Data Privacy Summary
At StraightCurves Creative Ltd. (trading as StraightCurves) we take our customers privacy very seriously. It is important that you know exactly what we do with your personal information that you provide to us, why we gather it and what it means for you.
This is in line with our obligations under the General Data Protection Regulation (GDPR), which comes into force on the 25th May 2018. From this date, the GDPR, together with the relevant local and national laws will replace the existing Data Protection Act and place enhanced accountability and transparency obligations on organisations when using your information. The GDPR introduces changes which will provide you greater control over your personal information, including the right to object to processing your information that is carried out for our business purposes.
Who we are
StraightCurves is a small not for profit company limited by guarantee based in Chesterfield. We deliver a variety of arts and crafts based education led activities in the area surrounding Chesterfield either from our studios on Saltergate or at local events and venues. Your information is held by ourselves, and can be accessed by our current employees and sub-contractors. Your tutor will be the person running the session that you attend and they will each adhere to our Data Protection Policy.
The Information we collect about you
We will hold:
– data to identify you, including your contact details
– data about yourself, your children, or students, attending our services as required to satisfy our statutory obligations.
This will include:
– you and/or your child’s personal details including names and date of birth;
– your relationship to the child;
– the school, or organisation, they attend;
– any relevant medical needs and/or disabilities;
– allergies and/or medication requirements;
– relevant consents and permissions;
– emergency contact details including the persons name and contact;
– additional information provided by you as deemed necessary;
– Subscription and attendance details at any of the services you use;
– Payment details when purchasing our products or services.
Sometimes we may use your information even though you are not our customer. For example, your details may have been provided as an emergency contact for a child attending one of our services.
When we collect your information
We will collect your information:
– when you give it to us;
– when you use one of our products, services or request information through our website;
– when provided by a third party.
How we use your information
We will use, and share, your data where:
– you have agreed to and explicitly consented to the using of your data in a specific way (you may withdraw your consent at any time);
– use is necessary in relation to a service or a contract that you enter into (for example, to ensure the safety of your children at on of our activities), or when you have asked for something to be done so that you can enter into a contract with us (for example, you have asked for information in relation to you child’s next birthday party or a planned event);
– use is necessary because we have to comply with a legal obligation (for example, complying with our statutory obligation under the local child protection law);
– use is necessary to protect your children in our care;
– use for our legitimate interests (which you may object to) such as managing our business including, conducting marketing activities, developing and launching new services and/or products, strategic planning and staff training.
We will only send you marketing communications if you have agreed to and opted into receiving them. To ensure you will only receive relevant information this is split into two consents where you can opt in to none, either one or both.
- Contact regarding sessions related to those you have already purchased previously that we genuinely believe you would be interested in.
- Our electronic newsletter that will include information about all our products and services that generally gets issued 10 to 20 times a year.
If you choose ‘none’ don’t worry this will not affect our ability to contact your regarding your actual purchase in anyway under our contractual obligations. We will never share your information with companies outside of our own for inclusion in their marketing activities.
Who we share your information with
When providing our services to you, we may share your information with:
– your tutor (staff or subcontractor);
– our staff;
– third parties with whom:
We need to share your information with to facilitate any contract or service you have opted into;
– you have asked us to share your information;
– service providers who provide us support or business services;
– statutory and regulatory bodies including government and local law enforcement;
– third parties in connection with any sale or purchase of our products or services;
– healthcare professionals and medical consultants;
How long we hold your data
We will hold your personal information on our systems for as long as is necessary for the relevant activity and subject to legislation and regulatory rules. For example:
– we will keep payment records you have made for at least 6 years;
– we will keep subscription and booking records for at least 6 years;
– we will keep enquiry information only for as long as reasonably required for the purpose of dealing with your enquiry;
– we will keep the data about your children only when they are of a suitable age to attend any of our services or activities;
– we will keep your contact details indefinitely when you consent to us using them for our marketing activities but we will make regular checks to ensure you are happy with this;
– if you ask us to stop sending you marketing materials, we will keep a record of your contact details and appropriate information to enable us to comply with your request.
Keeping your data safe
At StraightCurves we take your privacy and protection of your personal data seriously. We will take all appropriate technical and organisational measures to ensure your personal data is held securely. We will:
– never knowingly and recklessly expose your data to a third party;
– ensure all of your data is SSL (Secure Sockets Layer) encrypted ‘in transit’, as required under the GDPR regulations. This is a technology that uses an encrypted connection between server and web browser ensuring all data submitted on our website is only visible to ourselves;
– store your data held in the website on secure servers at Node4 – a Tier 3, ISO-27001 accredited data centre which controls physical access. There is no access to the servers except through prescribed, controlled routes, and the centre is full locked down;
– store your data held electronically outside the website on local devices that are all password protected, and backed up as required;
– store your hardcopy data filed and locked away when not being directly used my a member of our team;
– store your data through third party storage services such as but not limited to Dropbox (https://www.dropbox.com/en_GB/security.) and Mail Chimp (https://mailchimp.com/legal/privacy/).
Under the GDPR regulations you have the rights to:
– be informed about the collection and use of your personal data;
– access your personal data, information and to verify the lawfulness of the processing;
– rectify any inaccurate data held on yourself;
– request your data is erased or removed from our system, known as ‘the right to be forgotten’;
– request restricted processing of your data, we will continue to store your data;
– object to your data being processed for direct marketing purpose, any legitimate interests and for scientific or historical purpose;
Any request under your rights must be completed and dealt with within one calendar month of your request.
How to contact us
If you wish to contact us to exercise any of your data rights, or have any questions regarding our Data Protection Policy, you can contact us at:
– by mail, StraightCurves, 104 Saltergate, Chesterfield, S40 1NE;
– or call, 01246 80 75 75 or 07976 845 662
StraightCurves uses Google Analytics to help us to understand how you use our website and work out how we can make things better. This information is gathered using “cookies”, which are text files placed on your computer, which follow your progress through our website collecting anonymous data on where you have come from, which pages you visit, and how long you spend on the site. This data is then stored by Google in order to create reports for the above purposes. These cookies do not store your personal data.
The information generated by the cookie about your use of the website, including your IP address, may be transmitted to and stored by Google on servers in the United States. Google may use this information for the purpose of evaluating your use of the website, compiling reports on website activity for us and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
We will never (and will not allow any third party to) use the statistical analytics tool to track or to collect any Personally Identifiable Information (PII) of visitors to our site. Google will not associate your IP address with any other data held by Google. Neither StraightCurves nor Google will link, or seek to link, an IP address with the identity of a computer user. We will not associate any data gathered from this site with any Personally Identifiable Information from any source, unless you explicitly submit that information via a fill-in form on our website.
You may choose to accept or decline cookies. Most web browsers automatically default to accept them, but you can usually modify your browser setting to decline cookies. If you reject cookies by changing your browser settings then be aware that this may disable some of the functionality on our website.
We will update our Data Protection Policy from time to time and the current version will always be accessible on our website or by contacting us directly. Any updates will be made available and, where appropriate, notified to you.