Privacy Policy

Made By Katie Green Data Management Policy

1. Context and overview

Key details:

  • Policy prepared by: Katie Green
  • Policy became operational on: 31st March 2018
  • Next review date: 31st March 2025


    • Introduction:

    Made By Katie Green needs to gather and use certain information about individuals. These can include audience members, collaborators, partners (e.g. venues, arts organisations), suppliers and other people the organisation has a relationship with or may need to contact.

    This policy describes how this personal data must be collected, handled and stored to meet the company’s data protection standards – and to comply with the law.

    Made By Katie Green may change this Data Management Policy from time to time. You should regularly check this policy to ensure that you are happy with any changes.

    Why this policy exists:

    We are committed to ensuring that the privacy of your data is protected and being transparent about the information we hold about you.

    This Data Management Policy ensures Made By Katie Green:

  • Complies with data protection law and follows good practice
  • Protects the rights of audience members, collaborators, partners and so on
  • Is transparent about how it collects and uses individuals’ data
  • Protects itself from the risks of a data breach


    • Data protection law:

    The General Data Protection Regulation (GDPR) applies in the UK and across the EU from May 2018. It requires personal data shall be:

    1. Processed lawfully, fairly and in a transparent manner in relation to individuals;

    2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research or statistical purposes shall not be considered to be incompatible with the initial purposes;

    3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

    4. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, is erased or rectified without delay;

    5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by GDPR in order to safeguard the rights and freedoms of individuals;

    6. Processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

    7. The controller shall be responsible for, and be able to demonstrate, compliance with the principles.

    2. People and responsibilities

    Data Protection Officer (DPO) – the person responsible for fulfilling the tasks of the DPO in respect of Made By Katie Green is Katie Green, Company Director. They will:

  • inform and advise individuals working with the company about their obligations to comply with the GDPR and other data protection laws
  • monitor compliance with the GDPR and other data protection laws, managing internal data protection activities
  • be the first point of contact for supervisory authorities and for individuals whose data is collected (audience members, collaborators, partners and so on)

    • 3. The data we collect

    We collect various types of information and in a number of ways:

    Information you give us

    • Mailing list

    When you register for our mailing list via our website, or by opting in when completing one of our feedback cards after a performance, we will store personal information you give us - your name (optional), email address and postcode (optional). We do so using the Mail Chimp email marketing service which uses a double opt-in system to ensure individuals’ details are accurate, and stores data securely in accordance with their privacy policy.

    We require this information to keep you updated with our email newsletters, promoting new performances, workshops and other opportunities, as well as our latest news. We will not do so excessively, and you can opt out of these emails at any time, using the unsubscribe links in the emails we send out or by using the contact details at the end of this Policy. We only use your postcode to enable us to send you information about performances and opportunities taking place near you.

    • Contact form

    When you contact us via the online form on our website, your message and contact details are stored in the website Content Management System (CMS) to provide a back-up.

    Otherwise comments sent via this form are emailed to the Company, kept for a reasonable period of time then deleted. Contact details provided are only used as appropriate in relation to the specific enquiry, not added to the general mailing list unless consent is given for this purpose.

    We make our website CMS accessible to our designers (Root Studio) on occasion. We will only do so to enable them to make updates, additions, or to trouble-shoot any issues we may have with the site. Root Studio do not store any personal data submitted via the website CMS.

    Our website is hosted securely by Fasthosts (Privacy Policy) and we have installed an SSL certificate so data transfer is encrypted. We also keep a back-up of the site that we update every 2 months using company code42 (Privacy Policy).

    • Ticketing

    When we use an external ticketing site (such as Eventbrite), your information is processed in a safe and secure manner in accordance with the relevant site's Privacy Policy. We will only use the contact information you provide to ensure the smooth running of an event (e.g. where we may need to contact you to inform you about updates to/cancellation of an event). This will also be done in a safe and secure manner, and won’t be disclosed to a third party. We do not have access to, and therefore do not store any information relating to your payment (e.g. debit/credit card details).

    • Fundraising

    On rare occasions we may ask you to make a donation in response to a fundraising campaign using a ticketing platform such as Crowdfunder, who store your data in line with their Privacy Policy. In this instance we may store for a short time a record of your donation, you name and email address to enable us to fulfil any reward requirements associated with your donation and to communicate with you about the progress of our work. In this instance we may contact you to see if you would like to be added to our mailing list to hear about our future work and you will then only hear from us regularly where you have given your consent to do so (as outlined above). We do not have access to, and therefore do not store any information relating to your payment (e.g. debit/credit card details).

    Similarly, you can make a donation to Made By Katie Green on an ongoing basis via the Support page of our website and our PayPal account. In that instance your data will be collected and stored in line with the PayPal Privacy Policy; we do not have access to your payment details.

    • Paying invoices

    Made By Katie Green works with many individuals/organisations on a freelance basis, and in this situation will request consent to store bank details from invoices on our online banking system (with the Co-operative Bank – their Privacy Policy is online here) to enable us to process future payments as quickly as possible. Bank details will not be stored beyond the period of a contract with an individual or organisation and will not be shared with third parties.

    Information about your interactions with us

    For example, when you visit our website, we collect information about how you interact with our content (on an anonymised basis, using Google Analytics). When we send you a mailout we also store a record of this, and in the case of emails we keep a record of which ones you have opened and which links you have clicked on (collated via Mail Chimp).

