MDEM only stores personal data that is relevant to our activities. This will at times include contact details for individuals and organisations. We will always ask for consent to store and use your data.
How do we use data
The MDEM programme is managed by Leicestershire County Council who is the Data Controller. With funding from Arts Council England (ACE) MDEM provides support and advice to Accredited museums in the East Midlands region through:
- Training opportunities
- Networking opportunities
- Dissemination of information and advice from third party sector partners
Why are we allowed to process your Personal Data?
- You may have consented for us to process your Personal Data in order to participate in the programme
- You have consented for us to send marketing materials
- If you are a supplier we have a contract with you so we can process your Personal Data
In order to fulfil its role MDEM holds Personal Data to promote the programme to potential participants and gain feedback and evaluation from attendees to assist with future programming. This is mainly via electronic means such as through the monthly newsletter, event invitations, surveys, events and distribution of wider sector news.
What data we collect
In order to fulfil this role MDEM holds personal data including:
- Contact details (including email addresses)
- Access requirements
- Dietary information
- Attendance at events
- Photographs and/or videos
- Grant Applications and the results there of
Access requirements are collected for event planning purposes and dietary information is collected for events where catering is provided. These are regarded as Special Category Data please refer to section Data Retention for details on how long this information is retained.
- Personal details including email address and contact telephone numbers will be reviewed every two years
- Email addresses inactive for two years will be deleted
- Special Category Data such as access and dietary requirements are collected through our Eventbrite booking system These details are archived after the completion of the event and permanently deleted after six months.
- Grant applications will be kept as required by the terms and conditions from the grant provider (usually seven years)
- Photographs and videos will be kept for five years plus the current year
Who will we share your Personal Data with?
We will not pass on or sell your Personal Data to a third party for their marketing purposes. However, as part of our contract with ACE we may share information regarding the MDEM programme with representatives from ACE. This may include names of participants at events, grant applicants and contact names for Accreditation purposes.
Specific elements of the MDEM programme require us to share personal information with Third Parties such as trainers, consultants and other sector organisations who directly support the programme. In these circumstances we will obtain a ‘Information Sharing Agreement’ to ensure that our partners are looking after your Personal Data in an efficient and compliant manner.
They only use your data for our specified purpose and do not share it with anyone else. We promise that they will keep your Personal Data safe and secure by obtaining a ‘Information Sharing Agreement’.
We will only share your Personal Data with Processors outside of the EU, if adequate safeguards are in place to keep your Personal Data Safe. They include:
- Mailchimp who send our monthly newsletter on our behalf. Their servers are based in the USA and consequently we will transfer your data to the USA. We have ensured that they have safeguards in place to keep your Personal Data Safe.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
It is important to us that you receive the maximum benefit from the MDEM programme and are able to participate in all aspects knowing that we are continuing to treat your Personal Data in a sensitive, appropriate, safe and confidential way.
We will not sell, distribute or lease your Personal Data to third parties unless we have your permission or are required by law to do so. We may use your Personal Data to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.
- You are entitled to see information we hold on you. Under GDPR this is called a Subject Access Request. You can ask for this information by any means, but we suggest that you call or email MDEM on the contact details below.
- You will also need to prove to us your identity, by supplying original or notarised photo ID. It is important that you prove your identity before we can send you any details.
- We will respond within one calendar month
- If you require this information, please email firstname.lastname@example.org
- You can ask us to stop writing to you at any time, please email your request to email@example.com
- You can ask us to update your records at any time, please email your request to firstname.lastname@example.org
- We will also consider a request from you to stop processing your Personal Data, however we may decide that it is essential for us to keep processing your data. If you want us to stop processing your data, please write to us explaining why by emailing email@example.com
- Should you wish to complain or discuss the way that we are handling your Personal Data, please contact firstname.lastname@example.org . You can also report a complaint directly to the Information Commissioners Officer (ICO) https://ico.org.uk/make-a-complaint/
- You can also seek further advice from the ICO, details can be found at https://ico.org.uk/