This page provides further information on how Norfolk County Council’s Museums Service (the Museums Service) uses your personal information. By ‘use’ the Museums Service means the various ways it may be processed, including collected, storing and sharing the information.
We also provide further details regarding:
- Who we are
- How long we use your information for
- Your rights under the GDPR, and
- How to exercise them
You can see this information in our General Privacy Notice on our web site, or you can ask us for a copy of this information.
What we use your personal information for
The Museums Service uses your personal information to:
- Administer museums membership including Norfolk Museums Pass and e-newsletters
- Administer events and exhibitions including issuing tickets for these events
- Administer archives and collections including object ownership, provenance, location control, due diligence, audit trail
- Provide learning
- Administer volunteers
- Carry out statistical analysis about who visits and uses its services so the Museum Service can better understand its audiences
- Provide conservation and exhibition design for third parties/business
- Monitor and improve our services including carrying out surveys, questionnaires and evaluation forms
The Museums Service may also use information in other ways compatible with the above.
The information we collect and use
The information we may collect and use may include your:
- Personal details: name/date of birth/age
- Contact details: address/phone number/email address
- Education: schools/colleges attended/currently in education/further education
- Social relationships: next of kin/emergency contacts
- Financial: payments made/bank details
- Employment history: job profession/references
We may also collect information about health including disabilities which is classed as “special category data” under the GDPR.
The GDPR includes safeguards to protect the use of your special category data. Further details can be found on our website, which sets out our procedures for compliance with the principles of the GDPR and the retention and erasure of this information.
Who provides this information
The personal information we hold is information you have provided to us.
How the law protects you and the legal basis for processing your information
We have legal grounds to process this information because it is necessary for the performance of a task carried out in the public interest. This includes tasks under the:
- Public Libraries and Museums Act 1964
We have legal grounds to process special category data and criminal convictions data where it is in the exercise of a statutory function and it is in the necessary for reasons in the substantial public interest. The statutory functions are as set out above.
Who we share your information with
We may share the name of a lender/donor of an object to the Museum Service with other institutes and organisations for the purpose of loaning exhibits.
We will also share your information, subject to contractual and other legal safeguards, with organisations contracted by us to provide a service to the council or directly to you. These service providers are known as data processors and have a legal obligation under GDPR and to us to look after your personal information and only use it for providing that service.
Finally, the Museums Service may also share your information across different departments of the County Council, where it is necessary for our public tasks or functions to do so.
How we keep your information
The information is stored electronically, on our records management system. Additionally, information is securely stored in other mediums, including email accounts and in paper files. We do not process your information outside of the European Economic Area.
Automated decision making
We do not make automated decisions about you and your family.
Data of notice
This notice was updated in September 2019.