    Sensitive personal data

    Data Protection law recognises that certain categories of personal information are more sensitive such as health information, race, religious beliefs and political opinions. We do not usually collect this type of information about our patrons unless there is a clear reason for doing so e.g. we may collect health information about participants in our workshops, but we will only store this information for a limited period of time and will not share it with third parties.

    4. Legal basis

    There are three bases under which we may process your data:

    Contract purposes

    When you make a purchase from us or make a donation to us, you are entering into a contract with us. In order to perform this contract we need to process and store your data. For example we may need to contact you by email or telephone in the case of cancellation of a show, or in the case of problems with your payment.

    Legitimate business interests

    In certain situations we collect and process your contact details for purposes that are in our legitimate organisational interests. However we only do this if there is no overriding prejudice to you by using your personal information in this way. We describe below the situations where we may use this basis for processing.

    With your explicit consent

    For any situations where the two bases above are not appropriate, we will instead ask for your explicit consent before using your personal information in that specific situation, ensuring that:

  • your consent is freely and unambiguously given for specific purposes,
  • we can evidence an affirmative action on your part to have indicated consent,
  • you can reasonably understand who is using their personal information, what information, and for what purposes, and using which communications channels.
  • You can withdraw consent at any time, and understand the processes in place to enable you to do so


    • 5. Marketing communications

    As described above in section 3, we aim to communicate with you about the work that we do in ways that you find relevant, timely and respectful. To do this we use data that we have stored about you, such as your postcode, as well as any preferences you may have told us about.

    We use explicit consent as the legal basis for communications by email. We will give you an opportunity to opt out of receiving them from the first email contact we make with you. If you do not opt out, we will provide you with an option to unsubscribe in every email that we subsequently send you, or you can alternatively use the contact details at the end of this policy.

    We use our legitimate organisational interest as the legal basis for communications by post and email with third party providers such as press and potential partner venue contacts.

    6. Other processing activities

    In addition to marketing communications, we also process personal information in the following ways that are within our legitimate organisational interests:

    We may analyse data we hold about you to ensure that the content and timing of communications that we send you are as relevant to you as possible.

    We may analyse data we hold about you in order to identify and prevent fraud.

    In order to improve our website we may analyse information about how you use it and the content with which you interact (we do so anonymously).

    In all of the above cases we will always keep your rights and interests at the forefront to ensure they are not overridden by your own interests or fundamental rights and freedoms. You have the right to object to any of this processing at any time. If you wish to do this, please use the contact details at the end of this policy. Please bear in mind that if you object this may affect our ability to carry out tasks above that are for your benefit.

    7. Third parties

    There are certain circumstances under which we may disclose your personal information to third parties. These are as follows:

    To our own service providers who may process data on our behalf and on our instructions (for example Mailchimp, ticketing system software providers e.g. Tickets Ignite and web designers Root Studio). In these cases we require that these third parties comply strictly with our instructions and with data protection laws, for example around security of personal data.

    Where we are under a duty to disclose your personal information in order to comply with any legal obligation (for example to government bodies and law enforcement agencies).

    Our website contains links to third-party websites. Once you leave our website, you should note that we have no control over the content or policies of the third-party website. We would recommend that you exercise caution and look at any privacy statement applicable to the website in question.

    8. Cookies

    Cookies are small text files that are automatically placed onto your device by some websites that you visit. They are widely used to allow a website to function as well to provide website operators with information on how the site is being used.

    We use cookies to keep track of how you are using our website, but only where you have given your permission for us to use them.

    9. Maintaining your personal information / any access requests

    You are entitled to:

  • Ask what information we hold about you and why
  • Ask how to gain access to it
  • Be informed how to keep it up to date
  • Be informed how the company is meeting its data protection obligations

    • We store personal information given with your explicit consent indefinitely, until such time that you may notify us that you no longer wish for us to do so.

    If there are aspects of your record that are inaccurate or that you would like to remove, please use the contact details at the end of this policy and we will be able to update your details and ensure that any data to be deleted, is deleted securely and without further risk of breach.

    Any objections you make to any processing of your data will be stored against your record on our system so that we can comply with your requests.

    10. Security of your personal information

    We will put in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your personal information as secure as possible, including protecting against unauthorised or unlawful processing and against accidental loss, destruction or damage. We will ensure that any third parties we use for processing your personal information do the same.

    Some of our safeguards include:

  • installing an SSL certificate on our website so data transfer is encrypted
  • using two-factor authentication for our email service with MailChimp
  • ensuring access to our website CMS is restricted through use of a password

    • We will not transfer, process or store your data anywhere that is outside of the European Economic Area.

    11. Your rights to your personal information

    You have a right to request a copy of the personal information that we hold about you and to have any inaccuracies in this data corrected. Please use the contact details at the end of this policy if you would like to exercise this right.

    12. Contact details and further information

    Please get in touch with us if you have any questions about any aspect of this privacy policy, and in particular if you would like to object to any processing of your personal information that we carry out for our legitimate organisational interests.

    Katie Green

    Made By Katie Green

    katie@madebykatiegreen.co.uk

    SUBSCRIBE TODAY

    Join our mailing list