Last updated: March 2022
We are Quarantine, an arts organisation based in Manchester, UK. We make and present work locally, nationally and internationally. Our registered address is:
PO Box 573
You can contact us via email@example.com
We are a limited company (number: 03662113) and a registered charity (number: 1100469).
Quarantine is committed to handling and storing personal information in compliance with the terms of the General Data Protection Regulation (GDPR).
We collect and use a variety of different types of data, some of which is personally identifiable (e.g. name, email address, phone number, etc.) and some of which is not (e.g. statistical and anonymous demographic data). All personal data is held in accordance with GDPR law.
Information is collected under the following circumstances:
– Attending an event in person or online
– Making payments, including for tickets, merchandise, services and donations (card payments are always processed through a third party – corporate bank account details are retained only for the purposes of processing direct debits)
– Providing feedback on our activities
– Working or volunteering with us or applying for an opportunity (see section below)
– Corresponding with a member of our staff
– Engaging with our website, emails and social media accounts
– Contacting us via our Contact form
On occasion, we also make use of publicly available data (for example through social media, organisational websites, Companies House and the Charities Commission) in order to find and reach people who can help us deliver our activities, including potential partners, collaborators, supporters, academics, members of the press and community workers and advocates. This research may include contact details, demographical information, and personal and professional interests.
We use all the data we collect and hold in order to deliver our programme of activities, to fulfil the reporting requirements of our funders and to meet our legal obligations. We may use your personal data to contact you with details of our events, products and services, including messages that constitute direct marketing, when we are fulfilling a contract (e.g. you have booked a ticket with us); we have a legitimate interest in doing so; and/or you have given your consent for us to do so.
When you sign up to our email mailing-list we ask you to enter personal data in the form of your name, email address and, optionally, your postcode. Your email address is collected so we can send you updates about our work, and your postcode is used to identify the general location of our audiences/users. This information will never be shared in a personally identifiable way. We ask for your consent when joining our mailing list and this forms the lawful basis for us for us holding the data.
If you no longer wish to receive newsletters from us, you can opt out at any time. Every email we send has an unsubscribe link at the bottom, which will automatically take you off our mailing list. Additionally, you can send us an request via email to firstname.lastname@example.org, and we will remove you from our mailing list within one month.
WEBSITE & GOOGLE ANALYTICS
We sometimes take photographs or film in order to document our work and activities, or to create images that can be used in marketing. These images may be used on our website, social media channels, shared with press or with our funders. Any events being photographed will be clearly signposted to make you aware. You may request not to be photographed. If we are taking photographs or filming you specifically then we will talk you through the possible uses and ask you to sign an image release form. We will seek parental consent to take photographs of children and young people under the age of 18.
JOB APPLICANTS, EMPLOYEES AND COLLABORATORS
If you apply to work with us, we will collect and hold personal information about you, potentially including data relating to your protected characteristics (gender, age, sexuality, ethnicity, etc.) as required by employment and data protection law and in line with our equality and diversity policy.
We share monitoring data relating to our employees with our funders in anonymous, aggregate form but individual responses are never made public. If we want to disclose personally identifiable information to a third party, for example to take a reference up or obtain “disclosure” from the Disclosure and Barring Service, we will always ask you beforehand, unless the disclosure is required by law.
We hold financial information for current employees/suppliers to make payments, with their consent. This information is held in our online accountancy software and online banking software, both of which are password protected and are only accessed by relevant authorised personnel. We won’t hold your personal information for any longer than is necessary for the purposes of your application or your employment with us unless you give us permission to do so.
STORAGE & SECURITY OF DATA
Quarantine is registered with the Information Commissioner’s Office (ICO) in the UK, and the data we collect and store is used in accordance with the General Data Protection Regulation (GDPR).
Your information is stored on secure, password-protected databases and networks, including on our Customer Relationship Management (CRM) system, provided by GoodCRM. All information is secured and encrypted and access is given only to staff with the appropriate authorisation. Data is held on servers in the United Kingdom and the European Union. When paper data records are made, these are kept in a secure place (locked drawer or cabinet) where only authorised people can access them. They are stored and destroyed in accordance with this policy.
Only where you explicitly consent for us to do so we will share your information with third parties which will usually be our funders or specific partners. We will occasionally share personal data with partner organisations when it is required for the delivery of our activities, e.g. sharing a list of performers with a presenting venue. Quarantine does not rent or sell information about our contacts with any other business, organisation or individual. The only exception to this is where we are legally obliged to do so to comply with a current judicial proceeding, a court order or legal process served on our website or company.
We will hold your data for as long as necessary to fulfil the purpose for which it was processed.
This policy is reviewed every two years and updated as necessary. Please check back occasionally to make sure you’re happy with any changes.
By using our website you’re agreeing to be bound by this policy.
If you have any questions about this policy or our privacy practices you can email us at email@example.com, or write to us at:
PO Box 573
WHAT ARE MY RIGHTS?
Under the General Data Protection Regulation (GDPR) anyone whose personal data is stored by Quarantine has a set of rights relating to it. Those rights are as follows and the descriptions include links to the ICO website for more information:
Your right of access
You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process. You can read more about this right here.
Your right to rectification
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. You can read more about this right here.
Your right to erasure
You have the right to ask us to erase your personal information in certain circumstances. You can read more about this right here.
Your right to restriction of processing
You have the right to ask us to restrict the processing of your information in certain circumstances. You can read more about this right here.
Your right to object to processing
You have the right to object to processing if we are able to process your information because the process forms part of our public tasks, or is in our legitimate interests. You can read more about this right here.
Your right to data portability
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent, or for the performance of a contract, and the processing is automated. You can read more about this right here.
If we are processing your information for criminal law enforcement purposes, your rights are slightly different. Please see the relevant section of the notice.
You are not required to pay any charge for exercising your rights. We have one month to respond to you. Please contact us firstname.lastname@example.org
CAN I COMPLAIN ABOUT HOW YOU ARE USING MY PERSONAL DATA?
If you think we are handling your data incorrectly you should approach us in the first instance and we will do everything possible to rectify the situation. If you are not happy with our response you have a right to contact the supervisory authority, in this case the Information Commissioner’s Office. You can lodge a complaint through their website here and in turn, they will deal with it.