Privacy Policy
Who is responsible for your personal data?
The Kent Masonic Museum & Library Trust is responsible for your personal data.
Our registered address is:
The Kent Masonic Museum & Library Trust
St Peters Place Canterbury Kent CT1 2DA.
We are a Charitable Incorporated Organisation registered under Charity no 1163887. We are the data controller of the personal data which we collect from you, and so we are responsible for the ways your personal data are collected and the purposes for which your personal data are used. We are registered with the Information Commissioners as such, registration no ZA516867.
How we protect your data
We fully understand the importance and duty we have in protecting your privacy. We take appropriate organisational and technical steps to safeguard it whilst in our care, including:
- Restricting access to only those who require it to process data.
- Protecting our systems by the use of strong passwords which are regularly updated.
- Proportionate technical preventative solutions are installed on our systems to mitigate the risk of cyber-attack.
- Using encryption on our computers and mobile data devices.
- Ensuring our staff are trained and understand potential risks.
- Using adequate physical security at our museum and offices.
- When transferring data to a third party, by sending it securely using encryption or password protection or a reliable secure courier.
- Applying secure policies and procedures when taking files and records off site for business purposes.
- Deleting or destroying records or dispensing with IT equipment securely.
The personal data we collect from you.
The data we collect from you depends on the type of service or relationship you have with us. For us to run the museum it is necessary for us to collect and use any of the following:
| Type of personal data | Our reason or purpose for doing so |
| Your name and contact details (email address, IP address, telephone number, postal address etc). | When you contact us using our website. When you volunteer to assist with the running of the museum. When you record a comment. When you endorse our visitor’s book. When making an order from our shop. When you want to make further enquiries about becoming a Freemason. |
| Names of fellow guests, including the age of any children. | When you arrange a group visit. |
| Communication we have with you (emails, letters, telephone calls, messages sent to us, feedback) | When you get in touch with us. When you respond to our requests for feedback. |
| Digital images taken of you whilst at the museum. | We use CCTV for the purpose of crime prevention, it is active within the museum itself and at its entry point. |
| Bank information including payment card details. | When facilitating payment by card or cheque. |
| Health related information. | When making special arrangements for visitors or staff, and when required to do so by law. |
We may also collect limited amounts of more sensitive personal data in order to provide certain services to you.
This might include information about health issues affecting either a visitor of voluntary member of staff.
How we use your personal data
We can only use your personal data if we have a valid reason (or “lawful basis”) for doing so. The GDPR and Data Protection Act 2018 define a number of possible reasons, of which the following four apply to our use of your data:
- When you have given your consent for us to use your data.
- To assist entering into a contract with you.
- When we are under a legal obligation to do so.
- When it is in our legitimate interests.
In cases where we have chosen “legitimate interests”, we will give you further information on what these interests are and why the processing of your data is necessary to achieve this. If we choose this basis, we will have ensured that we have balanced our interests against yours and believe that you would reasonably expect us to use your data in this way.
You can find more detail on the different ways in which we use your personal data, and the reasons for doing explained below.
| What we use your personal information for | Our Lawful Basis | Our Legitimate Interest |
| To respond to your enquiries or requests. | Legitimate interest | To enable us to establish communications with you. |
| To carry out financial transactions with you. | Contract | For the sale of goods or services. |
| CCTV to prevent crime and provide a safe environment. | Legitimate interest | We are responsible for the well-being of our staff and the security of the artefacts within the museum. |
| To publish feedback, provided by you following a visit to our museum. | Legitimate interest | We make every effort to improve our services and require your input to help us do so. |
| To combat fraud and manage risk for us and our customers. | Legitimate interest | We need to protect the financial viability of the museum our customers and visitors. |
| To manage our staff and comply with health and safety legislation. | Legitimate interest Statutory obligations | We need to comply with all relevant regulations applicable to our visitors and staff. |
| We may use data that we have obtained from your online activities, such as the use of Cookies. | Legitimate interest | We want you to experience the best outcome when using our web site. |
| To recruit Freemasons. | Consent | We may share your information with officers of Masonic Lodges when you have expressed an interest in joining. |
| To facilitate a visit by person(s) suffering from health or mobility problems. | Explicit consent | We have a duty of care for our visitors, as well as a requirement to comply with relevant legislation. |
Information from third parties
We do not buy in data or sell data to third parties.
Who we share information with?
We will never sell, rent, loan or share your personal data with a third party for the purpose of marketing or other activity, unless you have provided us with explicit permission to do so.
Where we use an external service provider to act on our behalf, such as maintaining our computer or CCTV systems their staff may gain access to personal data whilst carrying out routine maintenance. We have contracts in place requiring external service providers to comply with our data protection and information security requirements and with the relevant legal requirements.
Should you express an interest in becoming a Freemason, we may, with your consent share your information with an officer of a Masonic Lodge. This will enable you to liaise with a Lodge and find out more about its activities including how to join.
We may also disclose your personal information without your consent if we are under a legal obligation to do so by a court of law, or an enforcement agency such as the police or HMRC.
International transfers
Our data processing is undertaken in the European Economic Area (EEA).
How long do we keep your information for?
We do not retain your personal data any longer than is necessary, which will vary according to the purpose we collected it for and its subsequent use. Wherever possible we will minimise the amount of data we need to retain.
As an example; for records of financial transactions we hold data for six years after the date of the transaction, or from the end of a contract to comply with financial regulations. By contrast CCTV images are automatically wiped from our system regularly and are never retained for more than 6 months, unless being used as part of a criminal investigation.
Your rights
You have the right to access your personal data and any such requests made to us shall be dealt with in a timely manner.
Your rights include:
The right to be informed about the collection and use of your personal data. This is a key transparency requirement of the GDPR.
- The right to access to information held about you.
- The right to have inaccurate personal data rectified or completed if incomplete.
- The right to have personal data erased.
- The right to request the restriction or suppression of the processing of their personal data.
- The right to data portability.
- The right to object to the processing of their personal data in certain circumstances.
- Rights in relation to automated decision making and profiling.
You also have the right to lodge a complaint with the Information Commissioner Office who can be contacted via their web site www.ico.org.uk
The GDPR does not insist for requests to be made in writing, however it will enable us to manage your request more quickly if you were to use either email or letter, accompanied by some means of identification such as a copy of a passport or driving licence.
In most circumstances’ charges will not be made. Information will be provided promptly and no later than 30 days following receipt of the request.
Changes to this privacy notice
We keep our privacy notice under is reviewed every 12 months. This privacy notice was last updated on the 16th October 2022.
How to contact us
If you want to request information about this privacy notice, or make a complaint you can ether write or Email:
The Data Protection Officer.
The Kent Museum of Freemasonry
St Peters Place
Canterbury
Kent
Or by email to: secretary@kentmuseumoffreemasonry.org.uk
