Privacy Policy

The processing of your personal data is carried out by or on behalf of Rock & Art – Cultural Outreach LTD, a registered Private Limited Company (number 15092201).

HOW CAN YOU CONTACT US?

If you have any questions or concerns regarding our Privacy Policy or how we use your personal information, please contact:

Email: dpo@rockandart.co.uk

PRIVACY STATEMENT

Rock & Art – Cultural Outreach LTD is committed to data protection and operating in a way that complies with the General Data Protection Regulation. We promise to:

Treat all personal data as confidential.
Use personal data most efficiently and effectively to deliver our services.
Strive to collect and process only the data or information which is needed.
Use personal data only for the purposes described at the point of collection or for purposes that are legally permitted.
Strive to ensure information is accurate.
Not keep information for longer than is necessary.
Securely destroy data which is no longer needed.
Take appropriate technical and organisational security measures to safeguard information (including unauthorised or unlawful processing and accidental loss or damage of data)
Ensure that information is not transferred abroad without suitable safeguards.
Ensure that general information is made available to the public, stating their right to access information.
Ensure that the rights of people about whom information is held can be fully exercised under the General Data Protection Regulation.

These rights include:

The right to be informed.
The right of access to personal information.
The right to request a correction.
The right to request data to be deleted.
The right to restrict processing in specific circumstances.
The right to receive personal data in a readily usable format.
The right to object to processing.

NOTIFICATION OF CHANGE OF PRIVACY & COOKIE POLICY

This Privacy & Cookie Policy may change from time to time. Please visit this website section periodically to keep up to date with the changes in our Privacy Policy.

COOKIE CONSENT

By using our website, our social media pages (such as Facebook, Twitter, YouTube, LinkedIn and Instagram), subscribing to our services, and/or donating to us, you agree that, unless you have set your computer’s browser to reject them, we can place the types of cookies set out below on your device and use that data in accordance with this policy.

HOW DO WE COLLECT YOUR INFORMATION?

We may collect information about you directly whenever you interact with us. For example, when you contact Rock & Art – Cultural Outreach LTD regarding our activities, register as a supporter, send or receive information, engage with our social media or make a donation to us, you may provide us with your personal information.

We may also receive information about you when you interact with third parties with whom we work. For example, where you’ve made a donation to us through a third-party website (eg. Buy us a Coffee, Paypal, PaI, Patreon) and given them permission to share your information with us.

We may supplement what we know about you with information that is available to the public. For example, to ensure that our communication with you is relevant and tailored to your background and interests, we may collect information about you from publicly-available sources either directly or through third-party subscription services or service providers. See ‘How will we combine and analyse the information we collect about you?’

We may collect aggregated or anonymous information when you visit our website or interact with our content. For example, we may collect information about the services you use and how you use them, like when you watch a video on YouTube, visit our website or view and interact with our ads and content. Please see our Cookie Policy for more detail.

WHAT INFORMATION DO WE COLLECT?

The information we collect from you directly or from third parties with whom we work, may include:

name,
address,
email address,
telephone number,
contact preferences,
bank account details for setting up a regular direct debit,
credit card details for processing credit card payments,
employer details for processing a payroll gift,
taxpayer status for claiming Gift Aid, and
date of birth, age, and/or gender, where appropriate (eg where registering for an event).

We do not use cookies to collect this type of information. TLS (Transport Layer Security) will encrypt all online financial transactions.

We may also collect and process information about your interactions with us, including details about our contacts with you through email, SMS, post, on the phone, or in person (i.e., the date, time, and method of contact), details about donations you make to us, events or activities that you register for or attend, and any other support you provide to us.

We may also collect and record any other relevant information you share about yourself, including your interests or affiliations with other charities, community groups, your employer or a corporate partner. If you are a minor, we may collect the name and contact details of a parent or guardian and, where appropriate, the name and location of your school.

