Privacy Policy
We take your privacy seriously. We want you to be in control of your personal data and its value
This Privacy Policy is between you and g39 Ltd, registered address g39 Oxford St CARDIFF CF24 3DT, company number 3938363. g39 is a registered charity, Reg no. 1181492
We implemented our Privacy Policy in May 2018. This is version 2 of the Privacy Policy and it comes into force 23rd February 2024.
This Privacy Policy explains:
- What personal data g39 collects and why
- How g39 uses that information
- How individuals can access, update and delete their information
g39 needs to gather and use certain information about individuals. These can include participants, audiences, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact. This information helps us to fulfil our legal obligations, achieve our aims, operate more effectively and have better relationships with audiences.
g39 will respect any personal data shared with us; we are committed to keeping personal data secure and managing it in accordance with our privacy policy (described below) and our legal responsibilities under privacy and data protection laws.
What personal information do we collect and process?
The GDPR says that we are required to have a lawful basis for processing your personal data and places emphasis on us being accountable for, and transparent about this. In most cases, our lawful basis for processing data will be Contract, Legal Obligation, Legitimate Interest and Consent as explained below:
Contract: the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
Legal Obligation: the processing is necessary for us to comply with the law (not including contractual obligations)
Legitimate Interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests (such as electronic marketing)
Consent:where the individual has given clear consent to process their personal data for a specific purpose. Consent can be withdrawn on request.
We collect information from you if:
- You signed up to receive information from us about forthcoming events and activities. We will record your name and email address when you sign up to our mailing list, with the option to give you postal address, phone number and any professional capacity you have or special interest group you belong to that will enable us to tailor our communications with you
- You signed up to receive information, notices and materials from g39 for the purposes of supporting your artistic professional development
- You have signed up to attend one of our workshops, talks, or other participatory event that can be pre-booked.
- You have used our website www.g39.org. We log your Internet Protocol (IP) address, in order to receive and send information from and to you over the internet. If you have left a comment on our website, your email and IP addresses will have been stored in our website’s database, and we may have saved your comment for evaluation purposes.
- You have contacted us via email. Your email address may be stored in our company contact lists or database.
- You have interacted with us on social media, either directly or indirectly. From time to time we save anonymised social media feedback and conversations for evaluation purposes.
- There has been a transaction between yourself and g39 via bank transfer, Direct Debit, PayPal, cash, cheque, or debit/credit card. We will retain your name, and/or organisation and contact details, and we may keep a record of your bank or debit/credit card details, but only as long as necessary, and solely to process the transaction. Our PayPal account will keep a record of your contact details and transactions.
You can view Paypal’s Privacy Policy ='https://www.paypal.com/uk/webapps/mpp/ua/privacy-full' here.
- You have been contracted by us to provide a service or equipment, to exhibit in our programme or deliver one of our activities or projects.
- You have hired equipment or services from g39
- You have submitted a job application or sent us your CV. If you apply for a job with us, we may ask for additional information about you. This is so we can improve how we target future employees, understand where individuals are finding out about opportunities with us, and who the people are that are applying.
If we have requested you provide us with contact information for referees, they will only be contacted if you have been offered a job with us. They will be deleted, along with your application, no later than eight months after the position is filled.
- You offer a response accredited to you about our activities (eg on a comments board)
- You offer to volunteer for g39
- You give your availability for the purpose of scheduling open meetings or events
As a minimum, we will usually collect:
Your name
Your email address
Your postcode
Where it is appropriate we may also ask for:
- Information relating to your health, for example if you are attending an event and we need to make sure we’ve made adjustments so you are able to freely attend
- The reason you have decided to take part in one of our events, and / or what you felt about the experience
- Permission to contact you about future events or opportunities. We will only do this if you opt-in to receive this type of communication from us
- Personal information (including age, gender, ethnicity etc), so we can better understand our audiences, members, donors and potential supporters and ensure our work is reaching as many people in as many places as possible. This type of information we collect from you is saved anonymously and securely.
