Our contact details
AN:ARTISTS INFORMATION COMPANY (Co. Reg 1626331) trading as a-n The Artists Information Company.
Our office address is: High Bridge Works, 31-39 High Bridge, Newcastle upon Tyne NE1 1EW. Our email address is: [email protected] . Our telephone number is: +44 (0)300 330 0706. Our primary web address is: https://www.a-n.co.uk
The Data Controller is AN:ARTISTS INFORMATION COMPANY (Co. Reg 1626331). The main point of contact for data protection matters is David Farrow, email: [email protected]
Introduction
This privacy policy sets out how a-n The Artists Information Company (a-n) uses and protects any information that you give a-n when you use our websites. See also our Recruitment privacy policy and Bursary privacy policy.
What type of information we have
We process the following types of personal information;
- Members – Login Credentials, Name, Address, Contact Information, Diversity data
- Pending Members – Name, Address, Contact Information
- Past Members – Name, Address, Contact Information
- Financial Information – Bank Details, Payment/Card Details
- Images – Photographs of individuals
- Website User Data – IP Address, Analytics data such as geographic information.
For more information from the ICO with examples of what personal information can be, visit their website.
How we get the information and why we have it
We collect your information using email, telephone, our website and in paper form. We get your information from what you tell us and from third parties who supply your details in line with the relevant legal basis for doing so under the terms of the DPA 2018.
We need to collect or hold your information for the following reasons;
- Members – To manage our agreement with you, including administration of your membership and associated membership benefits and opportunities – our lawful basis for doing this is CONTRACT.
- Pending Members – To provide you with membership details such that you may get full information of the details of membership should you decide to become a member and to process your membership application. Prior to your making an application, your data is processed under the lawful basis of LEGITIMATE INTEREST. Once you apply for membership our lawful basis for processing your data is CONTRACT.
- Past Members – To retain required financial information and details of your membership for tax and insurance purposes – our lawful basis for doing this is LEGAL OBLIGATION.
- Financial Information – To collect membership and other payments – our lawful basis for doing this is CONTRACT.
- Images – our lawful basis for holding images of individuals or displaying them in a public space such as a website or gallery is LEGITIMATE INTEREST.
- Website User Data – We hold this data to provide you with the best user experience of our website – our lawful basis for doing this is LEGITIMATE INTEREST.
For more information from the regulator on the different lawful basis under which data can be processed and stored, visit the ICO website.
For more information on Website User Data, see our website Cookie policy.
What we do with the information
We use the information that you have given us in order to;
- Manage your membership and your interaction with a-n if you are a member or pending member
- Manage your interaction with a-n if you are a non-member (e.g. attendance at events)
- Analyse usage of our website to develop the site and user experience
Data collected from diversity monitoring forms will be anonymised for use in equality and diversity reporting, and will not be shared in identifiable form with third parties.
We may share this information with regulatory authorities such as payment processing organisations and those engaged to manage our accounts and other professional services.
We may provide paid products and/or services within the Service. In that case, we use third-party services for payment processing (e.g. payment processors).
We will not collect or store your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
The payment processors we work with are detailed below in the third party processor table.
At the time of writing we do not share any personal data outside the EEA.[1]
At the time of writing we do not undertake any automated decision making.
The following third parties process personal data on our behalf:
Company | Nature of Processing | Link to Privacy Notice |
SagePay Europe Limited | Payment Data | www.sagepay.co.uk/ |
Barclaycard | Payment Data | www.barclaycard.co.uk/ |
GoCardless Limited | Payment Data | gocardless.com/ |
Paypal | Payment Data | www.paypal.com/ |
Mailjet | Mail Services | www.mailjet.com/ |
Elastic Email | Mail Services | elasticemail.com/ |
MailChimp | Mail Services | mailchimp.com/ |
Eventbrite | Event management | www.eventbrite.co.uk/ |
How we store your information
We manage our systems and processes to make sure that your digital and paper data is as safe as possible at any stage, both while it’s processed and when it’s stored.
All information is stored within the EEA. Where information is stored electronically, this is held in locations with appropriate security to limit risk of exposure through unauthorised access.
We will not transfer personal information from the UK to any other country. We use approved contractual clauses with any third party processors to ensure that the recipients of your personal information protect it. We take steps to ensure that the information we collect is processed according to this privacy policy.
We undertake to retain your data for no longer than required either for the needs of the business for legal purposes. Our retention schedule is available on request.
When we destroy or dispose of your data we do so using appropriate and secure processes.
Your data protection rights
Under the Data Protection Act 2018 you have the following data protection rights;
Your right to be informed – if your personal data is being used we must inform you that we are using your personal data.
Your right to get copies of your data – You have the right to find out if we are using or storing your personal data. You may request copies of your data by using the contact details in this privacy notice. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Your right to get your data corrected – You can challenge the accuracy of personal data held about you by us.
Your right to get your data deleted – You can ask an organisation to delete personal data that it holds about you. This depends on the lawful basis under which it is being processed, refer to lawful basis for processing earlier in this privacy notice.
Your right to limit how organisations use your data – You can limit the way we use your personal data.
Your right to data portability – You have the right to get your personal data from us in a way that is accessible .
The right to object to the use of your data – You have the right to object to the processing or use of your personal data in some circumstances.
Your rights relating to decisions being made about you without human involvement – Decisions are made about you when your personal data is processed automatically. As stated earlier in this notice we do not undertake any automated decision making processing of data or any other processing without human involvement
Your right to access information from a public body – Make a request for information from a public body. We are not a public body therefore this right does not apply.
Your right to raise a concern – You have a right to tell us if you’re concerned about how we are using your data.
For more details about your data rights, visit Your Data Matters
How to complain
If you have a complaint about how your personal data is being processed, please contact us using the contact details given at the beginning of this privacy notice.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
This privacy notice was last updated in October 2021.
[1] According to the UK Government, the current practice, which permits personal data to flow freely from the UK to the EEA, will continue in the event of a no-deal Brexit. To this end, the UK Government’s and the ICO’s website should be regularly consulted. https://edpb.europa.eu/sites/edpb/files/files/file1/edpb-2019-02-12-infonote-nodeal-brexit_en_0.pdf