We understand that your privacy and the security of your personal information is extremely important. This notice sets out what we do with your personal information, what we do to keep it secure, from where and how we collect it, as well as your rights in relation to the personal information we hold about you. This policy applies to your interactions with the Sainsbury’s Archive.
Who are we
When we say 'we', 'us' or ‘the Archive’ in this policy, we're referring to The Sainsbury Archive. The Sainsbury Archive was formed as a company limited by guarantee on 8 November 2002. The company registration number is 4585197. The company was registered with the Charity Commission on 11 March 2003. The charity registration number is 1096454.
The Sainsbury Archive has been held at the Museum of London Docklands, near Canary Wharf in London since 2005. The object of The Sainsbury Archive is to advance education for the public benefit by collecting, maintaining and displaying items and documents relating to the history of Sainsbury’s and the family of John James Sainsbury.
What sorts of information do we hold about you
The only information we may hold about you is: (i) the information that you provide to us when you register with the Archive or contact us, such as your name, email address and phone number; (ii) your account login details, including your user name and chosen password; and (iii) information you provide for inclusion in the Archive.
Our legal basis for processing your personal information.
Whenever we process your personal information we have to have something called a “legal basis” for what we do. The different legal bases we rely on are:
- Consent: You have told us you are happy for us to process your personal information for a specific purpose;
- Legitimate interests: The processing is necessary for us to conduct our business, but not where our interests are overridden by your interests or rights.
- Performance of a contract: We must process your personal information in order to be able to provide you with one of our products or services;
- Vital interests: The processing of your personal information is necessary to protect you or someone else’s life;
- Public information: Where we process personal information which you have already made public;
- Legal claims: The processing of your personal information is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity; and
- Legal obligation: We are required to process your personal information by law.
How do we use your information
The information we collect may be used to:
- make the Archive material available and relevant to you
- include within the Archive collections where relevant;
- find ways to improve the Archive;
- help answer your questions and solve any issues you have;
- conduct market research;
- produce statistical analysis on an anonymous basis;
- And for other legitimate purposes.
Who might we share your information with
- Our service providers
We work with a small number of suppliers who may process your personal information on our behalf…but only where they meet our standards on the processing of data.
- Other organisations and individuals:
We may transfer your personal information to other organisations in certain limited circumstances. For example if required to by law, if asked to do by a public authority such as the Police; if we need to exercise or protect our legal rights, or in response to requests from individuals seeking to protect their legal rights.
International transfers of your personal information
You have a number of rights under data protection legislation which, in certain circumstances, you may be able to exercise in relation to the personal information we process about you.
- the right to access a copy of the personal information we hold about you;
- the right to correction of inaccurate personal information we hold about you;
- the right to restrict our use of your personal information;
- the right to be forgotten;
- the right of data portability; and
- the right to object to our use of your personal information.
Where we rely on consent as the legal basis on which we process your personal information, you may also withdraw that consent at any time.
If you are seeking to exercise any of these rights, please contact us using the details in the “Contact Us” section below. Please note that we will need to verify your identity before we can fulfil any of your rights under data protection law. This helps us to protect the personal information belonging to our customer against fraudulent requests.
How long will we keep your information for?
We will always retain your personal information in accordance with law and regulation and never retain your information for longer than is necessary.
We take protecting your personal information seriously and are continuously developing our security systems and processes. Some of the controls we have in place are:
- We limit physical access to our buildings and user access to our systems to only those that we believe are entitled to be there;
- We use technology controls for our information systems, such as firewalls, user verification, strong data encryption, and separation of roles, systems & data;
- Systems are proactively monitored through a “detect and respond” information security function;
- We utilize industry “good practice” standards to support the maintenance of a robust information security management system; and
- We enforce a “need to know” policy, for access to any data or systems.
Signing in using your social media credentials
If you decide to log in using your social media credentials then please be aware that your data will be used in accordance with their privacy policies. You can find these at:
- Google - https://www.google.com/policies/privacy/
- Facebook – https://www.facebook.com/about/privacy
- Twitter - https://twitter.com/en/privacy
If you would like to exercise one of “Your rights”, or you have a question or a complaint about this policy, or the way your personal information is processed, please contact us by one of the following means:
By email: firstname.lastname@example.org;
By post: The Sainsbury Archive, Museum of London Docklands, West India Quay, London, E14 4AL.
You also have the right to lodge a complaint with the UK regulator, the Information Commissioner. Go to ico.org.uk/concerns to find out more.