ASCUS Privacy Policy
Published 14th May 2018
WHAT IS GDPR?
This legislation will replace current data privacy law, giving more rights to you as an individual and more obligations to organisations holding your personal data. We have therefore updated our privacy policy and we will be publishing a new privacy notice so you can access this information, along with information about the increased rights you have in relation to the information we hold on you and the legal basis on which we are using it.
WHAT DOES THIS POLICY COVER?
At ASCUS we take your privacy very seriously. We know that you, like us, care about how your personal information is used and shared. Please read the following to learn more about how we collect, store, use and disclose information about you when you interact with us, in any manner, via our website and/or our services or public workshop or events.
This Privacy Policy covers our treatment of information that we gather when you are accessing or using our websites or services or when you contact us in any manner. We gather various types of information, including information that identifies you as an individual (“Personal Information”) as explained in more detail below.
ON WHAT LAWFUL BASIS ARE WE PROCESSING YOUR DATA?
In compliance with Article 6 of the GDPR effective form the 25th of May 2018 we process data on the legal basis of ‘legitimate interests’. See more infomation below on ‘legitmate interests’
WHAT INFORMATION DOES ASCUS COLLECT?
INFORMATION YOU PROVIDE TO US:
When you use our website – we collect the personal information that you provide to us, for example your name or your email address via our online forms for enquiries, newsletter sign-up and events registration.
When you use our services – we collect the personal information that you provide to us, for example your name, or your email address, your company name, your background/affiliation as well as any other contact or other information you choose to provide us in connection with the delivery of services.
INFORMATION WE AUTOMATICALLY COLLECT:
When you use our website – we collect information via cookies and other similar technologies which may include saving cookies to users’ computers. We collect certain information related to your device such as your device’s IP address, referring website, what pages your device visited, and the time that your device visited our website.
For further information, please see our cookies policy.
HOW DO WE USE THE INFORMATION?
We use the information we collect via our services for a range of reasons, including:
to provide, operate and maintain the services;
to process and complete transactions and send related information including transaction confirmations and invoices;
to manage our customers’ use of the services i.e. respond to enquiries and comments and provide customer service and support;
to investigate and prevent fraudulent activities, unauthorised access to the services, and other illegal activities;
for any other purposes about which we notify customers and users.
We use the information we collect via our website:
for administration and reporting purposes including (but not limited to) troubleshooting, performance analysis, statistical analysis and testing;
to improve our website to ensure that content is presented in the most effective manner for you and for your device;
to analyse customers use of our website for trend monitoring and marketing purposes;
for the purposes made clear to you at the time you submit your information – for example, to fulfill your request for information on future programming and services;
as part of our efforts to keep our website safe and secure.
We may also use the information you send to us via our website and/or services, to communicate with you via email and possibly other means regarding products, services, offers, promotions and events we think may be of interest to you or to send you our newsletter. You will always be able to opt-out of such communications at any time (see the “What choices do I have” section below).
E-NEWSLETTER
We use a third party provider, Mailchimp, to deliver our Newsletters and depending on how many interests you subscribe to you are likely to receive correspondence from us about two to three times per month. Through our sign-up you can select which ASCUS opportunities you want to hear about so please make sure to include your interests so that we can tailor the content specifically for you. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. For more information, please see Mailchimp’s privacy policy.
EVENTS
We use a third party provider, Eventbrite, to manage our events. For more information, please see Eventbrite’s privacy policy.
SOCIAL MEDIA
We use a third party providers; Twitter, Facebook, Instagram, Hootsuite and LinkedIn to manage our social media interactions. For more information, please see these providers different policies:
Twitter’s privacy notice
Facebook’s privacy notice
Instagram’s privacy notice
Hootsuite’s privacy notice
LinkedIn’s privacy notice
WEB ANALYTICS
We use third party provider, Google Analytics, to analyse our web traffic. For more information, please see Google’s privacy notice
OTHER ONLINE PLATFORMS
We use two third party provider video hosting platforms, Youtube and Vimeo, to analyse our web traffic. For more information, please see
Youtube’s privacy notice
Vimeo’s privacy notice
DONATIONS
We use third party provider, Paypal, to operate our online payment service for donatations. For more information, please see Paypal’s privacy notice
HOW DO WE SHARE AND DISCLOSE THE INFORMATION TO THIRD PARTIES?
We do not sell your Personal Information to anyone under any circumstances.
Under certain circumstances we may be required to disclose your Personal Information in response to valid requests by public authorities such as the Police or security services.
LEGITIMATE INTERESTS
“Legitimate Interests” means the interests of our company in conducting and managing our business to enable us to give you the best service/products and the best and most secure experience. For example, we have an interest in making sure our marketing is relevant for you, so we may process your information to send you marketing that is tailored to your interests. It can also apply to processing that is in your interests as well. For example, we may process your information to protect you against fraud when transacting on our website, and to ensure our websites and systems are secure.
When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests – we will not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
If you have any concerns you have the right to object to processing that is based on our legitimate interests.
IS PERSONAL INFORMATION ABOUT ME SECURE?
We use appropriate technical, organisational and administrative security measures to protect any information we hold from loss, misuse, unauthorised access, disclosure, alteration and destruction. Unfortunately, no company or service can guarantee complete security. Unauthorised entry or use, hardware or software failure, and other factors may compromise the security of user information at any time. Please see our privacy notice (published on the 25th of May for more information about how we handle your data)
HOW TO OPT OUT?
You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of our services. You can opt-out of receiving promotional or marketing communications from us at any time by using the ‘unsubscribe from this list’ or ‘update subscription preferences’ links in the email communication we send. If you have engaged in any of our services we may send you non-promotional service related communications.
CHILDREN
We do not knowingly collect or solicit personal information from anyone under the age of 16. If you are under 16, please do not attempt to register for the Services or send any Personal Information about yourself to us. If we learn that we have collected Personal Information from a child, we will delete that information as quickly as possible. If you believe that a child under 16 may have provided us Personal Information please contact us at general@ascus.org.uk
LINKED WEBSITES
For your convenience, hyperlinks may be posted on our website that link to other websites (the “Linked Sites”). We are not responsible for, and this Privacy Policy does not apply to, the privacy practices of any Linked Sites or of any companies that we do not own or control. We encourage you to read the privacy statements on the other websites you visit.
WILL ASCUS EVER CHANGE IT’S PRIVACY POLICY?
We keep our privacy notice under regular review. This privacy notice was last updated on 14th May 2018.
WHAT IF I HAVE QUESTIONS ABOUT THIS POLICY?
If you have any questions or concerns regarding our privacy policies, please send a detailed message to general@ascus.org.uk
Our main address for the purposes of this website is ASCUS Art & Science, Summerhall, Summerhall Place, Edinburgh EH9 1PL. ASCUS Art & Science is a Scottish Non-Profit Organisation and company limited by guarantee (Company No. SC458236).
WHAT IF I HAVE A COMPLAINT?
If you want to make a complaint about the way we have handled your personal information, you can contact the Information Commissioner’s Office which oversees data protection law – www.ico.org.uk/concerns.