This policy explains when and why the Mid-Suffolk Light Railway collects personal information, how we use it, the conditions under which we may disclose it to others and how we keep it.
Who are we?
In this policy, whenever you see the words ‘we’, ‘us’, ‘our’, it refers to the Mid-Suffolk Light Railway Company Limited, located at Brockford Station, Wetheringsett, Stowmarket, Suffolk. IP14 5PW. The Company is limited by guarantee and a registered charity. Registered in England No. 3244631. Registered Charity no. 1063635
Mid-Suffolk Light Railway Company Limited can also at times be referred to as the Mid-Suffolk Light Railway, the Mid-Suffolk Light Railway Museum, and ‘The Middy’ or just as MSLR.
At Mid-Suffolk Light Railway we’re committed to protecting and respecting your privacy.
Your acceptance of this policy, and our right to change it
By providing your information or using our website, social media pages or entering a competition you consent to our collection and use of the information you provide in the way(s) set out in this policy. If you do not agree to this policy please do not use our sites, social media pages or services.
We regularly review our policy and may make changes to this policy from time to time. If we do so, we will post the changes on our website and they will apply from the time we post them.
What is personal data?
Personal data is information that can be used to help identify an individual, such as name, address, phone number or email address.
The policy in brief
It’s important that you read the full policy to understand what information we hold, how we may use it, and what your rights are – brief details are below:
- We collect information that is either personal data (as outlined above) or non-personal data (such as visitor numbers)
- We collect information about members, volunteers, employees, suppliers & contractors, visitors & users of our museum and website.
- We collect data to provide information for administration, fundraising, events, research & crime prevention
- We only collect the information that we need.
- We do our very best to keep personal information secure, by limiting access to data held to authorised staff with password control of computers and all relevant software & databases.
- We never sell your data and never share it with any other company or charity.
- We only share data where we are required by law
- We only retain data as long as it is needed and dispose of it securely
They are the basics, but don’t forget to come back later and read the full policy (below), so you’ve got all the details you need.
This policy applies to any methods we use for collecting information including the website we operate and our use of emails for marketing purposes. It covers what we collect and why, what we do with the information, what we won’t do with the information, and what rights you have.
What information do we collect and why?
We will only ever collect the information we need – including data that will be useful to help improve our activities and services as a heritage steam museum. We collect two kinds of information:
- Non-personal information such visitor numbers. This helps us to determine how many people visit our site and how popular our events are. This information doesn’t tell us anything about who you are or where you live. It simply allows us to monitor and improve our service.
- Personal information such as name, postal address, phone number, email address, information about volunteer’s interests, information required to manage railway operations, ordering goods and services from suppliers, event booking and Gift Aid
We collect this information in connection with specific activities, such as membership applications, local resident passes, operational training and competency assessments, event bookings, newsletter requests, feedback, donations, fundraising, competition entries, gift aid, etc
We also maintain a record of persons donating/loaning artefacts to the museum as required for museum accreditation
The information is either needed to fulfil your request or to enable us to provide you with a required service. However, if you do choose to withhold requested information, we may not be able to provide you with certain services. You don’t have to disclose any of this information to browse our website.
Volunteers and Employees. In order to comply with our contractual, statutory, and management obligations and responsibilities to our volunteers and employees we may collect and hold specific personal information about you (e.g. references, details of emergency contacts, health, training record etc.). This information will be retained for legal or contractual reasons, to protect us (including in the event of an insurance or legal claim). In addition for our employees, our contractual responsibilities include those arising directly from your contract of employment and the data processed to meet these responsibilities.
CCTV A CCTV system controlled by us is in operation on the site for crime prevention purposes. The system does not capture footage outside our property. Suitable signs are displayed informing our visitors that CCTV is in operation.
What do we do with the information?
We will use the information you provide to:
- fulfil your requests – such as applications for membership, residents passes, donations, competition entries, booking for events, participation in campaigns and provision of information
- process sales transactions, donations, or other payments, claim gift aid and verify financial transactions
- identify visitors and contributors
- record any contact we have with you
- prevent or detect fraud or abuses of our website,
- carry out research on the demographics, interests and behaviour of our visitors and members to help us gain a better understanding of them and to enable us to improve our service. This research is carried out internally by our volunteers.
