1.1 We are committed to safeguarding the privacy of our users. In this policy we explain how we will treat your personal information (whether it is collected online, via phone, email, post, or in any other correspondence, or from a third party).
1.2 We will keep your data private and will only use it for the purposes set out in this policy and in accordance with all applicable laws concerning the protection of personal information.
1.4 This Policy was last updated 14th September 2021.
2.1 This document was created using a template from SEQ Legal (http://www.seqlegal.com).
3. Collecting personal information
3.1 We may collect, store and use the following kinds of personal information:
(a) Information you give us: for example, when you make a donation to us or sign-up to our mailing list you provide us with personal information such as your name, email address and contact details.
(b) Information we get from your use of our website and our services: We collect information about the services you use and how you use them, like when you comment on our social media feeds, or open an email from us or use the website contact form (including the communication content and metadata associated with the communication).
(c) Information from third parties: We may also receive information about you from third parties you have provided information to such as our project partners. It could also be from other service providers that collect your data; for example, using Google Analytics we can confirm your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths and this information may be used to improve the services we offer to you.
3.2 Before you disclose to us the personal information of another person, you must obtain that person’s consent to both the disclosure and the processing of that personal information in accordance with this policy.
3.3 If you are under 18, you are unable under law to provide consent that allows us to contact you. You need a parent or guardian to provide this consent for you. Some of our educational events involve young people and we may need to collect their data so that we can contact them about a project that they are involved with or to evaluate that project for funders. If we collect this data, we will also collect parental consent to store and use these details for the purpose of engaging the young person in the project. When we collect data about anyone under 18 years of age, we will make the reasons for collecting the data clear and explain the use that is made of such data using age-appropriate language. Rights regarding unsubscribing and the right to be forgotten are extended to all individuals regardless of age
4. Using personal information
4.1 We may use your personal information to:
(a) send you email correspondence that you have specifically requested;
(b) send you our email newsletter, if you have requested it;
(c) send you other marketing communications relating to our business which we think may be of interest to you by email;
(d) ask you for support by email or post for our charitable work, such as a donation towards a crowd-funding campaign or another fundraising activity;
(e) deal with enquiries and complaints made by you;
(f) keep our website secure and prevent fraud; and
(g) verify compliance with the terms and conditions governing the use of our website (including monitoring private messages sent through our website private messaging service).
4.2 You can opt-out of receiving information from us at any time by clicking on the “unsubscribe” link at the bottom of emails from us or contacting us directly using the details in section 15 below.
4.3 In certain instances, we collect and use your personal information by relying on the legitimate interest legal basis. This means that we may contact you because we have a legitimate organisational interest to use your personal information to respond to you about an interest you have shown in the activities we deliver and there is no overriding prejudice to you by using your personal information for this purpose. In most instances, however, we will rely on obtaining your proactive consent to our use of your personal information.
We will share information with our payment services provider only to the extent necessary for the purposes of processing payments/donations you make via our website, refunding such payments, thanking you for payments/donations, and dealing with complaints and queries relating to such payments and refunds.
5. Disclosing personal information
5.1 We may disclose your personal information to any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this policy.
5.2 We may disclose your personal information:
(a) to third parties who provide a service to us and are data processors such as ticketing system providers. Any third party must comply with our data protection policies and relevant data protection laws and make sure that appropriate controls are in place.
(b) to the extent that we are required to do so by law;
(c) in connection with any ongoing or prospective legal proceedings;
(d) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
(e) to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling; and
(f) to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
5.3 Except as provided in this policy, we will not provide your personal information to third parties.
6. International data transfers
6.1 Information that we collect may be stored and processed in and transferred to non-EU countries. For example, if we save your data using a cloud-based software system that has a data server in another country.
6.2 You expressly agree to the transfers of personal information described in this Section 6.
7. Retaining personal information
7.1 This Section 7 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal information.
7.2 Personal information that we retain and process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
7.3 If we receive any indication that your details may be out of date (for example, your email addresses bounces or you do not open an email from us for 2 years or more) then your details will be deleted.
7.4 Notwithstanding the other provisions of this Section 7, we will retain documents (including electronic documents) containing personal data:
(a) to the extent that we are required to do so by law;
(b) if we believe that the documents may be relevant to any ongoing or prospective legal proceedings; and
(c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
8. Security of personal information
8.1 We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
8.2 We will store all the personal information you provide on secure cloud-based systems or servers.
8.3 All electronic financial transactions entered into through our website will be protected by encryption technology.
8.4 You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
9.1 We may update this policy from time to time by publishing a new version on our website.
9.2 You should check this page occasionally to ensure you are happy with any changes to this policy.
9.3 We may notify you of changes to this policy by email.
10. Your rights
10.1 You may instruct us to provide you with any personal information we hold about you; provision of such information will be subject to:
(a) the payment of a fee (currently fixed at GBP 10); and
(b) the supply of appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address).
10.2 We may withhold personal information that you request to the extent permitted by law.
10.3 You may instruct us at any time not to process your personal information for marketing or fundraising purposes.
11. Third party websites
11.1 Our website includes hyperlinks to, and details of, third party websites.
11.2 We have no control over, and are not responsible for, the privacy policies and practices of third parties.
12. Updating information
12.1 Please let us know if the personal information that we hold about you needs to be corrected or updated or if you wish to update your communication preferences.
13.2 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
13.3 Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
13.4 Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
13.5 We use both session and persistent cookies on our website.
13.6 The names of the cookies that we use on our website, and the purposes for which they are used, are set out below:
(a) we use:
hjIncludedInSample (hotjar user analytics) wfvt_358341616 (geographic session cookies) wordfence_verifiedHuman (security cookie)
DYNSRV (for load balancing to manage server traffic demand)
13.7 If you have any concerns about cookies, or want to remove cookies from your computer, please visit All About Cookies: https://www.allaboutcookies.org/ which explains how to do this.
14. Data Protection Registration
14.1 Our data protection policy complies with the Data Protection Principles outlined by the Information Commissioner’s Office.
15. Our details
15.1 This website is owned and operated by Bedford Creative Arts.
15.2 We are registered in England and Wales under registration number 5305188, and our registered office is at Bedford Heights, Brickhill Drive Bedford, MK41 7PH.
15.3 You can contact us:
(a) by post, using the postal address given above;
(c) by telephone on 01234 818670; or
(d) by email using email@example.com