The UK Government updated the UK Data Protection Act (DPA) of 1998 in in May 2018, incorporating the clauses from European Union General Data Protection Regulation.

It was subsequently updated in 2020, to protect the rights of UK Citizens regarding their personal information post Brexit, called the Data Protection, Privacy and Electronic Communication Regulation, and is commonly known as UK GDPR.

Cambridge Open Studios (COS) welcomes this data protection to the UK and interprets it to include all COS members and COS’ affiliated arts organisations and advertisers. COS has established and will need to maintain policies and procedures that are compliant with UK GDPR.

1 Principles

Here are the principles and understanding as set out by the COS Management Team:

COS only collects personal information provided voluntarily by members. Some of this personal information is on public view on the COS website, on our App and in our printed materials. All members have the choice as to which items of personal information are publicly available.

Without this personal data the work of COS would be impossible. Members have every right not to give this personal information but must understand that without it they will not be able to take full advantage of their membership of Cambridge Open Studios.

The COS Management Team has appointed a Data Privacy Officer who can be contacted via email:

The COS Management Team will be vigilant in detecting and investigating any personal data breach. Any significant breach will be reported to members concerned and to the Information Commissioners Office within three days of it being discovered.

No personal data is shared with third parties other than our mailing provider, the small number of people who have access to the website, and with Google Maps for purposes of website and app maps. You can choose to not show your address on the website and app maps year- round, however the website and app will use Google Maps for the July Open Studio event. You cannot participate in July Open Studios without your studio location being shown on the website and app maps. Google has their own GDPR and privacy policy.

GDPR Policy will be reviewed by the COS Management Team on a regular basis.

2 Personal Data Held

COS holds the following data on members in order to carry out the everyday business of COS, including the functioning of the website.

  • Name
  • Address (studio address and billing address)
  • E-mail Address
  • Phone
  • Website link and any social links
  • Any text you enter into the website
  • Any photographs you upload onto the website
  • Your financial details will be retained only whilst processing payments

3 What is the purpose of the data held?

Data held on members will only be used for the purposes outlined below.

  • Managing membership and participation subscriptions – and communicating with members about these
  • Providing support and communicating with members with regard to their website pages and guide entries.
  • Communicating with members is usually carried out by personal email and Mail Chimp, an email and marketing platform. Any member may unsubscribe from Mail Chimp emails at any time but need to be aware that they may not then receive important information sent out by the COS team.
  • Data on the website and app serve the purpose of management and event organisation by COS Management Team. It also serves the purpose allowing members of the public to find the COS artist/gallery member.

4 How personal data on members is collected

Personal Data such as the above list from Section 2 are collected via the website when an artist joins Cambridge Open Studios, renews their membership, or alters any details on their website pages. Details are stored on the website and also by the Membership Secretary. All members have a choice as to how much personal information they upload to their own Artist page on the COS website. Some of this information is available for public view and may include information such as but not limited to a telephone number, email address, website address, social media information as well as images of artwork and text descriptions. If preferred, a member may choose to make none of this information publicly available on the website. If a member chooses to participate in the July Open Studios event, then some information will be required for their guide entry and the Open Studios web pages.

5 Payment details

All payments by members are taken using Stripe. Please see Stripe’s own GDPR and privacy policy. If a refund is required, we aim to do this via Stripe in a timely manner. Only as a last resort do we contact a member for their bank details. Bank details are then deleted once the transaction has gone through and will be confirmed in writing.

6  How does the COS management team use my data?

Individual members of the COS Management Team will need to hold and use personal data in the form of paper and computer records to fulfil their roles and responsibilities. When the data is no longer relevant, it will be deleted.

7 What happens to my data if I do not renew my membership to COS?

Once membership has lapsed, a   member will have 90 days to renew membership after which the account will be removed from the website and all records will be permanently deleted, including personal details and all images

8 Does COS share personal data with third parties?

Members’ personal data is not shared with any third parties apart from contracted consultants who work for COS and need this information to carry out their work (including graphic designers, website host, etc), and from Google, Stripe, and other companies who have functionality on the website. See Section 1 for more information.

9 Do you keep paper records?

Sometimes it is necessary to print out lists and records which will be destroyed when no longer relevant. The only permanent record of members’ personal data is included in the annual Open Studios Guide.

Who should I contact if I have concerns or need to know more?

Please contact our Data Privacy Officer:

Updated Oct 2023

Scroll to Top