In May 2018, the regulations surrounding how companies and organisations can hold your personal data changed. This policy tells you how we handle your personal data and the rights you have, when we hold it. This policy was intended to comply with the provisions of the General Data Protection Regulation EU 2016/679 (GDPR) which governs how personal data is processed within the European Economic Area (EEA).
Currently, post-Brexit, the principles of the EU GDPR have been incorporated in UK Data Protection law, so our existing guidance is still valid. We aim to revise this document periodically to reflect any relevant changes in UK GDPR.
Who we are
The Cooper Hall Foundation is a Registered Charity (No. 1151565), providing education and performance opportunities for emerging artists and offering regular, high quality performance from a range of international calibre artists across a broad range of genres. We also hire our facilities for a broad range of creative projects for rehearsal, recording, filming, workshops, conferencing, talks etc. The Cooper Hall Foundation also offers short residencies to invited artists for the research and development of new projects with the emphasis on the creative process.
Our registered business address is: The Cooper Hall Foundation, Selwood Manor, Jacks Lane, Frome BA11 3NL. Kim Wood is the Data Protection Officer for The Cooper Hall Foundation. We are the “data controller” for the purposes of GDPR. This means that we decide how your Personal Data is processed and for what purposes.
Your Personal Data – what is it?
‘Personal Data’ is data that relates to a living individual who can be identified from that data. We might be able to identify you from the data itself or by linking that data to other information we have access to. GDPR tells us how we must process your Personal Data.
How do we collect Personal Data from you?
We collect information about you from you when you:
- purchase a product or service in person, by phone, online or by post;
- sell us a product or service;
- complete forms on or from our website;
- subscribe to our mailing list;
- contact us by phone, email, post or otherwise to make an enquiry about our products or services;
- when you click links from or respond to our emails
If you give us somebody else’s Personal Data, for example, when registering another person onto a course, you warrant that you have obtained the express consent from the third party for the disclosure and use of their personal data.
What type of data do we collect from you?
The type of data that we collect will vary according to the nature of our contact with you and the information you provide. Here is a list of the types of data that we collect.
- When you make a purchase or booking, we collect your name, address, email and phone number. If you do this online then also your IP address and the time of transaction.
- We may collect your financial details such as your bank name, account number and sort code if we need to make a payment to you.
- When you subscribe to our newsletter, we collect your name, email address, IP address, time of consent and any marketing preferences.
- When you interact with marketing emails, your personal data may be automatically collected by our email platform MailChimp. This information includes but is not limited to: the device you have used; the location of the device; the mode of access – such as the type software or operating system used. It does not include your name, address, phone, email payment information or any other such sensitive personal data.
- In the event you contact us in person, by phone, email or post, we retain a record of your query along with any personal information that you provide.
Why do we hold your personal data?
Data protection laws state that we are only able to process personal data if we have valid reasons to do so. We collect and use personal data for the following purposes:
- To fulfil a contract of service. A contract of service is entered into when you purchase one or more of our products or services or we purchase a product or service from you.
- For customer service purposes such as to provide information about a product or service that you have requested or purchased or to share your contact details with officials and other authorised people and companies for the purpose of delivering the service we provide.
- To manage and process payments for the organisation we run.
- For any legal statutory or accounting purposes.
- For marketing purposes, to inform you of news, events, activities or services that you have expressed an interest in.
How do we process your Personal Data?
We comply with our obligations under GDPR in the following ways:
- by keeping Personal Data up to date;
- by collecting, storing and destroying it securely;
- by not collecting or retaining unnecessary or excessive amounts of data;
- by protecting Personal Data from loss, misuse, unauthorised access and disclosure.
What is the legal basis for processing your personal data?
You have entered into a contract with us for the provision of goods or services and have agreed to our terms and conditions of service. We need to keep certain information to adequately manage your purchase or booking.
- When you have provided goods or services to us, we must hold your information to adequately process our transaction and for legal and accounting purposes.
- We have legal requirements to hold customer information for accounting purposes.
- You have given us explicit consent to hold and use your personal data.
Data Retention – How long do we keep your Personal Data?
