Museum also has contracts and agreements in place for the management of its website, till, CCTV and IT network services. We ensure that our external suppliers have appropriate privacy and security policies and procedures in place.
With the exceptions listed above, we will only share your data with someone with your permission or where we are required to by law. We will never use your data, or allow others to use your data, for any marketing purposes other than that expressly connected with Museum activities.
How We Keep Your Data Secure
• The RE Museum has security procedures and protocols in place to protect the personal data. This includes:
• All staff receive periodic training and updates on the correct method of safe and secure handling of personal data.
• Other digital soft copy data e.g. emails, financial transactions (tills, e-tickets), are held on secure servers maintained under agreement and/or contracts.
• Data held in hard copy is secured locked cabinets or rooms with access restricted to the relevant Museum staff only.
• Museum CCTV footage is held for up to 90 days before being deleted. If, following a security incident, footage is required then it will be saved, securely, for as long as necessary.
• DATAWARE hosts the single members and contacts database that supports all Corps charities; no data is stored or processed outside the EU; data is fully encrypted both ‘at rest’ (ie, when stored on the server) and ‘in motion’ (when being sent between computers). Your data only appears as ‘open’ information when being viewed by an authorised member of staff and the Museum has a formal Data Sharing agreement in place with other Corps charities that use the database.
What Are Your Rights?
You may request to see the personal information the Museum holds on you by submitting a Subject Access Request to the Museum’s Data Controller. To make a Subject Access Request you will have to provide adequate proof of identity such as a passport or driving licence. The Museum will respond within 40 days of receipt of your request. Exemptions to disclosure may apply in some circumstances.
If at any point you believe the information we hold on you is incorrect you may ask to see what data we hold and, where necessary, have it corrected or removed.
If you want to complain about how we handle your data you should contact our data controller; if that does not help then contact our Data Protection Officer and finally, if you still feel we are not processing your data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).
Our Data Controller is the Museum Director who can be contacted at:
Our Data Protection Officer is the Corps Secretary who can be contacted at:
Regimental Headquarters Royal Engineers
This privacy notice was agreed in May 2018.