To ensure that our communication with you is relevant and tailored to your background and interests, we may supplement what we know about you with information available to the public. This allows us to understand better your interests, preferences, and level of potential engagement and/or donation so that we can contact you most appropriately and ensure we do not send you unwanted communications.

The information we collect and process about you from publicly available sources may include demographic information associated with your postcode or address and an estimate of your age. We may collect this information ourselves or through third-party service providers.

Where we have identified that you may have the capacity or affinity to support Rock & Art – Cultural Outreach LTD at a higher level, we may use the information we hold about you to identify connections between you and our existing circle of key supporters.

We may also review other information about you that is available to the public through internet searches, subscription services, or public databases (e.g., Companies House, the electoral register, or the land registry), such as information about corporate directorships, shareholdings, published biographic information, employment and earnings, philanthropic interests and networks, charitable giving history and motivations and relevant media coverage, so that we can engage with you in a more personalised way.

DO WE PROCESS ‘SENSITIVE’ PERSONAL INFORMATION?

Under data protection law, specific categories of personal information are recognised as sensitive, including health information and information regarding race, religious beliefs, and political opinions (‘sensitive personal data’). In limited cases, we may collect sensitive personal data about you. We will only collect sensitive personal data for an apparent reason, such as where we need this information to ensure that we provide appropriate facilities at an event.

HOW DO WE USE YOUR INFORMATION?

We may use your information in several ways, including:

To provide you with information, products or services that you have requested from us or that we feel may be of interest to you;
To provide you with information about our work or our activities;
To invite you to participate in interactive features on our website;
To process donations, we may receive from you;
To fundraise under our internal policies and procedures;
For administrative purposes (for example, we may contact you regarding an event for which you have registered or with a query regarding a donation you may have made to us);
For internal record keeping relating to any donations, feedback, or complaints;
To invite you to participate in voluntary surveys or research;
To contact you where you have been identified as a contact person for an organisation, such as a school (if we obtain your contact details in this way, we will only use them to contact you in your capacity as a representative of that organisation);
To analyse and improve the content and operation of our website;
To analyse and improve our internal business processes;
To analyse the personal information we collect about you and use publicly available information to understand better your interests, preferences and level of potential donations so that we can contact you most appropriately and to ensure that we do not send you unwanted communications;
To tailor advertising that is presented to you on the Internet according to your interests, preferences and other characteristics (as described below);
To direct advertisements and other communications to other people who may have similar interests or other characteristics to yours (as described below);
To assess your personal information for credit risk reduction or fraud prevention and
Where we are required by law to disclose or otherwise use your information.

In particular, we may email you for marketing purposes if you have agreed to be contacted in this manner. Below, we provide information about how you can change your marketing preferences.

HOW WILL WE COMBINE AND ANALYSE THE INFORMATION WE COLLECT ABOUT YOU?

We are committed to communicating with you using an approach that is right for you. This means that we carefully manage the communications we send you to ensure that we are contacting you most appropriately and that we are not sending you unwanted communications. To do this, we may combine the information that we collect about you and analyse what we know about your interests, preferences and level of potential engagement or donation. We may also use statistical analysis to analyse this data and understand the likelihood that you will be interested in or responsive to a campaign or message. We may use third-party service providers to assist us in this process.

Where we have identified that you have the capacity or affinity to support Rock & Art – Cultural Outreach LTD at a higher level, we may collect additional information about you (see ‘What information do we collect?’) and combine and analyse that information in a profile of you that will assist us in engaging with you in a more personalised way.

You can opt out of having your data combined and analysed for marketing purposes by contacting our Data Protection Officer, as described below. However, this may mean that you stop receiving marketing communications from us more generally.

In accordance with our legal and regulatory obligations and internal policies and procedures, we may also use personal information to conduct due diligence on potential or actual donors. If you opt out of having your data analyzed for due diligence purposes, we may not be able to accept donations from you.

HOW WILL WE DISCLOSE THE INFORMATION WE HAVE COLLECTED TO OUTSIDE PARTIES?

