Heart of Glass Ltd. Privacy Notice
Purpose of Privacy Notice
Heart of Glass Ltd. (Heart of Glass) is committed to protecting your personal information and being transparent about what information we hold about you and how we use it, in accordance with the General Data Protection Regulations 2018 (EU).
Using personal information allows us to develop a better understanding of our audiences and in turn to provide you with relevant and timely information about the work that we do.
The purpose of this Privacy Notice is to give you a clear explanation about how we collect and use the information we collect from you directly and from third parties.
We use your information in accordance with all applicable laws concerning the protection of personal information. This notice explains:
- What information we may collect about you
- How and when we may use that information
- In what situations we may disclose your details to third parties
- Your choices about the personal information you give us
- Use of Google Analytics
- What to do if you have a complaint about the use of your data
- Information about how we keep your personal information secure, how we maintain it and your rights to be able to access it
If you have any queries about this notice, please contact the Data Protection Officer at Heart of Glass by emailing firstname.lastname@example.org and including in the subject line ‘FAO: Data Protection Officer’.
Who we are
Heart of Glass is an Arts Council England NPO organisation and one of 21 national Creative People and Places (CPP) programmes funded through Arts Council England. Heart of Glass is made up of a consortium of partners including; Helena Partnerships, FACT (Foundation for Art + Creative Technology), St Helens Council and St Helens Arts Partnership (The Citadel, The World of Glass, Platform Artist Studios), St Helens College
Heart of Glass is registered as a company in England and Wales under registration number 1179366.
The main purposes for which Heart of Glass collect and process the details of customers, project participants and enquirers are:
- To provide the service, goods or information that they have requested.
- For administration purposes e.g. to administer free events, process applications for creative briefs
- To gather feedback to help improve our work
- To further our aims
How we use this information
We will also hold and analyse your data to continue to improve our understanding of our target audiences and our supporters. This will enable us to create a profile of your interests and preferences in order to personalise the services we offer, and we may contact you in the most appropriate way and with the most relevant information.
We may use your data to contact you by either post, email, phone and/or SMS with news and information about our products, services, events and activities that we feel may be of interest to you. We will not use your personal information for such purposes if you have told us that you do not wish to be contacted.
When you use our services and provide your personal data, you do not need to subscribe to marketing from us. If you have consented to receiving marketing information from us, you can withdraw your consent at any time by emailing email@example.com stating your name and email address.
Information you give us
When you buy tickets (including registering for free tickets) through our third party ticketing platform, Eventbrite, attend an event or attend one of our professional development activities, we’ll store personal information you give us such as:
- Your name
- Email address
- Telephone number
- Your postcode
Information about your interactions with us
For example, when you visit our website, we collect information about how you interact with our content. When we send you an email we store a record of this keep a record of which ones you have opened and which links you have clicked on.
Information from third parties
We occasionally receive information about you from other arts organisations who have asked you for explicit consent for us to contact you. In such instances, we will contact you only once to confirm that you would like to receive further communications from us.
Sensitive personal data
(GDPR) Data Protection law recognises that certain categories of personal information are more sensitive, such as health information, ethnicity and religious beliefs. We only collect this type of information about our customers when there is a clear reason for doing so. For example, for research purposes or on behalf of our funders, including Arts Council England. We will always ask your permission to collect and share this data.
There are three bases under which we may process your data:
When you make a purchase from our ticketing provider, Eventbrite, you are entering into a contract with us. In order to perform this contract we need to process and store your data. For example we may need to contact you by email in the case of cancellation of a show.
Alternatively if we contract you as an artist or supplier we are also entering into a contract with you and we will process and store your data in order to fulfil contract requirements.
Legitimate business interests
We will collect and process your personal data for purposes that are in our legitimate organisational interests. However, we only do this if there is no overriding prejudice to you by using your personal information in this way. We describe below all situations where we may use this basis for processing:
With your explicit consent
For any situations where the two bases above are not appropriate, we will instead ask for your explicit consent before using your personal information in that specific situation (e.g. telephone campaigns or sharing your data with a third party organisations)
We aim to communicate with you about the work that we do in ways that you find relevant, timely and respectful. To do this we use data that we have stored about you, such as what events you have booked for in the past, as well as any preferences you may have told us about.
We will use our legitimate organisational interest as the legal basis for communications by post and email where this is appropriate. Otherwise we will only contact you when you have given us explicit consent.
In the case of email communications we will provide you with an option to unsubscribe in every email that we send you, or you can alternatively use the contact details at the end of this policy to update your preferences.
Other processing activities
In addition to marketing communications, we also process personal information in the following ways that are within our legitimate organisational interests:
We may analyse data we hold about you to ensure that the content and timing of communications that we send you are as relevant to you as possible.
We may analyse data we hold about you to identify and prevent fraud.
We may collect sensitive data about our audiences when there is a clear reason for doing so. For example, for research purposes or on behalf of our funders, including Arts Council England. We will always ask your permission to collect and share this data.
In order to improve our website we may analyse information about how you use it and the content that you interact with.
We may also process information to fulfil our statutory obligations and regulatory responsibilities
In all the above cases we will always keep your rights and interests at the forefront to ensure they are not overridden by your own interests or fundamental rights and freedoms. You have the right to object to any of this processing at any time. If you wish to do this, please use the contact details at the end of this policy.
How we work with Third parties
We may occasionally outsource functions when we do not have the capacity and expertise required in-house, such as evaluation and monitoring services for our funder programmes and analytical services that enable us to target our communications with customers and supporters more effectively.
