The Irish Traditional Music Archive (ITMA) is committed to providing free, universal access to the rich cultural tradition of Irish music, song and dance. If you’re able, we’d love for you to consider a donation. Any level of support will help us preserve and grow this tradition for future generations.
The Irish Traditional Music Archive (ITMA) needs to gather and use certain information about individuals. These can include archive visitors, customers, donors, suppliers, contractors, employees and other people with whom the organisation has a relationship or may need to contact.
This policy describes how this personal data must be collected, handled and stored to meet the company’s data protection standards and to comply with the law.
This data protection policy ensures ITMA:
The Data Protection Act 2018 and General Data Protection Regulations (GDPR) 2018 describe how organisations — including ITMA — must collect, handle and store personal information. These rules apply regardless of whether data is stored electronically, on paper or on other materials. To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.
ITMA, as a Data Controller, must adhere to the eight rules of data protection outlined in the law. These say that personal data must:
The following definitions are provided by the Data Protection Commissioner.
Information in a form which can be processed. It includes both automated data and manual data.
Broadly speaking, any information on computer, or information recorded with the intention of putting it on computer.
Information that is kept as part of a relevant filing system, or with the intention that it should form part of a relevant filing system.
Any set of information that, while not computerised, is structured by reference to individuals, or by reference to criteria relating to individuals, so that specific information is accessible.
Data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller. This can be a very wide definition depending on the circumstances.
Performing any operation or set of operations on data, including:
An individual who is the subject of personal data.
Those who, either alone or with others, control the contents and use of personal data. ITMA is a Data Controller.
A person who processes personal data on behalf of a data controller, but does not include an employee of a data controller who processes such data in the course of his/her employment.
Data relating to a person’s racial origin; political opinions or religious or other beliefs; physical or mental health; sexual life; criminal convictions or the alleged commission of an offence; trade union membership. You have additional rights in relation to the processing of any such data.
This policy applies to:
It applies to all data that ITMA holds relating to living, identifiable individuals. This can include:
This policy helps to protect ITMA from some very real data security risks, including:
Everyone who works for, or with, ITMA has some responsibility for ensuring data is collected, stored and handled appropriately. Each team that handles personal data must ensure that it is handled and processed in line with this policy and data protection principles. The following people have key areas of responsibility:
These rules describe how and where data should be safely stored. Questions about storing data safely can be directed to the IT Officer or Governance Officer.
When data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it. The following guidelines also apply to data that is usually stored electronically but has been printed out for some reason:
When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts:
Personal data is of no value to ITMA unless the archive can make use of it. However, it is when personal data is accessed and used that it can be at the greatest risk of loss, corruption or theft. The following guidelines lower these risks.
The law requires ITMA to take reasonable steps to ensure data is kept accurate and up to date. The more important it is that the personal data is accurate, the greater the effort ITMA should put into ensuring its accuracy. It is the responsibility of all employees who work with data to take reasonable steps to ensure it is kept as accurate and up to date as possible.
All individuals who are the subject of personal data held by ITMA are entitled to:
If an individual contacts the company requesting this information, this is called a subject access request. Subject access requests from individuals should be made by email, addressed to the Governance Officer at [email protected]. The data controller can supply a standard request form, although individuals do not have to use this. Individuals will be charged no more than €6.35 per subject access request. ITMA will aim to provide the relevant data within 40 days. ITMA will always verify the identity of anyone making a subject access request before handing over any information.
In certain circumstances, the Data Protection Act allows personal data to be disclosed to law enforcement agencies without the consent of the data subject. Under these circumstances, ITMA will disclose requested data. However, ITMA will ensure the request is legitimate, seeking assistance from the board and from the company’s legal advisers where necessary.
ITMA operates in compliance with General Data Protection Regulation 2018 (GDPR), as well as the Data Protection Act 2018, in terms of the collection and use of personal data.
Personal data held in the ITMA Collection
The main object of ITMA, as set out in its consitution is “to make a comprehensive collection of materials for the appreciation and study of Irish traditional music, song and dance”. This, by its nature, will involve including personal data within the collection.
The GDPR legislation allows for the collection of this type of data under Section 42 of the 2018 Act, in accordance with Article 89 GDPR, which is the ‘Right to Information’. Section 42 provides as follows:
Processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
(1) Subject to suitable and specific measures being taken to safeguard the fundamental rights and freedoms of data subjects, personal data may be processed, in accordance with Article 89, for—
(a) archiving purposes in the public interest, (b) scientific or historical research purposes, or (c) statistical purposes.
The collection is administered through our library catalogue, which can be searched online. www.itmacatalogues.ie.
For more information on ITMA’s handling of data please read the ITMA Notice and Take-Down Procedure and the ITMA data protection policy
If you have any questions or concerns regarding the data that is held in our collections, please contact our Data Protection Officer, Treasa Harkin: [email protected].
Administrative data
ITMA is also a working archive and as such holds personal data to carry out its day to day activities.
A summary of all the data that is held and how it is used is available on request.