You matter to us
The privacy and security of your personal data is very important to us. We take the responsibility seriously and want you to be confident in how we process your information.
This policy explains how and why we, Rage Arts, use your personal data, your rights and our obligations to you.
We will never sell your data and will only share it with companies when it is necessary, there is a legitimate interest, or where explicit consent has been given and the privacy and security of the data is assured.
We will continue to monitor our processes
Rage Arts is an educational charity and arts organisation. We provide opportunities for people to gain skills to help them in life and increase their self-esteem & self-confidence though film, theatre and music projects and through something which is of interest to them.
We work predominantly in the West Midlands. We are currently setting up in Scotland.
Who we are
We are a registered company number 6166882 and charity number 1120152 England and 47117 Scotland.
We are a registered data controller with the Information Commissioners Office. Our ICO register number is: Z1594464. Any reference to ‘us', ‘we', ‘our', ‘data controller' is in reference to Rage Arts. Any reference to ‘data subject' is in reference to individuals whose data we process.
What data we collect and how we use it
Our three key reasons for collecting data to then be processed are listed below.
- To process an application for you to work with us, whether that is on a self-employed or employed basis.
- To process an application for you to come on one of our projects
- Administration and technical support of your membership of Rage
We will ask for relevant information to enable us to fulfil our obligation to you or provide the service requested.
Personal Data - Personal data is information that can be used to identify a living individual or as part of a set of information that, used together, can identify an individual. This will normally include title, name, address, age and contact details which includes email, postal address and telephone number.
Sensitive Personal Data – This includes, but is not limited to, racial or ethnic origin, political belief, sexual orientation. We do not request or hold this type of data.
Personal data created by your involvement with us
Your activities related to your involvement with us will result in personal data being created and held. This could include details of how you have volunteered or how you are involved with our campaigns and activities.
We will analyse the data that you provide so that we can communicate with you more effectively and better understand your preferences and ability to support the campaign.
We may request data from you specifically related to volunteer activities you undertake (e.g. references, criminal records, details of emergency contacts, medical conditions etc.). The data requested will be related to the activity undertaken. The information will be retained for legal or contractual reasons and are in place to safeguard both us and you.
Legal basis for processing your data
In order to process your information we must have a lawful reason for doing so. The four most common reasons why we process your data are as follows;
- Legitimate interest
- Legal Obligation
Rage Arts will only process (use) your personal information if we have;
- a contract with you to provide a service or product. We will use your personal data accordingly e.g. to send you your membership card, an item you have purchased.
- a legitimate interest in order to provide the service or information required
- your express consent that we have on record to allow us to send you specific communications.
- a legal obligation e.g. to process payments and store data in accordance with financial regulations.
What is Legitimate Interest?
This is the legal ground for us to process your personal information if we have a genuine and legitimate reason for doing so. Legitimate interests do not harm your rights and interests as an individual.
Examples of where Rage Arts would use grounds of legitimate interest to process your data would include the following.
- To send you notice of the Annual General Meeting.
We will only use your personal data on the relevant lawful grounds as detailed above. We will do this in accordance with the EU General Data Protection Regulations (GDPR) which come into effect on the 25th May 2018 and the Privacy and Electronic Communications Regulations (PECR).
Personal data provided to us will be used for the purposes as outlined at the time of collection in a fair processing notice.
We will use your data in accordance with the lawful basis we collected it. Below are the main uses of your data which depend on the type of relationship we have with you and how you interact with our services, websites and activities.
We use the personal data you provide at the point of joining to help us provide you the services linked to membership. This includes the following;
- Information we are obligated to sending you detailed in the Memorandum and Articles of Association such as information related to our Annual General Meeting.
- Live calls - related to membership renewal and / or your membership
- Social media channels – Facebook, Twitter, YouTube
- Changes to the terms and conditions of your membership
In accordance with GDPR we can only send you communications that you have consented too.
We do not carry out data profiling.
We may gather additional information about you from external sources.
We run data checks at intermittent occasions as required to check for updates to addresses and for mortality screening in order to ensure our data is as accurate as we can make it.
Who we share your data with
In order to provide membership and or any service we do share your data to fulfil these requirements.
- People who work for Rage in either an employed or freelance basis.
- Rage volunteers with the relevant permissions to process personal data
We have no agreements with other organisations to share personal information we may share information with project funders but not in a way that an individual is identifiable.
How to update your data and marketing preferences
You can update your personal data at any time. If you contact us via email or post please allow for 10 working days from request to action.
If you want to update or amend your personal data or marketing preferences you can do so in the following ways:
We will update your member record within 30 days of receipt of request
You have a number of rights under GDPR and this section briefly highlights them. For more information visit www.ico.org.uk
- The right of access – You have the right of access to your personal data and supplementary information. This information is free unless there is unreasonable effort upon which a charge may be made by the Data controller. A request is required in writing and must be specific to a set of data and or a time frame for when the data is required. Rage must provide you with this information within one month; this may be extended to two months dependent on the nature and complexity of the request.
You will be asked to provide the following details:
- The personal information you want to access
- Where it is likely to be held
- The data range of the information you wish to access
We will also need to provide information for us to be able to confirm your identity.
If we do hold personal data about you we will give you a copy of the information in an understandable format together with an explanation of why we hold and use it.
- The right to rectification – The right to have your personal data rectified if it is incomplete or inaccurate.
- The right to erasure – The right for the deletion of data where there is no compelling reason for its continued processing.
- The right to restrict processing – The right to suppress or restrict processing. The data controlled could retain the data but no longer process it.
- The right to data portability – The right to retain their own personal data and use it across multiple services.
- The right to object – The right to object to process for legitimate interest, direct marketing and scientific purposes.
- Rights in relation to an automated decision making and profiling – Right to object to automated decision making.
Keeping your information
We will only use and or store your information for as long as it is required for the purpose it was collected. The purpose will determine how long it will be kept. This can sometimes be to meet a statutory or legal requirement. If we have explicitly informed you of the length of time we will securely destroy the data in question.
CVs sent to us one year we will delete by the end of February the following year.
Cookies, Tracking and Websites
We collect standard internet log information. We do this to find out things such as the number of visitors to the various parts of the site. We collect this information in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting any of our websites. We will not associate any data gathered from our sites with any personally identifying information from any source. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.
To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
How we secure your data
Data security is very important to us to ensure that we are keeping those who come on our projects, those we work with, volunteers, customers and members safe. We constantly review the way we store personal data to make sure it is safe. When you trust us with your data we will always keep your information secure to maintain your confidentiality.
What to do if you are not happy
You also have the right to contact the Information Commissioners Office (ICO) if you have any questions about Data Protection. They are contactable via the phone on 0303 123 113 or visit their website www.ico.org.uk.
Changes to this privacy notice
We keep our privacy notice under regular review.
This privacy notice was last updated on 21st June 2018