Security Statement

1. General

Preservation of your privacy is important to the Norfolk Archives and Heritage Development Foundation (NORAH) and we are committed to letting you know how we use your personal information and to making only responsible use of your data. Under the Data Protection Act of 1998, and from 25 May 2018, the General Data Protection Regulation, we have a legal duty to protect any information we collect from you.

NORAH is a charity registered in England and Wales, registered charity number: 1167279 and is Data Controller for all of the data it collects during its day-to-day activities.

NORAH receives administrative and secretarial support from the Norfolk Record Office (NRO). As such, the NRO processes personal data on behalf of NORAH. The NRO manages such data in accordance with all data protection legislation as indicated above. It is not used by the NRO for any of its administrative purposes, unless you give your permission for it to do so.

Any queries regarding NORAH’s handling of personal data, including subject access requests, should be directed to Mr Gary Tuson, Authorised Official of NORAH, The Archive Centre, Martineau Lane, Norwich, NR1 2DQ.


2. NORAH’s Mailing List

We only add your details to the NORAH mailing list, also referred to as a contact database, if you have opted-in to receive news about our work and fundraising campaigns. We will not share your details with anyone else, without first getting your permission. Though the mailing list is managed by the NRO for NORAH, the NRO will not use it for their own purposes unless you give them permission to do so. You can opt out from receiving information about NORAH’s work and fundraising campaigns at any time.


3. When Else Do We Collect Personal Information

If you donate money to NORAH, you will not be added to NORAH’s mailing list/contact database unless you actively opt in. Details of your donation are retained temporarily for administrative purposes, and if you complete a Gift Aid form, details are shared with HM Revenue and Customs in order to process the Gift Aid. NORAH retains those financial records which contain personal name information for a maximum of seven years or as long as you stay on NORAH’s mailing list/contact database, whichever is the longer.

Any personal details acquired by NORAH as a result of enquiries it received or its day-to-day activity, such as guest lists for NORAH events, are only retained for a maximum of four years. Similarly, details of and communication with its trustees and volunteers will only be retained for a maximum of four years after someone ceases to be a trustee or volunteer.


4. Security

We take all reasonable precautions to prevent the loss, misuse or alteration of information you give us. NORAH uses MailChimp to distribute emails to people on its mailing list. MailChimp is an American company, and consequently, data is held on secure servers in the United States as well as secure servers in the United Kingdom. Any physical records which contain personal information are kept in a secure office environment and then in locked cabinets.


5. Website

NORAH uses cookies on its website. A cookie is a text file sent to your browser and stored there. This enables the web server to recognise your computer when you revisit our website. Cookies are used for things like collecting website usage data (via Google Analytics) which helps us to display more relevant content. Our website content management system, WordPress, also uses cookies for various purposes including authentication when users log on to the site or when someone leaves a comment. Most browsers allow you to refuse to accept cookies.


6. Version Control

This document was written in July 2017 and is currently a draft.