Name: Pale Blue Dot
Price range: $

Privacy Policy

Name of museum: Northern Ireland War Memorial (NIWM)

Name of governing body: The Council of the Northern Ireland War Memorial Incorporated

Date policy was approved: 17th January 2019

Review Procedure: Annually or as required

1. Introduction

The NIWM is committed to protecting the privacy and security of its visitors. The NIWM considers the museum’s visitors to be people who visit the museum physically, online and people who avail of the museum’s outreach programme and other services. This Privacy Policy explains how and why the NIWM collects and uses personal data in line with the General Data Protection Regulations (GDPR) and in doing so ensures that visitors remain informed and in control of their information.

This policy is reviewed annually or as required and is available to read online at www.niwarmemorial.org where updates are published.

2. About NIWM

The NIWM is an accredited museum situated in the heart of Belfast’s Cathedral Quarter. The museum tells the story of Northern Ireland’s role in the Second World War focusing on the story of the Belfast Blitz in 1941, the Ulster Home Guard, the role played by women in the war and the presence of US Forces from 1941.

The Council of the Northern Ireland War Memorial (Incorporated) is a registered charity in Northern Ireland (NIC 103635) and registered as a company limited by guarantee (NI 002888).

3. GDPR definitions

Data: information which is being processed or recorded.

Personal data: any information relating to an identified or identifiable natural person (identifiers include name, identification number, genetic identity etc.)

Data subject: a living individual to whom personal data relates.

Data Processing: any operation or set of operations which is performed on personal data or on sets of personal data, manually or by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data Controller: the organisation which determines the purposes and means of the processing of personal data.

Data Processor: any person (other than an employee of the data controller) who processes the data on behalf of the data controller.

4. The NIWM’s commitment to data protection

As a controller of data, the NIWM is aware of and is compliant with the 6 data protection principles under GDPR.

The NIWM collects, stores and processes data:

In a fair, lawful and transparent way
For specified, explicit and legitimate purposes ('purpose limitation')
Adequately and relevant and limited to what is necessary ('data minimisation')
Accurately (keeping data up to date)
No longer than necessary
With integrity and confidentially by taking security measures against unlawful processing, damage or destruction

The NIWM collects, stores and processes data on the following grounds:

Necessary for the performance of a contact
Legal obligation
Legitimate interests
Archiving in the public interest

The NIWM has made its suppliers who act as Data Processors aware of the changes to the Data Processing Schedule. The NIWM has specific Data Protection agreements in place with its Data Processors where necessary.

5. What data does the NIWM collect, store and process from the public?

The NIWM collects personal information in order to understand its users’ needs and provide them with the service they expect to receive.

The main reasons the NIWM collects data:

To maintain internal records and statistics which are reported to stakeholders (visitor figures and feedback etc.).
To provide past and potential visitors with information on upcoming events and projects that may be of interest.
To gather feedback which informs our strategic planning.
To send email alerts to users who have requested them.
To improve our service and our website according to the user's preferences.
To answer research enquiries or to provide information on other organisations that may be of interest.
To complete the documentation procedure for new objects and stories added to the museum collection, ensuring transfer of title to the NIWM and compliance with the Museum Accreditation standard.

6. Data relating to Staff, Volunteers and Job Applicants

The NIWM collects, stores and processes personal information about prospective, current and former staff, including applicants, employees (and former employees) and including agency, casual and contracted staff, volunteers and those carrying out work experience.

For candidates for employment, we process data to fulfil our legal obligations, to take steps preparatory to a contract and for legitimate interests as recruiting/prospective employers. For employees, we process data on to fulfil our responsibilities under contracts.

For volunteers we process personal data to fulfil legal obligations (for recruitment and safeguarding) and for legitimate interests in the case of expenses and training records.

Special category data is obtained and processed for employees and candidates for employment for carrying out the obligations and exercising specific rights in the field of employment and social security and social protection law.

Types of data we process

The personal data we process in relation to employment, volunteering and training is provided to us by individuals beginning with the point of application for a role at NIWM and continuing during our continuing relationship with them as candidates for employment, employees or volunteers.

