East London Dance is committed to protecting your privacy. We will use the information that we collect about you in accordance with the General Data Protection Regulation (GDPR), the Privacy and Electronic Communications Regulations (PECR) and will incorporate all upcoming updates to the Data Protection Act (DPA).
East London Dance is a National Portfolio Organisation and registered charity, find out more about us here.
Our responsibility to you and your data
We abide by the 7 data protection policies of GDPR when handling your data which means that:
- We process your data in a fair, transparent and lawful way.
- We only use your data for the purposes that we have stated we will use it for.
- We will only ask you for the data we absolutely need.
- We will take all reasonable steps to keep the data we hold on you accurate.
- We will only keep the data for as long as we need it to fulfill any activity or legal requirements (though please note that anonymised data may be kept longer for analysis purposes).
- We will take every step necessary to keep your data safe whether it is stored online or in hard copy format.
- We are accountable to you as the data owner and to the Information Commissioner’s Office (ICO). See more information about this at the bottom of the policy.
What data we collect, why we collect it and how we use it
1. Information we collect based on your consent
Where your data can only be processed if you opt in.
For applicants, participants, artists, bookers and supporters we collect the following basic contact details to give you relevant information during the course of the activity you are engaged with us in: name, address, email and phone number. For employees this information may be collected on a contractual basis.
Demographic and reporting data
Funding report requirements mean we will ask applicants, participants, artists and board members for the following demographic information: postcode, borough, date of birth, gender, disability status as defined by the defined by the Equality Act 2010, ethnicity and nationality. Such information will be anonymised before use in reporting. For employees and interns some of this information may be collected on a contractual basis.
Audiences may be asked for the same demographic information in a post activity survey and, alongside artists, participants, supporters, partners and stakeholders, for feedback about the activity or interaction. Such information may be used for internal learnings or external reporting or publicity and will be anonymised unless express consent to be named is agreed by the person giving feedback.
For our own internal monitoring, evaluation and reporting purposes we also ask participants, artists and audiences about previous arts attendance, previous interactions with us, employment status and how they heard about our activity, all of which will be anonymised before use in reporting.
Activity related data
Taking part in any of our activity as an applicant, employee, artist, participant, supporter, audience member, intern, partner or data processor may mean that your image or likeness is used for reporting, fundraising or promotional purposes. We will ask these same groups for information about access needs to make sure the activity is accessible to all. Safeguarding and potential medical emergencies mean that we require artists and participants to provide emergency contact details (on the basis of legitimate interests – see below) and we may need to collect information on medical conditions and dietary requirements. Some demographic data such as postcode or date of birth may also be relevant and required to take part in certain activity. Applicants will be asked for employment history, including current role and organisation where applicable, qualifications, referee details and a personal statement.
Marketing related data
For anyone interested in being on our emailing list to receive news, marketing and fundraising information from us we will ask for their name and email address. We occasionally ask artists and participants for information about their own social media handles and websites in order to help promote them and their work.
There may be situations in which a partner, funder or specific project requirement means that we have to collect other data in which case we will make this clear at the point at which we ask for consent.
We may also collect other background personal information that you provide to us (for example when you tell us your story, provide a reason for making a donation or correspond with us).
2. Information we collect based on a contractual obligation
Where we need to process your personal data to fulfil our contractual obligations to you.
Employees may be required to provide any of the following data in order to be legally able to work for us: Bank payment details, NI Number, Criminal Offence information, Unique Tax Reference, Student Loan payment details and personal statements.
We will need to process card payment details usually via a third party payment processor from people who wish to donate to us and from bookers, in situations where we run our own ticket office.
3. Information we collect based on legitimate interests
Where you would reasonably expect us to use your data, where it would have a minimal privacy impact, or where there is a compelling justification for the processing.
We may process contact information of press and media contacts as well as of stakeholders, potential stakeholders and project partners to invite to events or share press releases, such as: name, email address, phone number, organisation and organisational role. Other information may be gathered from the public domain. We will always give you the option not to hear from us again when we first contact you and on subsequent occasions.