Rock & Art – Cultural Outreach LTD may provide your information to our service providers. Subject to your communication preferences and our internal policies and procedures, this would include providing your information to third parties that work with us to deliver on our charitable purposes and other entities that act as fundraisers for Rock & Art – Cultural Outreach LTD, or provide Rock & Art – Cultural Outreach LTD with marketing information and services.

Where you have agreed to receive email marketing communications from us, we may provide your email address in an encrypted format to social media companies, such as Facebook, Instagram, Twitter, or YouTube, or to digital advertising networks that are providing services to us by displaying our advertising to you on those social media platforms and other websites and identifying audiences with interests similar to yours. You can opt out of having your data used to display advertising by contacting our Data Protection Officer as described above.

However, this will not prevent our advertisements from being shown to you randomly or based on cookie data and may mean that you stop receiving marketing communications from us more generally.

We enter into contracts with all of these service providers that require them to comply with data protection laws and to ensure that they have appropriate controls in place to protect the security of your information.

We will never sell your details and, except as indicated below, will only share them with third parties (who are not service providers working at our direction) if you ask us to. We will not make cold telephone calls to members of the general public and, therefore, will not purchase your data to do so.

We may disclose your personal information if we are requested or required to do so by a regulator or law enforcement to enforce or apply our rights (including about our website or other applicable terms and conditions) to protect Rock & Art—Cultural Outreach LTD, for example, in cases of suspected fraud or defamation, or to comply with any other applicable legal obligation.

HOW DO WE PROTECT YOUR PERSONAL INFORMATION?

We take appropriate physical, electronic, and managerial measures to ensure that your information is secure, accurate, and up to date and that we keep it only as long as is reasonable and necessary.

Although we use appropriate security measures once we receive your personal information, the transmission of information over the Internet is never completely secure. We do our best to protect personal information, but we cannot guarantee the security of information transmitted to our website, so any transmission is at the user’s risk. However, any payment card details (such as credit or debit cards) we receive on our website are passed securely to our payment processing provider according to the Payment Card Industry Security Standards.

For financial and technical reasons, we may, on occasion, need to use the services of a service provider outside the European Economic Area (EEA)—this may include a country that does not have the same level of data protection as the United Kingdom.

However, unless they are located in a country assessed by the European Commission as ensuring an adequate level of protection for personal data, we will only use a service provider outside the EEA on the basis of an agreement designed to protect your data in the appropriate form approved for this purpose by the European Commission. We will take all necessary steps to ensure your data is processed securely under this Privacy Policy.

HOW CAN YOU CHANGE YOUR MARKETING PREFERENCES OR UPDATE THE INFORMATION WE HOLD ABOUT YOU?

If you do not wish us to use your personal data for marketing purposes, as outlined above, you can indicate your preference in the relevant box on the online form where we collect your data.

You can also change any of your marketing preferences at any time (including telling us that you don’t want us to contact you for marketing purposes) by:

Indicating that you do not wish to receive our marketing emails by clicking the ‘unsubscribe’ link at the end of our marketing emails;
Contacting us by email at dpo@rockandart.co.uk

Suppose you have indicated that you do not wish to be contacted for marketing purposes. In that case, we will maintain your details on a suppression list to help ensure that we do not continue to contact you for marketing purposes. However, we may still need to contact you for administrative purposes, including (but not limited to):

Processing a donation you have made and any related Gift Aid;
Providing you with the information you need to participate in an activity or event for which you have registered and
Explaining and apologising where we have made a mistake.

Similarly, suppose your contact details have changed or you think any information we have about you is incorrect or incomplete. In that case, you can constantly update or correct the information we hold about you by contacting us.

WHAT OTHER DATA PROTECTION RIGHTS DO YOU HAVE?

You can complain or raise a concern about how we process your personal data by contacting our Data Protection Officer. In some circumstances, you have the right to object to our processing of your personal data or to stop us from continuing to actively use personal data that we retain in our records.