In addition, we work with third party organisations to provide systems such as box office ticketing (Eventbrite) and emailing systems (Mailchimp). In such cases, we will only use reputable and well vetted firms and have contracts and processes in place that ensure the safe and confidential processing of personal data at all times. In these cases we require that these third parties comply strictly with our instructions and with data protection laws, for example around the security of personal data.
We may also disclose personal information where we are under a duty to comply with any legal obligation (for example to government bodies and law enforcement agencies).
Heart of Glass will NEVER sell your personal information to others. From time to time, we may share your email address and any demographic data that you have provided information with specific named visiting companies whose performances you have attended or partners in the delivery of projects. In these cases we will always ask for your explicit consent before doing so. In these cases, the relevant companies will adhere to the Data Sharing agreements in place between us.
We will NEVER share this information without your express permission.
Cookies are small text files that are automatically placed onto your device by some websites that you visit. They are widely used to allow a website to function (for example to keep track of your basket) as well to provide website operators with information on how the site is being used and to make a user’s experience more efficient.
The law states that we can store cookies on your machine if they are essential to the operation of this site but that for all others we need your permission to do so.
We use Google Analytics, a popular web analytics service provided by Google, Inc.
The information generated by the cookie about your use of our website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity and providing other services relating to website activity and internet usage.
Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active)
Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google undertakes not to associate your IP address with any other data held by Google. We only use Google Analytics with activated IP anonymisation. This means that the IP address of the users will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there.
If you want to delete any cookies that are already on your computer, please refer to the instructions for your file management software to locate the file or directory that stores cookies. You can access them through some types of browser. Search in your cookie folders for www.heartofglass.org.uk to find our cookie and the Google Analytics cookie if you wish to delete them.
Users may also prevent the collection by Google of the data generated by the cookie and related to their use of the online offer as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en
For more information about Google’s data usage, settings and opt-out options, please visit Google’s websites: https://www.google.com/intl/en/policies/privacy/partners (“Google’s use of your data when you use websites or apps of our partners”), https://policies.google.com/technologies/ads (“Advertising use of data”), https://adssettings.google.com/authenticated (“Managing information Google uses to show you ads”)
More information about cookies, including how to block them or delete them, can be found at AboutCookies.org.
Your debit and credit card information
Any third parties who access your data in the course of providing services on our behalf (for example, credit card processing) are subject to strict contractual restrictions to ensure that your data is protected, and in compliance with applicable data protection/privacy legislation.
Please note that we reserve the right to access and disclose personal data to comply with applicable laws and lawful government requests and to protect both ourselves and our users.
Managing your personal information
We strive at all times to ensure that your personal information is accurate and up to date. You may ask us to correct or remove information that you think is inaccurate by contacting us.
We will always hold your information securely through operating strong physical and electronic security safeguards. We also follow stringent procedures to ensure we work with all personal data in line with the General Data Protection Regulation (GDPR) that come into effect on 25 May 2018.
Heart of Glass tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of Heart of Glass’ collection and use of personal information. However, we are happy to provide any additional information or explanation needed.
Complaints and enquiries about, or suggestions for improvements to, our data protection processes should be directed to the Data Protection Officer using the contact details provided at the end of this policy.
Links to / from other websites
Our website contains links to other internet websites which we do not operate and other internet websites may contain links to our website. We are not aware of, and are not responsible for the privacy policies, practices or content of such other websites. We encourage website visitors to read and become familiar with the privacy policies maintained by such other websites.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Security of your personal information
We will put in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your personal information as secure as possible.
We will ensure that any third parties we use for processing your personal information do the same. We will not transfer, process or store your data anywhere that is outside of the European Economic Area.
Your rights to your personal information
You have a right to request a copy of the personal information that we hold about you and to have any inaccuracies in this data corrected. Please use the contact details at the end of this policy if you would like to exercise this right.
You have the right to lodge a complaint about the use of your data either by using the contact details at the end of this policy or by contacting the ICO at [https://ico.org.uk/] or by calling 0303 123 1113.
If you contact us to lodge a complaint, we will respond within 21 working days.
Job and volunteering applicants
If you apply to work or volunteer for Heart of Glass, we will use the information you supply to us to process your application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from Disclosure Scotland or the Disclosure and Barring Service, we will not do so without informing you beforehand.
Personal information about unsuccessful candidates will be held for 6 months after the recruitment exercise has been completed, after which it will be destroyed, unless you have asked us to destroy it earlier or allowed us to retain it for longer by written request.
Contact details and further information
- If you wish to make a complaint
- To request further explanation of any issues relating to this privacy notice
- To make a suggestion for improving our processes relating to the way we use personal data
- To opt out from receiving Heart of Glass marketing communications at any time
- To change your contact preferences
- To have your personal data removed or corrected in our records
- If you wish to request a copy of all or part of your personal information held by Heart of Glass by making a subject access request.
Please direct your request to the Data Protection Officer by email at firstname.lastname@example.org stating FAO: Data Protection Officer in the subject line, or in writing to the following address. Please ensure that you state your full name and email address in the letter or email so that we may locate your record on our database.
FAO Data Protection Officer,
Heart of Glass,
Changes to this privacy notice
We keep our privacy notice under regular review. You are advised to visit this page periodically in order to keep up to date with any changes. By continuing to use our services you will be deemed to have accepted such changes.
This privacy notice was last updated on 17 June 2019.