CAMBRIDGE OPEN STUDIOS
UK GDPR COMPLIANCE & DATA PRIVACY POLICY 2022
The UK Government updated the UK Data Protection Act (DPA) of 1998 in in May 2018, incorporating the clauses from European Union General Data Protection Regulation.
It was subsequently updated in 2020, to protect the rights of UK Citizens regarding their personal information post Brexit, called the Data Protection, Privacy and Electronic Communication Regulation, and is commonly known as UK GDPR.
Cambridge Open Studios (COS) welcomes this data protection to the UK and interprets it to include all COS members and COS’ affiliated arts organisations and advertisers. COS has established and will need to maintain policies and procedures that are compliant with UK GDPR.
1. Principles
Here are the principles and understanding as set out by the COS Management Team:
COS only collects personal information provided voluntarily by members. Some of this personal information is on public view on the COS website, on our App and in our printed materials. All members have the choice as to which items of personal information are publicly available.
Without this personal data the work of COS would be impossible. Members have every right not to give this personal information but must understand that without it they will not be able to take full advantage of their membership of Cambridge Open Studios.
The COS Management Team has appointed a Data Privacy Officer who can be contacted via company.secretary@camopenstudios.org The COS Management Team will be vigilant in detecting and investigating any personal data breach. Any significant breach will be reported to members concerned and to the Information Commissioners Office within three days of it being discovered.
No personal data is shared with third parties other than our mailing provider MailPoet, the small number of people who have access to the website, and with Google Maps for purposes of website and app maps. You can choose to not show your address on the website and app maps year- round, however the website and app will use Google Maps for the July Open Studio event. You cannot participate in July Open Studios without your studio location being shown on the website & app maps. Google has their own GDPR and privacy policy.
COS’ GDPR Policy will be reviewed by the COS Management Team on a regular basis.
2. General Personal Data Held
COS holds the following data on members in order to carry out the everyday business of COS (including functioning of the website). (COS does not retain the information if you do not give it.)
- Name
- Address (studio address and billing address)
- E-mail address
- Phone
- Website link and any social links
- Any text you enter into the website
- Any photographs you upload to the website
- Your financial details will be retained only whilst processing payments
3. What is the purpose of the data held?
Data held on members will only be used for the purposes outlined below.
- Managing membership and participation subscriptions’ and communicating with members about these
- Providing support and communicating with members with regard to their website pages and guide entries.
- Communicating with members is usually carried out by personal email and Mail Chimp, an email and marketing platform. Any member may unsubscribe from Mail Chimp emails at any time but need to be aware that they may not then receive important information sent out by the COS team.
- Data on the website and app serve the purpose of management and event organisation by COS Management Team. It also serves the purpose allowing members of the public to find the COS artist/gallery member.
4. How general personal data on members is collated
Personal Data such as the above list from Section 2 are collected via the website when an artist joins Cambridge Open Studios, renews their membership, or alters any details on their website pages. Details are stored on the website and also by the Membership Secretary. All members have a choice as to how much personal information they upload to their own Artist page on the COS website. Some of this information is available for public view and may include information such as but not limited to a telephone number, email address, website address, social media information as well as images of artwork and text descriptions. If preferred, a member may choose to make none of this information publicly available on the website. If a member chooses to participate in the July Open Studios event, then some information will be required for their guide entry and the Open Studios web pages.
5. Payment details
All payments by members are taken using Stripe. Please see Stripe’s own GDPR and privacy policy. If a refund is required, we aim to do this via Stripe in a timely manner. Only as a last resort do we contact a member for their bank details. Bank details are then deleted once the transaction has gone through and will be confirmed in writing.
6 How does the COS management team use my data?
Individual members of the COS Management Team will need to hold and use personal data in the form of paper and computer records to fulfil their roles and responsibilities. When the data is no longer relevant, it will be deleted.
7 What happens to my data if I do not renew my membership to COS? Do you keep my data?
At the annual renewal, all members will be informed that if they choose not to renew their annual membership, then their personal data including their Artist’s page will be removed from public sight once the renewal date has passed (typically end of Dec). The information will be deleted three months after the closure of renewal date.
8 Does COS share personal data with third parties?
Members’ personal data is not shared with any third parties apart from contracted consultants who work for COS and need this information to carry out their work (including graphic designers, website host, etc), and from Google, Stripe, and other companies who have functionality on the website. See Section 1 for more information.
9 Do you keep paper records?
Sometimes it is necessary to print out lists and records which will be destroyed when no longer relevant. The only permanent record of members’ personal data is included in the annual Open Studios Guide.
10 Use of HotJar
We sometimes use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.
For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.”
11 Who should I contact if I have concerns or need to know more?
Please contact: company.secretary@camopenstudios.org