Arts and Gardens complies at all times with the requirements of the General Data Protection Regulation (GDPR) (EU) 2016/679.
Arts and Gardens as the data collector, may collect personal information from visitors to this site. This information is used only to respond to enquiries and to monitor site usage. Email addresses received as part of an enquiry are only retained as long as the enquiry remains open.
By submitting your data you consent to the use of that information as set out above.
Where personal data is requested through forms, such data is only used for the purpose stated on the form and will not be given or sold to any third parties.
The Personal Information you supply when you join one of our email lists will be held and used by Arts and Gardens to keep you up-to-date with our events and projects.
Each email we send you gives the opportunity to unsubscribe at any time, or you can ask us to do this by emailing us at firstname.lastname@example.org
If you would like to amend the information you have provided or think that our records are incorrect, please email us at email@example.com to update us.
Cookies and logging of IP addresses are used to enable Arts and Gardens to monitor site traffic and repeat visitor statistics. These statistics will not include information that can be used to identify any individual. Such information is anonymous and held on a temporary basis.
We use a number of third party service providers on this site, some of which may set cookies on your computer when you use the facility.
For each providers’ privacy policies please see the below links:
The below sets out more detailed information about Arts and Gardens’ data management.
1. Context and overview
Arts and Gardens needs to gather and use certain information about individuals.
These can include customers, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact.
This policy describes how this personal data must be collected, handled and stored to meet the company’s data protection standards – and to comply with the law.
Why this policy exists:
This data management policy ensures Arts and Gardens:
Data protection law:
The General Data Protection Regulation (GDPR) applies in the UK and across the EU from May 2018. It requires personal data shall be processed lawfully, fairly and in a transparent manner in relation to individuals;
Everyone at Arts and Gardens contributes to compliance with GDPR. Key decision makers must understand the requirements and accountability of the organisation sufficiently to prioritise and support the implementation of compliance. Key areas of responsibility are assigned, for clarity about who in the organisation is responsible for leading on compliance with the regulations, what training is required by whom, and how policy and procedural information is disseminated within the team. These responsibilities should include (but are not necessarily limited to):
Data Protection Officer (DPO) – the person responsible for fulfilling the tasks of the DPO in respect of Arts and Gardens is Ruth Oakley, Director.
The minimum tasks of the DPO are:
Personal information processed by Arts and Gardens includes:
|Outcome/Use||Processing required||Data to be processed||Conditions for processing||Evidence for lawful basis|
|Newsletter emails||Mail-merge of name address details from MailChimp database||Name and email address details||Consent||Evidence of date consent given, how, permitted use and, permitted comms channels.|
|Audience and participation surveys||Written or online surveys completed by attendees or participants, used to inform project evaluation and reports.||Name, age, school, address details, personal comments.||Consent||Evidence of date consent given, how, permitted use and, permitted comms channels.|
|Photos and video documentation||Gathered during project delivery, used for marketing and publicity purposes, and to inform project evaluation and reports.||Photos and video footage||Consent. Where a participant is under 16 years, parent or guardian consent will be obtained.||Evidence of date consent given, how, permitted use and, permitted comms channels.|
Arts and Gardens sometimes shares information gathered through audience and participants’ surveys and documentation, including; quotes, ages, addresses, photos and video footage. This information sharing is only between Arts and Gardens’ and its direct project partners, where a partnership agreement is in place. Express permission from individuals must be granted before any information sharing by Arts and Gardens. The names of third parties, including a clear summary of their intended use for information, such as marketing and communication channels, promotion on website or social media, must be given to the individuals at the outset, after which they are able to choose whether to contribute information or not.
Individuals’ permissions will usually be a written or electronic form setting out the proposed use of information, for signed permission by the individuals, collected by Arts and Gardens, stored securely and destroyed once no longer in use.
Arts and Gardens has the following protection measures in place to protect the personal information stored:
If a data breach has taken place, Arts and Gardens will ensure this is reported to the ICO within the required timescales, with related data deleted immediately, securely to avoid further risk of breach.
Audience and participants’ surveys may from time to time be used to obtain datasets and profiling for use in project evaluation and reporting. These surveys are always subject to consent from the individual, with a choice to remain anonymous or withdraw feedback or participation, at any time.
Third-party profiling tools are not presently used by Arts and Gardens. Only voluntary information is used, given with consent by individuals directly to Arts and Gardens, and it is made clear to individuals how they can withdraw or unsubscribe if they no longer wish for this information to be kept or used. Through ‘unsubscribe’ in the newsletters, or by contacting firstname.lastname@example.org to request withdrawal of information.
All individuals who are the subject of data held by your company are entitled to:
Individuals may contact email@example.com for further information about subject access requests and this process.
Where subjects request and have the right to be deleted from our database, Arts and Gardens will do so without hesitation, ensuring all information is deleted across platforms including, but not limited to, contact details, addresses and any personal information held on secure record. This will be done through Arts and Gardens’ subscriber database and any hard copies of personal information held securely. Where a subject has been filmed and edited as part of a group for a project, and all participants have agreed to take part, the decision to discontinue the video’s use will be treated separately and subject to review.
Arts and Gardens aims to ensure that individuals are aware that their data is being processed, and that they understand:
To these ends the company has a privacy statement, setting out how data relating to these individuals is used by the company.
Meeting the obligations of the GDPR to ensure compliance will be an ongoing process. Arts and Gardens details here the ongoing measures implemented to: