As the owner of Archive Angel, I, Maxine Willett, am the Data Controller (as registered with the Information Commissioners Office, reference: ZA352484) for this business. I am a sole trader, meaning there are no other data handlers within Archive Angel. I have read and completed the checklist issued by the ICO concerning GDPR legislation and have incorporated such information in this Privacy Policy as per the Data Protection Act 2018.

Information held on third parties may include names, email addresses, postal addresses and telephone numbers which come from one source, namely: clients’ names and contact details provided to me by the individuals concerned in respect of commissioned research.

These details are not passed on to any third party; the exception being if I should pass an element of a research project (archaeology for example) on to another researcher and there are areas needing to be discussed separately with the client. However, this is only undertaken having received the client’s prior consent. If client names and contact details are not required for the external researcher to undertake their element, then they are not forwarded.

Contact details of clients are stored electronically on my work computer as well as on an external hard drive, used as a backup medium and on my online backup system. Details are also held in written form on hard copy (paper) contract agreements. Electronic records are kept secure by password protection and encryption mechanisms. Written records are kept in a locked filing cabinet to protect from theft, fire and water. All reasonable measures are taken to keep all records secure and up to date.

Any data held on an individual can be accessed by application to me as Data Controller. An acknowledgement of the request will be given within 2 working days of the request having been received. Provision of data will be actioned on verification of the individual’s identity and by their method of choice within 7 working days of the request having been acknowledged. This process also applies to requests for data to be destroyed. 

All information is held for a period of seven years to comply with the legal requirements of reporting to HM Revenue and Customs department for tax purposes. Providing there are no investigations or audits required, any data dating from eight years prior and no longer being used in connection with current project work, will be destroyed.

The data protection policy confirms my commitment to 

The transmission of information via the internet is not completely secure and therefore I cannot guarantee the security of data sent to me electronically, therefore transmission of such data is entirely at your own risk.