YARA + DAVINA are committed to best practice in the handling of personal and sensitive data and careful compliance with requirements of GDPR (General Data Protection Regulations), which came into force on 25 May 2018.
We take your privacy seriously and will only use your personal information to administer your transactions with us (online and offline) and to provide information about the events, resources and services you have requested. All data is collected and is currently processed in accordance with the Data Protection Act (1998) and GDPR.
Our priority is to avoid causing harm to individuals by:
Keeping all information securely, and only in the right hands (i.e. on a strictly “need-to-know” basis;
Holding accurate information only as long as we need it
We aim to be open and transparent in the way we use personal data to give individuals as much choice as possible, within reason, over what data is held and how it is used.
This data protection policy covers all activities, particularly relating to marketing activities and is primarily concerned with our audiences, who submit data to the Arrivals+Departures website.
The types communications with our audiences include but are not limited to:
Digital via email newsletter, social media and this website
In person when the Arrivals+Departures artwork is on display
Printed materials such as event fliers
The personal data that we process and store
This is the kind of personal data we may store about an individual:
Location of Arrivals or Departures contributed via the online form
How we collect data
We collect data for online marketing, if you have opted in, through the submissions form or the email newsletter subscription via Mailchimp form on our website.
We collect data on social media. Depending on your settings or the privacy policies for social media and messaging services like Facebook, Instagram, YouTube, Soundcloud or Twitter, you may give us permission to access information from those accounts or services.
How we process and protect personal data
We store and process personal data, such as email addresses, on Mailchimp.
Our IT software and systems are regularly monitored and updated to ensure maximum virus protection and security. Our team is trained to identify suspicious emails or attachments, particularly from any hitherto unknown or otherwise untrusted sources.
How we dispose of data
We will keep your information only for as long as is reasonably necessary for the purposes set out in this privacy notice and to fulfil our legal obligations. We will not keep more information than we need. The retention period will vary according to the purpose, for example:
Inactive or bounced email addresses are removed from Mailchimp through automated data cleansing.
Every email we send to individuals via Mailchimp includes details on how to change your communications preferences or unsubscribe from future communications. You can unsubscribe or adjust your settings to opt in to the communications they want to receive.
Personal data breaches
A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. A breach could be accidental and deliberate.
If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, we will also inform those individuals without undue delay. We keep a record of any personal data breaches.
We collaborate with organisations on a regular basis and we will only share your data when you have given consent or opted in.
We check that all our third party suppliers who have access to personal data operate in line with GDPR. We have agreements and contracts in places with artists, partners and service providers to ensure that data is secure. Artsadmin is not responsible for the privacy notices and practices of third parties.
We may include information about events and projects by third parties (such as organisations we collaborate with, have toured work to or have presented work by) in our marketing promotion via email newsletters and on social media.
Subject Access Request Forms
Subject access request refers to the right that individuals have to see a copy of the information an organisation holds about them. You can read more about Subject Access on the Information Commissioner's Office’s (ICO) website.
If you want to know the information that YARA + DAVINA hold about you, you can find out more about how to do that on the ICO website.
Please submit to firstname.lastname@example.org with the email subject line “Subject Access Request”. For more information on right of access, please refer to the ICO.
The Right to be Forgotten
Individuals have the right for their personal data to be erased; it is also known as ‘the right to be forgotten’. Individuals can make a request for erasure verbally or in writing. YARA + DAVINA will have one month to respond to a request.
We will implement The Right To Be Forgotten if the data subject requests it and will provide evidence of deletion where possible. For more information on the right to be forgotten, please refer to the ICO.
This policy was last updated on 26 May 2020. We review our policy annually and any updates are posted on this page. We may inform you about any changes that are relevant to you.
Data Protection: https://ico.org.uk/for-the-public