The information we request from you enables us to ensure communications are relevant, and allows us to target our resources effectively.
Some of the information which we collect from you may constitute sensitive personal data. We will only ever use this in accordance with this policy and shall maintain necessary measures to protect this information and its confidentiality.
Cookies
Cookies are very small text files stored on your computer and are used by most websites to help personalise your web experience. For further information on cookies, visit www.aboutcookies.org or www.allaboutcookies.org
We may use the information we collect as a result of you accepting a cookie from our site, to track your use of our website and to compile reports on the use of the website overall by all visitors.
You can set up your browser not to accept cookies – the websites above tell you how to remove cookies from your browser. In a few cases, some features of our website may not function fully as a result.
How long do we store your data?
We will not retain personal data for longer than is necessary for the purpose it is required, and we’ll ensure it is securely deleted when no longer needed. We will review data to reduce the risk of it becoming inaccurate, out of date or irrelevant. Please let us know if you see any inaccuracy with the data that we are holding by emailing us at post@g39.org.
Sharing your data
We do not sell or share personal details to third parties for the purposes of marketing. But, if we run an event in partnership with another named organisation your details may need to be shared. We will be very clear what will happen to your data if we share it and we shall not disclose your personal information unless obliged to, or allowed to do so by law.
We may share information about you with analytics providers for the purposes of improving our website
Some people wish to share feedback with us about their experience of one of our projects. If we have the explicit and informed consent of the individuals, or their parent or guardian if they are under 18, this information may be made public by us at events, in materials promoting our work, or in documents such as annual company reports or project evaluation reports.
How we keep your data safe and who has access
We ensure that there are appropriate technical controls in place to protect your personal details. The personal information that you provide will be held securely and will not be used for any other purpose than as provided for in this policy.
We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff.
We may need to disclose your details if required to the police, regulatory bodies, enforcement agencies or legal advisors. We will only ever share your data in other circumstances if we have your explicit and informed consent.
Some of our suppliers run their operations outside the European Economic Area (EEA). Specifically Mailchimp (US), Xero (NZ) Google (US), Eventbrite (US). Although they may not be subject to the same data protection laws as companies based in the UK, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law.
Your rights
Under data protection and privacy legislation you have various rights.
You have the right to request a copy of the information that we hold about you. In that case, please send a copy of your ID (eg passport or driving licence) to us at post@g39.org, with ‘subject access request’ in the subject line of the email.
We want to make sure that the information we hold about you is accurate and up to date. You have the right to ask us to correct, complete or remove information you think is inaccurate or incomplete. In that case please send a copy of your ID (if we haven’t got it already) to us at post@g39.org, with details of what amends you propose and evidence that these are accurate – and ‘personal data rectification’ in the subject line of the email.
You have the right to withdraw your consent to receiving marketing communications. If you want to unsubscribe from any G39 mailing list (provided by Mailchimp) you can do this by using the footer ‘unsubscribe link’ in any recent email. In the event that this is unsuccessful or you encounter issues, please email post@g39.org
In certain circumstances you may have the right to ask us to delete information we hold about you. In this case, please contact us at post@g39.org explaining what you want us to do – and why.
You may also request that we suspend or restrict our processing of your information, or you may object to its processing. In these cases, please contact us at post@g39.org explaining what you want us to do – and why.
You may have the right to request information about you in a portable format. This applies only to data you have provided us which we process in automated systems either with your consent or in order to fulfil our responsibilities under a contract with you.
We will do everything we reasonably can to ensure that you are satisfied with the way we have responded to you about your personal data and privacy. So, please do tell us if you are not so we can rectify any outstanding issue. If you are still not satisfied, you have the right to complain to the Information Commissioner’s Office (ICO) – see https://ico.org.uk/concerns/handling/.
Changes to this policy
Our privacy policy is kept under annual review and we will place any updates on our website. If we make any significant changes in the way we treat your personal information we will make this clear by contacting you by email.
