This notice explains what personal data (information) we hold about you, how we collect it, and how we use and may share information about you. We are required to notify you of this information under the EU GDPR regulations, UK GDPR regulations and other data protection legislation. Please ensure that you read this notice (sometimes referred to as a ‘privacy notice’) and any other similar notice we may provide to you from time to time when we collect or process personal information about you.
WHO COLLECTS THE INFORMATION
Sculpt, trading as THE IARS INTERNATIONAL INSTITUTE (THE CHARITY) IS A ‘DATA CONTROLLER’ AND GATHERS AND USES CERTAIN INFORMATION ABOUT YOU.
DATA PROTECTION PRINCIPLES
We will comply with the data protection principles when gathering and using personal information, as set out in our Electronic Information, Data Management and Communications Policy.
ABOUT THE INFORMATION WE COLLECT AND HOLD
We may collect the following information about you, depending on your involvement with the charity the information we keep may differ slightly:
• Your name and contact details (i.e. address, home and mobile phone numbers, email
• If you join as a corporate member, we will keep a link to your company;
• Data about what we have sent you and when;
• Data you voluntarily provide when you contact us;
• Details of how we have cooperated, for example whether you have been to one of our conferences;
• We might retain your image, in photographic and video form;
• Details of your social media, such as LinkedIn;
• Your password if you chose to access our online training;
• Your preferred payment methods and membership renewal dates; and
• Details of any of our projects that you have asked to be kept informed about.
Certain of the categories above may not apply to you if you are not a member of Sculpt, but are on our mailing list.
We collect information from our research surveys. You can choose to sign up to and respond to surveys and polls and these help us to understand our members’ opinions, views and attitudes. If you sign up to a research survey which we run and complete our surveys or polls, we will collect information about you including your name, contact details and survey responses (Survey Data).
We also collect anonymised publicly available information from social networking sites such as Website Tracking data, Facebook and Twitter, for example likes, shares, tweets and posts about Sculpt. This information is provided to us by a third party and is usually anonymised so we cannot see who has posted the information. This information is used to demonstrate the dissemination of our work.
How we collect the information
If you are a member of Sculpt, we may collect this information from you at the time you join our membership scheme and will update it on an ongoing basis. If your information needs updating just let us know at any time and we will do that for you.
If you are a visitor to our website, we may collect information from you when you visit the website, through our online forms and through third party tracking data. If your information needs updating again you can let us know at any time and we will do that too.
Should you undertake one of our research surveys, we will collect data from you at the time you fill in the survey or during an interview or focus group. We normally anonymise this data or psudonomyse the data to protect your identity. Where we cannot do that we password protect files which contain your information.
Why we collect the information and how we use it
We will typically collect and use this information for the following purposes:
• the performance of our contract with you, for example as our member. This allows us to keep our members up to date with our newsletters and exclusive offers, as well as ensuring members have advance notice of events that may interest them;
• with your consent to send you updates about our projects and programmes, including research papers and consultations;
• with your consent to undertake research surveys and get your opinions and views as part of our research projects or for the purposes of analysing insights and information to enable us to improve our services; and
• for the purposes of our legitimate interests or those of a third party, but only if these are not overridden by your interests, rights or freedoms.
We seek to ensure that our information collection and processing is always proportionate.
We will notify you of any material changes to information we collect or to the purposes for which we collect and process it.
On occasions we archive publicly available data, such as twitter or Facebook threads to demonstrate the efficacy of our dissemination activities. Occasionally this may include copies of Voluntary Data that you have provided on public areas of the platform. We will only ever capture personal data that has already been made publicly available in this way and for these purposes. Where possible, when the sites are archived we anonymise or remove personal data. We periodically review the data that we keep in our archive and we will delete or anonymise your data held in the archive where we consider it is no longer of value or interest.
We will use your email address to send you email information (including our newsletter, information about new projects, conferences and competitions) where you have signed up to receive this from us. You can opt out of receiving members emails at any time by either following the instructions to unsubscribe in any of our email marketing communications or by contacting us at firstname.lastname@example.org. It may take up to 48 hours for your change in
preference to take effect and the change will not affect any emails which have already been scheduled to be sent in the future. If you opt out of members emails, we will still need to send you service communications by email from time to time, such as information about changes to our services.
How we may share the information
We may also need to share some of the above categories of personal information with other parties, such as external funders and our professional advisers and with potential purchasers of some or all of our business. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations. We may also be required to share some personal information as required to comply with the law.
Where information may be held
Information may be held at our offices and third party agencies, service providers, representatives and agents as described above. Information may be transferred internationally to partners within the European Union and other countries around the world, including countries that do not have data protection laws equivalent to those in the UK, for the reasons described above. We have security measures in place to seek to ensure that there is appropriate security for information we hold including those measures detailed in our Electronic Information, Data Management and Communications Policy.
How long we keep your information
If you are a member, then we will keep your information during and after your membership for no longer than is necessary for the purposes for which the personal information is processed. If you participate in one of our surveys, we will keep this information for no longer than it is necessary for the purposes for which the personal information is processed or for as long as is required by our funders for project auditing purposes.
Information about visitors to our websites, where that information can be used to identify you as an individual person, will be kept for as long as necessary for the purposes for which that information is being processed.
Further details on this are available in our Electronic Information, Data Management and Communications Policy.
Your rights to correct and access your information and to ask for it to be erased.
Please contact our Data Protection Officer (DPO) by e-mail at email@example.com if (in accordance with applicable law) you would like to correct or request access to information that we hold relating to you or if you have any questions about this notice. You also have the right to ask our Data Protection Officer for some but not all of the information we hold and process to be erased (the ‘right to be forgotten’) in certain circumstances. Our Data Protection Officer will provide you with further information about the right to be forgotten if you ask for it.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
HOW TO COMPLAIN
We hope that our Data Protection Officer can resolve any query or concern you raise about our use of your information. If not, contact the Information Commissioner at ico.org.uk/concerns/ or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.