Made By Katie Green Data Management Policy
1. Context and overview
Made By Katie Green needs to gather and use certain information about individuals. These can include audience members, collaborators, partners (e.g. venues, arts organisations), suppliers and other people the organisation has a relationship with or may need to contact.
This policy describes how this personal data must be collected, handled and stored to meet the company’s data protection standards – and to comply with the law.
Made By Katie Green may change this Data Management Policy from time to time. You should regularly check this policy to ensure that you are happy with any changes.
Why this policy exists:
We are committed to ensuring that the privacy of your data is protected and being transparent about the information we hold about you.
This Data Management Policy ensures Made By Katie Green:
Data protection law:
The General Data Protection Regulation (GDPR) applies in the UK and across the EU from May 2018. It requires personal data shall be:
1. Processed lawfully, fairly and in a transparent manner in relation to individuals;
2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research or statistical purposes shall not be considered to be incompatible with the initial purposes;
3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
4. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, is erased or rectified without delay;
5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by GDPR in order to safeguard the rights and freedoms of individuals;
6. Processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
7. The controller shall be responsible for, and be able to demonstrate, compliance with the principles.
2. People and responsibilities
Data Protection Officer (DPO) – the person responsible for fulfilling the tasks of the DPO in respect of Made By Katie Green is Katie Green, Company Director. They will:
3. The data we collect
We collect various types of information and in a number of ways:
Information you give us
- Mailing list
We require this information to keep you updated with our email newsletters, promoting new performances, workshops and other opportunities, as well as our latest news. We will not do so excessively, and you can opt out of these emails at any time, using the unsubscribe links in the emails we send out or by using the contact details at the end of this Policy. We only use your postcode to enable us to send you information about performances and opportunities taking place near you.
- Contact form
When you contact us via the online form on our website, your message and contact details are stored in the website Content Management System (CMS) to provide a back-up.
Otherwise comments sent via this form are emailed to the Company, kept for a reasonable period of time then deleted. Contact details provided are only used as appropriate in relation to the specific enquiry, not added to the general mailing list unless consent is given for this purpose.
We make our website CMS accessible to our designers (Root Studio) on occasion. We will only do so to enable them to make updates, additions, or to trouble-shoot any issues we may have with the site. Root Studio do not store any personal data submitted via the website CMS.
- Paying invoices
Information about your interactions with us
For example, when you visit our website, we collect information about how you interact with our content (on an anonymised basis, using Google Analytics). When we send you a mailout we also store a record of this, and in the case of emails we keep a record of which ones you have opened and which links you have clicked on (collated via Mail Chimp).
Sensitive personal data
Data Protection law recognises that certain categories of personal information are more sensitive such as health information, race, religious beliefs and political opinions. We do not usually collect this type of information about our patrons unless there is a clear reason for doing so e.g. we may collect health information about participants in our workshops, but we will only store this information for a limited period of time and will not share it with third parties.
4. Legal basis
There are three bases under which we may process your data:
When you make a purchase from us or make a donation to us, you are entering into a contract with us. In order to perform this contract we need to process and store your data. For example we may need to contact you by email or telephone in the case of cancellation of a show, or in the case of problems with your payment.
Legitimate business interests
In certain situations we collect and process your contact details for purposes that are in our legitimate organisational interests. However we only do this if there is no overriding prejudice to you by using your personal information in this way. We describe below the situations where we may use this basis for processing.
With your explicit consent
For any situations where the two bases above are not appropriate, we will instead ask for your explicit consent before using your personal information in that specific situation, ensuring that:
5. Marketing communications
As described above in section 3, we aim to communicate with you about the work that we do in ways that you find relevant, timely and respectful. To do this we use data that we have stored about you, such as your postcode, as well as any preferences you may have told us about.
We use explicit consent as the legal basis for communications by email. We will give you an opportunity to opt out of receiving them from the first email contact we make with you. If you do not opt out, we will provide you with an option to unsubscribe in every email that we subsequently send you, or you can alternatively use the contact details at the end of this policy.
We use our legitimate organisational interest as the legal basis for communications by post and email with third party providers such as press and potential partner venue contacts.
6. Other processing activities
In addition to marketing communications, we also process personal information in the following ways that are within our legitimate organisational interests:
We may analyse data we hold about you to ensure that the content and timing of communications that we send you are as relevant to you as possible.
We may analyse data we hold about you in order to identify and prevent fraud.
In order to improve our website we may analyse information about how you use it and the content with which you interact (we do so anonymously).
In all of the above cases we will always keep your rights and interests at the forefront to ensure they are not overridden by your own interests or fundamental rights and freedoms. You have the right to object to any of this processing at any time. If you wish to do this, please use the contact details at the end of this policy. Please bear in mind that if you object this may affect our ability to carry out tasks above that are for your benefit.
7. Third parties
There are certain circumstances under which we may disclose your personal information to third parties. These are as follows:
To our own service providers who may process data on our behalf and on our instructions (for example Mailchimp, our ticketing system software provider Tickets Ignite and web designers Root Studio). In these cases we require that these third parties comply strictly with our instructions and with data protection laws, for example around security of personal data.
Where we are under a duty to disclose your personal information in order to comply with any legal obligation (for example to government bodies and law enforcement agencies).
Our website contains links to third-party websites. Once you leave our website, you should note that we have no control over the content or policies of the third-party website. We would recommend that you exercise caution and look at any privacy statement applicable to the website in question.
Cookies are small text files that are automatically placed onto your device by some websites that you visit. They are widely used to allow a website to function as well to provide website operators with information on how the site is being used.
9. Maintaining your personal information / any access requests
You are entitled to:
We store personal information given with your explicit consent indefinitely, until such time that you may notify us that you no longer wish for us to do so.
If there are aspects of your record that are inaccurate or that you would like to remove, please use the contact details at the end of this policy and we will be able to update your details and ensure that any data to be deleted, is deleted securely and without further risk of breach.
Any objections you make to any processing of your data will be stored against your record on our system so that we can comply with your requests.
10. Security of your personal information
We will put in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your personal information as secure as possible, including protecting against unauthorised or unlawful processing and against accidental loss, destruction or damage. We will ensure that any third parties we use for processing your personal information do the same.
Some of our safeguards include:
We will not transfer, process or store your data anywhere that is outside of the European Economic Area.
11. Your rights to your personal information
You have a right to request a copy of the personal information that we hold about you and to have any inaccuracies in this data corrected. Please use the contact details at the end of this policy if you would like to exercise this right.
12. Contact details and further information
Made By Katie Green