Privacy Statement

How long your personal data will be kept

We will only hold your personal information for as long as necessary. To work out how long we need to keep your information for we use our retention schedule. You will be informed in the service specific privacy notice of how long your data will need to be kept prior to secure disposal.

Who we share your personal information with

Your personal information may be shared with internal departments or with external partners and agencies involved in delivering services on our behalf. However, we will only share information with organisations who will also comply with appropriate data protection laws. You will be informed in the service specific privacy notice of who your data may be shared with, if at all. Sharing of information is crucial to the successful delivery of local services. The GDPR specifically recognises that “data protection” should not be an excuse to prevent proper sharing of personal data. The Kent and Medway Information Sharing Agreement (KMSA) provides a framework to enable a number of organisations and public bodies across Kent and Medway to share personal information. The Agreement reflects the requirements of the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 (DPA 2018). KCC does not pass personal data to third parties for marketing, sales or any other commercial purposes without your prior explicit consent. Our website We collect certain information or data about you when you use sevenoaksmuseum.org.uk. We collect:

• questions, queries or feedback you leave, including your name, postcode and email address
• details of which version of web browser you used and other information about your device
• information on how you use the site, using cookies and page tagging techniques

For more information on cookies and related technologies used on this site, and how to disable them read our cookie policy. The data we collect on this site can be viewed by authorised people in Kent County Council as well as our suppliers, to:

• improve the site by monitoring how you use it
• gather feedback to improve our services
• respond to any feedback you send us, if you’ve asked us to
• allow you to access council services and make transactions
• provide you with information about local services if you want it.

Storing your website data

We store your data on secure servers in the EEA. Sending information over the internet is generally not completely secure, and we can’t guarantee the security of your data while it’s in transit. Any data you send is at your own risk. We have procedures and security features in place to keep your data secure once we receive it.

Links to other websites

Sevenoaksmuseum.org.uk contains links to other websites. This privacy statement only applies to Sevenoaksmuseum.org.uk and doesn’t cover other services and transactions that we link to. These services will have their own terms and conditions and privacy policies. If you go to another website from this one, read the privacy policy on that website to find out what it does with your information. Emails  Sevenoaksmuseums central email address () is monitored and managed by the Museum. Only authorised members of staff have access to the emails. All emails are managed from with KCC’s secure ICT Network. The information you provide in any email you send us will depend on the reason for your enquiry and what you are trying to get done. You should read the privacy notice relating to the service that you are emailing us about.

Reliance on UK exemptions from GDPR

KCC may process information in reliance on the exemptions under the Data Protection Act where allowed (for example where the personal data is processed and a claim to legal professional privilege would apply; in relation to the provision of confidential references; or where personal data is processed for the purposes of management forecasting (to the extent that such activity would be prejudiced by advance notification).

Your rights

Under the GDPR you have rights which you can exercise free of charge that allow you to:

• know what we are doing with your information and why we are doing it
• ask to see what information we hold about you (known as a Subject Access Request)
• ask us to correct any mistakes in the information we hold about you
• object to direct marketing
• make a complaint to the Information Commissioners Office
• where we process information based on your consent, you have the right to withdraw your consent at any time.

Depending on our reason for using your information you may also be entitled to:

• ask us to delete information we hold about you
• have your information transferred electronically to yourself or to another organisation
• object to decisions being made that significantly affect you
• object to how we are using your information
• stop us using your information in certain ways.

We will always seek to comply with your request, however, we may be required to hold or use your information to comply with legal duties. Please note, your request may delay or prevent us delivering a service to you. For further information about your rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioner’s Office (ICO) under GDPR. If you would like to exercise a right, please contact the Information Resilience and Transparency Team at .

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. Emails that we send to you or you send to us may be retained as a record of contact and your email address stored for future use in accordance with our record retention schedule. If Sevenoaks Museum needs to email sensitive or confidential information to you, we will perform checks to verify the correct email address and may take additional security measures. If sending us such information we recommend using our secure online forms where provided, or the postal service. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Contact

Please contact the Information Resilience and Transparency Team at  to exercise any of these rights, or if you have a complaint about why your information has been collected, how it has been used or how long we have kept it for. You can contact our Data Protection Officer, Benjamin Watts, at  or by writing to Data Protection Officer, Sessions House, County Hall, Maidstone, Kent ME14 1XQ You also have the right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner.