Data Protection/ Privacy
At all times it will be our intent to follow the law and best practice in the retention and use of data including personal data as reflected in the DPA (Data protection Act) and GDPR (General Data protection Regulations).
No data will be retained beyond seven years except for historical records purposes. This includes invoices/ bids/ old accounts / bookings records / etc.
Personal data that is over 3 years old will be regarded as out of date and deleted or archived and the reasons for archive (instead of deletion) documented if that option applied.
Most use by, Corsley Reading Room, of contact data/ personal data falls under the category of “contract” or “legitimate interest”. For example the major use for hall bookings.
All/any use of contact data outside of “contract” will be subject to an “opt-in” option having been explicitly indicated by the subject person.
All communications requesting contact information will make clear the scope of its use and, where appropriate, the time limit.
We will never ask for personal information which is not needed for the purpose we are using the data.
We will never pass personal data to a third party without explicitly obtaining the subject person’s consent.
No record is kept by The Reading Room of messages sent using the Contact forms. All such messages are sent direct from the individual to those handling the query / booking.
This policy will be updated in the light of further guidance from the ICO (Information Commissioner’s Office) and others.