Suppose you are not happy with how we have handled your complaint. In that case, you can contact the Office of the Information Commissioner, which oversees the protection of personal data in the UK, or the Fundraising Regulator, which is responsible for overseeing fundraising activities by companies in the UK.

Alternatively, you may contact the Information Commissioner or the Fundraising Regulator directly about your complaint, regardless of whether you have raised it with us first.

You are also entitled to request a copy of the personal information relating to you kept on file by RightsInfo (a Subject Access Request or SAR) by contacting our Data Protection Officer.

WHY ARE WE ALLOWED TO PROCESS YOUR PERSONAL INFORMATION?

Our Privacy and Cookie Policies take into account several laws, including:

the Data Protection Act 1998
the Privacy and Electronic Communications (EC Directive) Regulations 2003
General Data Protection Regulation (EU) 2016/679, which will come into force in the UK in May 2018 and replace the Data Protection Act 1998.
Generally, these laws allow our processing of your personal information as described in this policy because we have a legitimate need to carry out the processing for the purposes described above. Some processing may also be necessary so that we can perform a contract with you or because it is required by law. We only use your information to email marketing communications with your consent.

JOB AND VOLUNTEER APPLICANTS AND CURRENT AND FORMER EMPLOYEES

Apply to work or volunteer at Rock & Art – Cultural Outreach LTD. We will only use the information you give us to process your application and to monitor recruitment statistics. If we want to disclose information to someone outside the Rock & Art – Cultural Outreach LTD – for example, if we need a reference, plan to use an external supplier to run background checks or need to get a ‘disclosure’ from the Disclosure and Barring Service (DBS) – we will make sure we tell you beforehand, unless we are required to disclose this information by law. If you apply for a job or volunteering opportunity, we may also collect information to assess your suitability for the role.

If you are unsuccessful in your job or volunteering application, we will hold your personal information for 6 months after we finish recruiting for the post you applied for. After this date, we will destroy or delete your information.

If you begin employment with us, we will create a file about your employment. We keep the information in this file secure and will only use it for matters that apply directly to your employment.

Once you stop working for us, we will keep this file for 6 months. You can contact us to find out more about this.

YOUR CREDIT OR DEBIT CARD INFORMATION

If you use your credit or debit card to donate to us, buy something or make a booking online, we pass your card details securely to our payment processing partner as part of the payment process. We do this in accordance with the Payment Card Industry Security Standard (PDF download), and don’t store the details on our website or databases.

CHILDREN’S DATA

When you register with us, you are stating that you are 16 years of age or over, or are a minor acting with parental consent. You agree that any information you provide to us about yourself upon registration or at any time is true.

OTHER WEBSITES

We cannot be held responsible for the privacy of data collected by websites not owned or managed by Rock & Art – Cultural Outreach LTD, including those linked through our website.

EMAILS TERMS OF USE

Emails aren’t always secure, and they may be intercepted or changed after they’ve been sent. Rock & Art – Cultural Outreach LTD doesn’t accept liability if this happens. The contents of emails reflect their author’s views and not necessarily those of RightsInfo.

Please do not send Rock & Art – Cultural Outreach LTD any financial data through email.

The information in emails is confidential, so if you’ve received one by mistake, please delete it without copying, using, or telling anyone about its contents.

DATA BREACHES

Rock & Art—Cultural Outreach LTD’s data controllers will notify the DPA of data breaches without undue delay and within 72 hours of becoming aware.

Data controllers will communicate data breaches to the data subject without undue delay, where the breach is likely to result in a high risk to the rights and freedoms of individuals. Any data processor we may use will report personal data breaches to RightsInfo’s data controllers without undue delay after becoming aware.

PRIVACY POLICIES OF VENDORS WE USE

Mailchimp
WISE
Paypal
Salesforce
Google Suite
Notion
Slack
Whatsapp
Telegram
Buy us a Coffee
Patreon
IndieGoGo