Archival work, historical research and genealogy involves uncovering personal information about your ancestors as well as living relatives on occasion. This Privacy Policy sets out what happens to any personal data that you provide or that is collected from you. The Privacy Policy is updated as necessary in line with the Data Protection Act, 2018.
As the owner of Archive Angel, I, Maxine Willett, am the Data Controller (as registered with the Information Commissioners Office, reference: ZA352484) for this business. I am a sole trader, meaning there are no other data handlers within Archive Angel. I have read and completed the checklist issued by the ICO concerning GDPR legislation and have incorporated such information in this Privacy Policy as per the Data Protection Act 2018.
Information held on third parties may include names, email addresses, postal addresses and telephone numbers which come from one source, namely: clients’ names and contact details provided to me by the individuals concerned in respect of commissioned research.
These details are not passed on to any third party; the exception being if I should pass an element of a research project (archaeology for example) on to another researcher and there are areas needing to be discussed separately with the client. However, this is only undertaken having received the client’s prior consent. If client names and contact details are not required for the external researcher to undertake their element, then they are not forwarded.
Storage provision and security
Contact details of clients are stored electronically on my work computer as well as on an external hard drive, used as a backup medium and on my online backup system. Details are also held in written form on hard copy (paper) contract agreements. Electronic records are kept secure by password protection and encryption mechanisms. Written records are kept in a locked filing cabinet to protect from theft, fire and water. All reasonable measures are taken to keep all records secure and up to date.
Subject access request/data amendment
Any data held on an individual can be accessed by application to me as Data Controller. An acknowledgement of the request will be given within 2 working days of the request having been received. Provision of data will be actioned on verification of the individual’s identity and by their method of choice within 7 working days of the request having been acknowledged. This process also applies to requests for data to be destroyed.
Retention Period
All information is held for a period of seven years to comply with the legal requirements of reporting to HM Revenue and Customs department for tax purposes. Providing there are no investigations or audits required, any data dating from eight years prior and no longer being used in connection with current project work, will be destroyed.
The data protection policy confirms my commitment to
- protecting your personal data
- ensuring personal data it is up to date and accurate
- ensuring personal data is secure
- ensuring clear processing of data in respect of its collection and use
- adhering to the use of personal data only in respect of professional activities
- adhering to a data protection policy which is fair, lawful and proportionate
- retaining personal data and records for 7 years to fulfil legal compliance obligations
- processing data requests within seven working days
The transmission of information via the internet is not completely secure and therefore I cannot guarantee the security of data sent to me electronically, therefore transmission of such data is entirely at your own risk.