As an organisation, Creative and Cultural Skills (“we”, “our”, “us”, “the Charity”) is aware of its obligations under the UK General Data Protection Regulation (UK GDPR) and is committed to processing your data securely and transparently. There are legal and regulatory requirements for us to retain certain data, usually for a specified amount of time. We also retain data to help us operate and to have information available when we need it. However, we do not need to retain all data indefinitely, and retaining data can expose us to risk as well as be a cost to the Charity.
This privacy notice sets out how we collect and look after your Personal Data when you visit our website and tells you about your rights and how the law protects you.
You can also contact us to inform us of any changes to the Personal Data we hold about you. That will help make sure that our records are accurate and up to date.
Capitalised terms and phrases within this document are defined within our Data Protection Privacy Standard 2022.
The Charity is a Data Controller, meaning that we are responsible for deciding how we hold personal information about you.
It is important that you read and retain this notice so that you are aware of how and why we are using such information and what your rights are under the data protection legislation.
Our contact details are as follows:
New London Road
Tel:020 7015 1800
Data Protection Manager
The Charity’s Data Protection Manager is Karen Newman. They can be contacted on email@example.com.
Our use of our Personal Data
Personal Data includes any information that identifies you personally, such as your name, address or email address. It does not include data where your identity has been removed (anonymous data). We use the Personal Data we collect from visitors to the website in the following ways:
- to enable you to use any services on this website, and any other websites that we control.
- to allow us to respond to any comments on the website or feedback you may give us.
- to send you information and updates about our activities.
- to generally track the popularity of our content and marketing activities and to improve our website, our services, and our relationships with our supporters.
- to manage our relationship with you which may include letting you know about changes to this notice or asking you to take part in a survey.
- to administer and protect our organisation, our Personnel and this website, including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data.
If you have posted a submission to our Jobs and Opportunities listings, we will also make some of this information public. See the Jobs and Opportunities listings section on our website for more details.
We only use your Personal Data when the law allows us to. We will use your Personal Data in the following ways:
- Where we need to perform the contract we are about to enter into or have entered into with you;
- When it is necessary for our legitimate interests (and they do not override your interests);
- When we need to comply with a legal or regulatory obligation.
We will also ask for your consent to use your Personal Data to send you updates about our work, and the activities of others that are connected or associated or similar to our work. We operate an ‘opt-in’ policy, so that you will only receive information from us if you have asked to receive it. You can withdraw your consent at any time by contacting us, or unsubscribing from our mailing lists. If you opt out of receiving our updates, we may still use your Personal Data for our other legitimate interests.
We will only use your Personal Data for the purposes for which we collect it, unless we reasonably consider that we need to use it for another reason compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will let you know and explain the basis which allows us to do so. We may process your Personal Data without your knowledge or consent, in accordance with these rules, where required or permitted by law.
We will only disclose personal data to:
- Service providers and suppliers we engage to process data on our behalf;
- Professional advisors for example, lawyers based in the UK providing governance advice;
- Our regulators, for example HMRC, Companies House and the Charity Commission;
- Law enforcement agencies; and
- Third-parties whom we may choose to sell, transfer or merge parts of our business or our assets.
We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions. Some of our external third parties are based outside the UK so their processing of your Personal Data will involve a transfer of data outside the UK. We ensure a similar degree of protection is given to you by those suppliers.
Links to other web sites
We signpost information and resources that we think will be useful to our visitors. This website contains links to other websites owned and operated by third parties. Clicking on those links may allow other people to collect or share data about you. We do not control those other websites, and we are not responsible for their privacy statements. We suggest you read the privacy notice of every website you visit.
When you view our website, we may store information on your device in the form of a ‘cookie’ (this is essentially a small text file).
Cookies allow us to tailor the website to your interests and preferences. For example, a cookie might contain information about the web pages you have visited on the website, which could allow us to customise your next visit. Cookies do not allow us access to the rest of your computer and we do not use them to collect personal data about you.
Most internet browsers enable you to delete cookies or to receive a warning before a cookie is stored on your hard drive. Please refer to your browser instructions or help screen to learn more about how to do this. However, should you decide to disable any cookies we place on your computer you may not be able to use certain services or facilities on this website.
Google Analytics and IP Addresses
We have implemented Google Analytics features based on Display Advertising. We use the data provided to develop and improve the website, and to collect evidence about the impact of our work.
You can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using the Ads Settings. In addition, you can use the Google Analytics Opt-Out Browser Add-on to disable tracking by Google Analytics.
An IP address is a number designated for your computer by your Internet service provider to provide access to the Internet. An IP address can often be used to identify the country and city from which a computer is connecting to the Internet.
We can also view IP addresses via Disqus, which is the third-party module we use to allow comments on the website. This is used for moderation – we will ban IP addresses if commenters are rude or disrespectful. See the Comments on the website section for more information.
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your Personal Data to those employees and other third parties who have a need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected Personal Data breach and will notify you and the ICO (and the Charity Commission if relevant) of a breach where we are required to do so.
How long do we keep your data?
We will only keep your Personal Data for as long as necessary to fulfil the purposes we collected it for, taking into account the amount, nature and sensitivity of the data. In some situations, you can ask for access to your Personal Data, correct your data, delete your data, or object to our use of your data. If you wish to exercise any of those rights, please contact us.
You will not have to pay a fee to access your Personal Data. We may refuse to comply with an access request if it is clearly unfounded, repetitive, or excessive. We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We will try to respond to all legitimate requests within one month. Sometimes it may take us longer if your request is complex or you have made several requests. In this case, we will notify you and keep you updated.
Retention periods can vary depending on why we need your data and are set out in our Record Retention Policy 2022, available on request.
Making a complaint
The supervisory authority in the UK for data protection matters is the Information Commissioner (ICO). If you think your data protection rights have been breached in any way by us, you are able to make a complaint to the ICO. If you have a concern or complaint, you are strongly encouraged to contact out Data Protection Manager in the first instance.
Changes to this policy
We reserve the right to update this privacy notice at any time without notice to you so please check back regularly to obtain the latest copy.
We may also notify you in other ways from time to time about the Processing of your personal information.
Your Legal Rights
You have the right to:
Request access to your Personal Data (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios:
- If you want us to establish the data’s accuracy.
- Where our use of the data is unlawful but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer oof your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
by us, you are able to make a complaint to the ICO. If you have a concern or complaint, you are strongly encouraged to contact out Data Protection Manager in the first instance.