- communicate with our members and non-members who assist with our events and visitors
- contact persons donating artefacts to the museum only in connection with their donation
- If you have agreed to it, provide you with information that we think may be of interest to you.
Using your information for marketing
We only send marketing information to people who have agreed to us doing this, and we will only do so in the way(s) they have agreed to. Marketing information covers information about the goods and services sold, fundraising appeals and the other work we do such as providing safety messages and education.
We do not contact people who have provided us with personal details required for event booking, gift aid or residents passes for any marketing or other purpose not specifically required to facilitate their original request.
If we contact you and you want to change how, or if, you receive our communications, please e-mail firstname.lastname@example.org or via our website www.mslr.org.uk or by post to our Company address.
Sharing your information
We will only share your information if:
- We are legally required to do so, e.g. by a law enforcement agency legitimately exercising a power or if compelled by an order of the Court
- We believe it is necessary to protect or defend our rights, property or the personal safety of our members or visitors to our premises or website
- Otherwise we do not share your information with any other organisations.
Storing your information
Information is stored by us on our computers located in the UK. We may also store information in paper files.
We place great importance on the security of all personally identifiable information associated with our members, visitors and other users. We have security measures in place to protect against the loss, misuse and alteration of personal data under our control. For example, only authorised personnel are permitted to access user information and we password protect all computers and programs containing financial and personal information we hold. While we cannot ensure or guarantee that loss, misuse or alteration of data will not occur while it is under our control, we use our best efforts to try to prevent this.
Unfortunately, the transmission of data across the internet is not completely secure and whilst we do our best to try to protect the security of your information we cannot ensure or guarantee that loss, misuse or alteration of data will not occur whilst data is being transferred.
Where you or we have provided a password enabling you to access parts of our website or use our services, it is your responsibility to keep this password confidential. Please don’t share your password with anyone.
Details of members will be retained for a period of one year after the membership has lapsed due to non-payment to allow for forgotten and late payments and will be deleted immediately on notification of being no longer required or death. Details of members and others who have agreed to gift aid their payments will require to be retained for the statutory period of 6 years and any details provided are used solely for claiming gift aid.
Residents pass details will be retained for one year after the expiry of their pass. The paper forms used to collect the data for residents will be kept securely and will be destroyed once the data has been input to the database.
Event booking details provided on paper or the website and input to the database will be retained securely and all details held, including the associated e-mails, will be deleted no later than the year end in which the event took place. Details for non-members who assist with events will be retained only as long as they continue to volunteer.
Gift Aid details will be retained for the statutory period and any details provided are used solely for claiming gift aid.
Data provided on paper forms is kept secure prior to processing and the paper forms either destroyed following processing or kept stored securely if required to be retained.
We will keep your information only for as long as we need it to administer your relationship with us and provide you with the goods, services or information you have required, to comply with the law, or to ensure we do not communicate with people who have asked us not to. When we no longer need information stored either on electronic or paper records we will always dispose of it securely.
CCTV images are securely stored with only a limited number of authorized persons having access and images are only retained long enough for any incident to come to light and be investigated. Images are not shared with any other organisations except for law enforcement bodies, if requested.
What we don’t do with your information
- We never sell or share your information with other organisations
The Data Protection Act gives you certain rights over your data and how we use it. These include:
- The right to have inaccurate personal data rectified, blocked, erased or destroyed
- The right to prevent your data being used for direct marketing
- The right of access to a copy of the information we hold about you (known as a subject access request)
- If you wish to exercise any of these rights please contact the Data Protection Officer in writing at the Company address or by emailing email@example.com or our website www.mslr.org.uk
- The Data Controller is the Mid-Suffolk Light Railway (MSLR)
- For more information about your rights under the Data Protection Act go to the website of the Information Commissioner’s Office at ico.org.uk.