Menu
The Meridian Athenaeum Governance
MA-POL-001 Issue 4

Privacy and Data Notice

Scope

This notice describes how the Meridian Athenaeum, Department of Applied Antiquities, collects, holds, and uses personal information about members, partner organisations, researchers, applicants, and other individuals who interact with the institution.

Information about entities whose identification requirements differ from standard institutional practice is handled under separate internal guidance available from the Registrar on request. This notice covers information held in the institution's own systems and at partner sites where data is processed on the institution's behalf.

Information held

The Athenaeum holds contact details, correspondence, access records, research requests, loan applications, member credentials, and custody documentation. Where relevant, we also hold records of access arrangements, custodial agreements, and visit conditions.

We do not hold unnecessary information and do not retain information beyond the period required for its purpose, save where legal or custodial obligations require otherwise.

Legal basis and use

Processing is carried out on the basis of legitimate interests in the administration of the collection, fulfilment of legal obligations, and performance of agreements. Research-related processing is carried out under the research and archiving exemption where applicable.

Information is shared with partner organisations only where required by custody agreements, legal obligation, or the member's own request. It is not shared for commercial purposes.

Retention

Contact and access records are retained for six years from last contact, or longer where a custody or custodial agreement requires continuity of record. Collection-related correspondence may be retained permanently as part of the object file.

Rights and requests

Individuals may request access to, correction of, or deletion of their personal information, subject to exemptions. Requests should be addressed to the Registrar in writing. We will respond within one calendar month, or explain any delay.

Complaints about data handling should be directed to the Registrar in the first instance, and thereafter to the relevant supervisory authority.