Kyle Station Museum Privacy Policy

Adopted March 2023

1 Introduction

  • Kyle Station Museum is committed to protecting and respecting your privacy and personal data. (Personal data is anything that can identify an individual, such as your name and address or financial information.) This Notice describes how we collect and use your personal data in accordance with the General Data Protection Regulation (GDPR).
  • We may change this Notice from time to time so please check this page occasionally to ensure that you are happy with any changes.
  • If you have any questions regarding our privacy practices please send them to enquiries@kylestationmuseum.org

2 Who we are

  • Kyle Station Museum is a trading name of Skye and Kyle Rail Development Company, registered charity number SC030238, company number SC198517, registered address Railway Buildings, Railway Station, Kyle Of Lochalsh, Ross-Shire, IV40 8AQ.
  • The Skye and Kyle Rail Development Company is both Data Controller (responsible for determining data processing and data protection requirements) and Data Processor (responsible for carrying out the processing of data on behalf of the Data Controller).

3 Website visitor data

  • The Kyle Station Museum website uses cookies, which is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. WordPress.org uses cookies to help Kyle Station Museum identify and track visitors and their website access preferences. Website visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using either website.
  • The WordPress privacy policy is visible here: https://en-gb.wordpress.org/about/privacy/. You can read our full Cookie Policy here.

4 Friends Membership data

  • If you join the Friends of the Kyle Line or if someone enrols you on your behalf, as in the case of Gift Membership, we collect your data via a paper membership form or via our website membership signup form. We ask for your full name, postal and billing addresses, and email. We also may collect bank details for Standing Order on paper forms, and via online and phone collection methods.
  • We will only use your data to manage your membership and associated benefits, including sending you news and publications, and organising events. We may send out membership communications by email and by post, including renewal reminders.
  • We will not use or sell your personal data for any other purposes.

5 Donor and volunteer data

  • If you provide your personal details along with a monetary donation to Kyle Station Museum or the Friends of the Kyle Line, or as part of volunteering your time or services, we will keep a record of your personal details alongside your contribution. We may use this information to claim Gift Aid.
  • If you tell us about potential future donations you intend to make, including legacies, we will keep a record of this information.

6 Newsletter subscriber data

  • You can subscribe to our online mailing list to receive news and updates from Kyle Station Museum. We use a third party called Mailchimp to collect and store this information. You can unsubscribe at any time. The Mailchimp Privacy Policy can be found here: https://mailchimp.com/legal/privacy/
  • We may collect and process data on how you interact with our emails. Your data will not be shared with other third parties

7 Lawful Basis for Processing

  • Friends Membership records: We hold data you have volunteered on or since joining as a member to fulfil our contract with you, whereby you pay a membership subscription and we enrol you as a member of the Friends of the Kyle Line. This is a ‘contractual basis.’
  • Email list: We may use the lawful basis of ‘legitimate interest’ to send Friends members news about our work via email as part of the benefits of membership. Members will have the opportunity to unsubscribe from news at any time. We also use this basis to email donors, volunteers and fundraisers where we have reason to believe they wish to hear more about our work.
  • We may send email content on matters such as fundraising or campaigning to subscribers who have signed up via the newsletter signup form on our website. In this case, data will be processed using the lawful basis of ‘consent’ and such consent will be explicit, opt-in, and freely given.
  • Hard copy mailing list: We may use the lawful basis of ‘legitimate interest’ to send Friends members publications and other notices where we feel they are of genuine benefit. We may send postal mailings to data subjects who are current or previous volunteers or donors on the basis of ‘legitimate interest’ if we have reason to believe they wish to hear more about our work.

8      Sharing your data

  • We will never share your details with any third party for marketing or profiling purposes.
  • We may share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.
  • Our website uses Stripe as an option for processing Friends member subscription payments. Their Privacy Policy is made clear to users before payment is made, and can be viewed here: https://stripe.com/gb/privacy
  • We use MailChimp to send occasional email communications. Their Privacy Policy is made clear to users signing up via MailChimp, and is visible here: https://mailchimp.com/legal/privacy/

9 Data storage & security

  • We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
  • Any paper copies holding personal data are held in a locked cabinet and disposed of securely.
  • Any personal data in digital form is stored securely in the cloud and is password protected.
  • We limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know.

10 Data retention

  • We will process your data during your Friends membership period or period of active volunteering or donating, and won’t keep your data for longer than necessary after you stop being a member, donor or volunteer.
  • If you cancel your Friends membership we may need to retain your details for our records for a limited amount of time. HMRC regulations require us to keep data on Gift Aided payments for 6 years from the end of the financial year they relate to. We have therefore set a maximum Data Retention limit on personal data of 7 years, after which your data will be routinely deleted if you are no longer an active member, donor or volunteer.
  • We may retain a limited amount of data after this date, such as your name and dates of membership, to help us keep complete historical records of membership to inform our activity. This applies unless you ask to be erased from our records (see 11 Your Rights, below).
  • If you ask to be erased from our records, any record of deletion will be kept in such a way that your data is anonymised.

11 Your rights

If we are holding your personal data, under GDPR you have the following rights:

  • Request access to, and a copy of, your personal information.
  • Request correction of the personal information that we hold about you.
  • Request erasure of your personal information.
  • Object to certain types of processing such as direct marketing.

You can find out more about privacy, your rights and GDPR on the Information Commissioners Office website.

If you have a complaint about our handling of your data you can contact the Data Controller / Data Processor on the details above. If you wish to complain to a supervisory authority you can do so by contacting the Information Commissioners Office.