Version 1.6 – last updated 23.07.2020.
The Creative and Cultural Skills website is owned and operated by Creative and Cultural Skills, a charitable company under company number 05122855. Creative and Cultural Skills is the Data Controller and is responsible for your personal data. We have appointed a Data Privacy Manager who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the Data Privacy Manager using the details set out below in section 10.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (ico.org.uk). We would appreciate the opportunity to deal with your concerns before you complain to the ICO, and you can contact our Data Protection Manager using the contact details below in section 10.
You can also contact us to inform us of any changes to the personal data we hold about you. That will help make sure that our records are accurate and up to date.
1. Our use of your Personal Data
Personal data includes any information that identifies you personally, such as your name, address or email address. It does not include data where your identity has been removed (anonymous data). We use the personal data we collect from visitors to the website in the following ways:
- to enable you to use any services on this website, and any other websites that we control
- to allow us to respond to any comments on the website or feedback you may give us
- to send you information and updates about our activities
- to generally track the popularity of our content and marketing activities and to improve our website, our services, and our relationships with our supporters
- to manage our relationship with you which may include letting you know about changes to this notice or asking you to take part in a survey
- to administer and protect our organisation, our staff and this website, including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data
We only use your personal data when the law allows us to. We will use your personal data in the following ways:
- When we provide services;
- When it is necessary for our legitimate interests (and they do not override your interests);
- When we need to comply with a legal or regulatory obligation.
We will also ask for your consent to use your personal data to send you updates about our work, and the activities of others that are connected or associated or similar to our work. We operate an ‘opt-in’ policy, so that you will only receive information from us if you have asked to receive it. You can withdraw your consent at any time by contacting us, or unsubscribing from our mailing lists. If you opt out of receiving our updates, we may still use your personal data for our other legitimate interests.
We will only use your personal data for the purposes for which we collect it, unless we reasonably consider that we need to use it for another reason compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will let you know and explain the basis which allows us to do so. We may process your personal data without your knowledge or consent, in accordance with these rules, where required or permitted by law.
We will only disclose personal data to:
- suppliers we engage to process data on our behalf
- law enforcement agencies, and
- any charity we merge with
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. Some of our external third parties are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA. We ensure a similar degree of protection is given to you by those suppliers.
3. Links to other web sites
We signpost information and resources that we think will be useful to our visitors. This website contains links to other websites owned and operated by third parties. Clicking on those links may allow other people to collect or share data about you. We do not control those other websites, and we are not responsible for their privacy statements. We suggest you read the privacy notice of every website you visit.
When you view our website, we may store information on your device in the form of a ‘cookie’ (this is essentially a small text file).
Cookies allow us to tailor the website to your interests and preferences. For example, a cookie might contain information about the web pages you have visited on the website, which could allow us to customise your next visit. Cookies do not allow us access to the rest of your computer and we do not use them to collect personal data about you.
Most internet browsers enable you to delete cookies or to receive a warning before a cookie is stored on your hard drive. Please refer to your browser instructions or help screen to learn more about how to do this. However, should you decide to disable any cookies we place on your computer you may not be able to use certain services or facilities on this website.
5. Google Analytics and IP Addresses
We have implemented Google Analytics features based on Display Advertising. We use the data provided to develop and improve the website, and to collect evidence about the impact of our work.
You can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using the Ads Settings. In addition, you can use the Google Analytics Opt-Out Browser Add-on to disable tracking by Google Analytics.
An IP address is a number designated for your computer by your Internet service provider to provide access to the Internet. An IP address can often be used to identify the country and city from which a computer is connecting to the Internet.
We can also view IP addresses via Disqus, which is the third-party module we use to allow comments on the website. This is used for moderation – we will ban IP addresses if commenters are rude or disrespectful. See the Comments on the website section for more information.
6. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal data to those employees and other third parties who have a need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and the ICO (and the Charity Commission if relevant) of a breach where we are required to do so.
7. Data retention and your right to see your Personal Data
We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, taking into account the amount, nature and sensitivity of the data. In some situations, you can ask for access to your personal data, correct your data, delete your data, or object to our use of your data. If you wish to exercise any of those rights, please contact us.
You will not have to pay a fee to access your personal data. We may refuse to comply with an access request if it is clearly unfounded, repetitive, or excessive. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We will try to respond to all legitimate requests within one month. Sometimes it may take us longer if your request is complex or you have made several requests. In this case, we will notify you and keep you updated.
8. Contact Details
The organisation’s Data Privacy Manager is the Director of Communications. They can be contacted at firstname.lastname@example.org
The organisation’s Data Protection Manager is the Finance Director. They can be contacted at email@example.com