When filming activity audience members will be notified of filming via signage where it would not be necessary, appropriate or practicable to obtain specific consent (for example, we may seek specific consent for prominent or impactful uses, but typically not for group shots, background inclusion or internal use).
There may be activity where a booker or artist or participant may need to provide us with certain details of their group of fellow audience members, artists or participants. This will most likely be contact or activity related data as listed above and this would only be in a situation where getting that information directly would not be practical or possible.
How we collect data
We collect information both digitally and in hard copy format through a variety of means such as:
- Via our website when you complete one of our online digital forms.
- Via, for example, Google Forms or a paper form when you complete a survey.
- Via paper or digitally emailed forms when you register as an artist or participant or apply for a job.
- Via CAF’s website or a paper form when you make a donation.
- Via a digital signup form hosted by our email service provider when you sign up to our emailing list directly or when you update your preferences.
- Via cookies when you visit our website.
- Via paperwork when you are employed by us.
- Via cameras and release forms when you are being filmed or photographed as part of our activity.
- Via email, digital means, phone, post or in person when you contact us to share your story or any other information with us.
- Via, for example, Eventbrite when you book tickets (if tickets are only available via a venue partners we may only receive anonymised data from them, though we may receive your email address if you consent to join our email list at the point of booking).
- Via project partners when the relevant data sharing agreements are in place and you have consented that we receive the information.
- Via details found in the public domain if we do not require consent as a lawful basis.
Who we share data with
- We will never sell your data on to a third party.
- If we have an obligation to share any of your data with project partners we will make this explicit at the point at which you consent for us to process your data.
- Anonymised data collected from audiences, participants, artists, paid and unpaid staff and board members will be shared with Arts Council England and may be shared with other funding bodies or used for evaluation and statistical reporting.
- We may process your data using data processing services acting in an accordance with our instructions, and subject to confidentiality obligations.
- We may give you the option to opt-in to receive marketing material from a project partner.
- Your image or likeness and anonymised feedback may be shared publicly in our publicity materials.
- We may share data in order to comply with any legal obligation to do so. This includes our legal advisors, the police and other crime protection and detection agencies or regulatory bodies as well as in safeguarding or medical emergencies.
- Data may be shared for the purposes of regulatory or inspection compliance, for example to the Charity Commission.
How we keep data safe and secure
We always seek to hold your data securely. Whether capturing, storing, analysing, updating, sharing, transferring or deleting your data or using it to contact you, we have stringent security measures in place.
All our online data collection tools such as our Website for registering interest in projects, Google Forms for surveys, Eventbrite for ticket sales, Constant Contact for email list sign-up, CAF for donations or emails for receiving other forms of data, are password protected with access limited to East London Dance staff who need it to do their job.
We have data transfer and security agreements in place with all our data processing services and project partners.
Your personal data is held on East London Dance’s secure online, cloud based customer relationship management (CRM) system, TrackVia. It holds contact and demographic details and a record of your interactions with East London Dance such as project participation, donations, memberships, and employment. Where possible we aim to keep a single record for each customer. Any data temporarily held on our secure server is password protected.
All paper records are securely stored in rooms that require unique key cards to access.
How long we keep your data for
Data held under the basis of consent or contract will be held for the duration of the activity in which you are engaging with us or until such time as we have a legal or reporting obligation to keep it, or, where specified, for the period of time mentioned at the point of consent.
Data held under the basis of legitimate interests will be held for as long as that is a legal basis to hold it or until you request for us to delete it.
As stated below, you have the right to require us to erase personal data at any point.
Your data rights and how to action them
Under GDPR you have the right:
- to be informed about the collection and use of your personal data.
- to access your personal data.
- to have inaccurate personal data rectified, or completed if it is incomplete.
- to have personal data erased.
- to request the restriction or suppression of your personal data.
- to data portability allowing you to obtain and reuse your personal data for their own purposes across different services.
- to object to the processing of your personal data in certain circumstances such as direct marketing.
- related to automated decision making including profiling.
Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.
If you have any questions about your data, want to make a request to see what data we hold on you or have it deleted please contact email@example.com or write to us at East London Dance, 3 Sugar House Lane, London, E15 2QS
For more information about your rights or to report us to the ICO visit: ico.org.uk