In order to carry out our activities and obligations in respect of candidates for employments, employees and/or volunteers we may handle data in relation to:

Personal demographics (including gender, age, race, ethnicity, sexual orientation, religion) (employees and candidates)
Contact details such as names, addresses, telephone numbers and emergency contact(s) (employees, candidates and volunteers)
Employment records (including professional membership, references and proof of eligibility to work in the UK and security checks) (employees and candidates)
Bank details (employees, candidates and volunteers)
Pension details (employees only)
Medical information (e.g. occupational health information) including physical health or mental condition (employees only)
Information relating to health and safety (employees and volunteers only)
Trade union membership (employees only)
Offences (including alleged offences), criminal proceedings, outcomes and sentences (employees, prospective employees who have received an offer of employment and volunteers)
Employment tribunal applications, complaints, accidents, and incident details (employees, candidates and volunteers)
CCTV images and other photographic images used for promotion/fundraising

Purpose of processing this data

Our legal bases for processing this information are: to fulfil our contract obligations; to comply with our legal obligations; and legitimate interests.

We process your data for the following reasons:

Staff administration and management (including payroll and performance)
Pensions administration
Business management and planning
Accounting, Record keeping and Auditing
Crime prevention (including prevention of fraud) and prosecution of offenders
Provision of education and training
Health administration and services
Monitoring health and safety arrangements
To comply with legal obligations
Contacting next of kin in the event of an emergency

Where the provision of personal data is a statutory or contractual requirement or a requirement relating to entering into a contract, if you fail to provide that data it might affect your application for employment/engagement or continued employment/engagement.

7. Further information for visitors

When engaging with NIWM by visiting the museum, using the website, donating an object or story, joining our mailing list or making an enquiry; you are sharing information with NIWM alone. Your information will not be shared with any other organisations or third parties unless we have your permission or are required to do so by law.

Data shared with NIWM is safely and securely stored on our server and internal network. NIWM has an internal Data Protection Policy which outlines how data is stored and accessed securely by authorised staff.

Mailing list subscription:

If you have subscribed to the NIWM mailing list, we will regularly contact you with updates on NIWM activities by email. Each of these emails will present you with an opportunity to make changes to the personal information we have stored about which ensures your data is kept up to date, In line with GDPR regulations. The data of mailing list subscribers will be stored securely at NIWM for 5 years. After that time data subjects will be asked to re-subscribe if they wish to continue to receive mail NIWM.

You can opt out of receiving any correspondence by clicking unsubscribe in any of our emails or by writing to us using the address at the bottom of this policy.

Donating objects/stories:

When donating objects or stories to the NIWM collection, we will ask the owner or depositor to complete paperwork as outlined in our Documentation Procedures Manual. This information will be retained with the object and added to our Collections Management System which allows us to account for all the objects in our care. The paperwork we complete with donors allows us to:

capture important information about the object which provides meaning for future generations
contact donors about future decisions regarding the object
prove transfer of title to NIWM

Enquiries:

When responding to general and research enquiries, we may signpost you to other organisations. We take no responsibility for those organisation’s personal views, or the service provided by them. These organisations will have their own privacy policies which you should consult. You should be cautious before you share any personal details with them.

Photography:

When we photograph our events, a photography notice will be displayed explaining that photographs taken will be used solely for the activities of NIWM and may appear in promotional material, whether in printed or electronic form (website, social media, film). The notice will also explain that on occasions we may release the photographs to the media and that every effort will be made to ensure the photograph is not used outside of the context in which it was taken.

NIWM will ask people who appear in photographs to complete a photography permission form. Parents/guardians of individuals under the age of 18 will be required to sign and complete a photography permission form.

When photographing our events NIWM may collect some data about the photograph subjects (e.g. name, school name, age). NIWM respects the privacy of children and adults who take part in our learning programmes. NIWM will store photographs and data securely in an image library for no longer than five years, and your consent will automatically expire after this period. At this stage your data will be deleted, however the photograph(s) will be stored and retained in our archive indefinitely.

8. Access to Information

The Data Protection Act 2018 and the application of the GDPR give members of the public certain rights of access to recorded information about them held by NIWM. You can make a subject access request for such information, as outlined in Article 15 of the GDPR, to the NIWM Data Protection Officer at 21 Talbot Street, Belfast, BT1 2LD. Further information on such requests and related rights can be found on the Information Commissioner's website at www.ico.org.uk.

9. Safeguarding Children and Adults at Risk

This Privacy Policy should be read in conjunction with our Safeguarding Children and Adults at Risk Policy.

Questions: If you have any questions regarding this Privacy Policy you can contact us by emailing info@niwarmemorial.org or in writing to the address below:

Northern Ireland War Memorial

21 Talbot Street, Belfast, BT1 2LD