GDPR statement

The following statements should be read in conjunction with the Branch’s Privacy Policy.

The lawful bases for processing personal information are:

  • we need it to administer membership
  • we need it to pursue our legitimate interests by communicating with current and potential supporters
  • you have given your consent for us to do so.


Membership data is collected electronically or in hard copy and stored electronically on a password protected Access database. It is used to provide membership services such as address labels for mailings, the membership directory where permission has been given for inclusion, and voting rights in the Branch and, for international members, in International IAML.  Only the Membership Secretary has access to the database.

All the information is on the renewal forms, which refer to the privacy policy and this schedule, and require members to choose every year how or whether their information is shared. Some paper records are held for 2 years and then shredded.  Membership directories of past years are held in the Branch’s e-archive, accessible on request at the discretion of the General Secretary.

JISC mailing list

Data is collected in accordance with the Privacy Policy for those who use the JISC email list.

Courses and conferences

Personal data collected from those attending courses, conferences and other events organised by the Branch will be held by the Training and Events Officer or Bookings Secretary, and used solely for administration of the event.  Booking and photo permission forms will refer to this schedule and privacy policy. Paper forms will be scanned and all data stored electronically. Contact details may be retained with permission for two years for future relevant mailings, and are then deleted.

Photographs taken for publicity purposes will only be used with written permission of the individual, for a period of time, specified on the permission form.  The personal data collected on the permission form will be held securely in electronic format and will only be used for administrative purposes. The images may be used in print and digital media formats including print publications, websites, posters banners, advertising, film, and social media.

Financial data

Contact details for invoices and delivery of Brio are stored electronically on a secure system for seven years and then deleted.

Individual bank details are stored only in the online bank account and are deleted by the Treasurer after use.

Retention schedule

Personal data is stored electronically on secure databases with access limited to the appropriate officers of the Branch.

Personal data, comprising name, address and professional roles relating to membership shall be kept indefinitely in the Branch’s e-archive for research and archival purposes.

Personal data gathered for registration at courses, training and events shall be retained for two years for the purpose of marketing forthcoming events, and then deleted.

Personal data relating to enquiries shall be deleted once the enquiry is completed.

Subject to the permission given by the individual, photographs shall be retained for two years for marketing purposes and thereafter indefinitely for archival and research purposes.

Financial data shall be retained for seven years, after which it will be deleted.

October 2020