Customer Service & Legal Obligations
If you booked an event, course or purchased a voucher from us; hired equipment from us or contracted us for any other service, we will keep your Personal Data for as long as you are a customer of our organisation. After you leave, we will keep your information for no longer than we reasonably need, in accordance with applicable laws. Any Personal Data that we hold following the end of our contractual obligation to provide goods or services to you, will be for legal, accountancy or insurance purposes and not for any marketing purposes.
If you signed up for our newsletter or requested in writing to be on our mailing list, we will keep your personal data indefinitely or until you unsubscribe from our mailing list or request removal of your information from our marketing list.
Data that is automatically collected when you browse our website may be kept indefinitely. We cannot associate you as an individual (name, email address or other sensitive data) with the automatic data collected, should you wish to have it deleted. The GDPR explicitly states that online identifiers, even if they are pseudonymous or if they do not directly identify an individual, will be considered personal data if there is potential for an individual to be identified or singled out. For this reason, use of our website where ‘cookies’ that collect data are present requires active consent from you by clicking a consent pop-up.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Data that is automatically collected when you interact with our emails may be kept indefinitely. If you unsubscribe from our mailing list, any analytical data will become anonymous.
Access and Sharing your Personal Data
Your Personal Data will be treated as strictly confidential and will be shared only with organisations whose services are required in order to fulfil our service obligations to you such as ticketing providers or courier services. We also use companies such as Stripe, Google and PayPal to help us process your Personal Data. Third parties we use may operate outside the EEA. In these cases, we will make sure that robust securities exist to protect your Personal Data.
When you give your consent to our holding of your Personal data you agree to us sharing your Personal Data (including special categories of Personal Data – where we have your explicit consent) with third party processors and sub-processors located both inside and outside the EEA.
All personal data we collect from you is stored in secured locations. Where your data is stored on company devices, these devices are password secured and running the latest security software that is regularly updated. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We store data on the Google cloud platform that is certified to ISO and SOC standards. Google’s security has independent verification and regularly undergoes audits of security, privacy, and compliance controls. Information is stored on secure servers in the EEA but may be transferred to and stored in a country outside the EEA in relation to provision of services to you. However, we will ensure that reasonable steps are taken to protect your data in accordance with data protection laws.
Any sensitive data (payment details for example) are encrypted and protected. We do not have access to your card details when you pay online. These are encrypted and processed by third-party processors that are fully GDPR and PCI compliant.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping the password confidential. We ask you not to share a password with anyone.
We agree to take reasonable measures to protect your data in accordance with applicable laws and in accordance with our General Terms and Conditions
In the event of a data breach, we shall ensure that our obligations under applicable data protection laws are complied with where necessary.
Your Rights and Your Personal Data
Unless we have an exemption under GDPR, you have the following rights with respect to your Personal Data:
- The right to request a copy of the Personal Data which we hold about you, without any charge.
- The right to request that we correct any Personal Data found to be inaccurate or out of date.
- The right to request that your Personal Data is erased where it is no longer necessary for us to keep it.
- The right to withdraw your consent to the processing we carry out at any time.
- The right to request that we provide you with your Personal Data and, where possible, to send that data directly to another data controller.
- The right, where there is a dispute in relation to the accuracy or processing of your Personal Data, to ask us to restrict further processing.
- The right to object to the processing of Personal Data.
- The right to lodge a complaint with the Information Commissioners Office and to seek legal recourse.
If we wish to use your Personal Data for a new purpose, not covered by this Notice, then we will provide you with a new notice explaining this new use. We will do this before we start processing for the new use. We will set out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Contact Details & Complaints
If you have a problem, complaint or, if there is something you don’t understand, please contact us Email: firstname.lastname@example.org Address: The Cooper Hall Foundation, Selwood Manor, Jacks Lane, Frome, Somerset, BA11 3NL
You can also contact the Information Commissioners Office Tel: 0303 123 1113 Email: https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF
Changes to this Policy
Any changes we make to our policy in the future will be posted on our website and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our policy.
This Policy Document was last updated on Friday 11th June 2021 by The Cooper Hall Foundation.