Who we are and our commitment to your privacy

Applause is an arts charity, based in Kent and operating throughout the South East of England. We are a registered charity in England and Wales and our registered charity number is 1165632. We are committed to keeping the personal details of our artists, supporters, donors and volunteers safe. This policy explains how and why we use your personal data, to ensure that you remain informed and in control of your information.

We use two definitions to describe people mentioned in this policy. These are definitions used by the Information Commissioner’s Office (ICO), the UK’s independent body set up to uphold information rights (www.ico.org.uk)

Definitions: Data Controller: this is us, Applause, and with your permission, we decide how and why your personal data is used. We will never sell your personal data.
Data Subject: this is you and as the data subject, we respect your right to control your data.

Should you wish to find out more about the information we hold about you, or about our privacy policy, please contact us:

Director, Dawn Badland

Address: Applause Rural Touring, Southborough Civic Centre, 137 London Road, Southborough, KENT TN4 0NA Telephone: 01892 457635 Email: dawn@applause.org.uk

Scope of personal information to be processed / Uses and conditions for processing

Applause collects information on those who engage with the organisation including members of staff, artists, promoters, donors, ticket buyers and other people who are relevant to our work and involved in our activities. We collect data relevant to the activity and do not use personal data outside of these purposes.

Where the data is collected from and stored

Data is collected by request in applications, contracts, surveys and feedback forms, web analytic services such as Mailchimp and ticket booking /CRM systems like Eventotron, Eventbrite and Donation platforms like CAF. Data is stored in multiple locations. These are –

Microsoft 365 – Sharepoint
Mailchimp mailing list
Locked filing cabinets
Google forms
Computer servers
Eventotron
Eventbrite
Social media- You Tube, Facebook, Instagram, Twitter, Soundcloud
CAF

Personal data we process and store

This is the kind of personal data we may store about an individual, such as employees, ticket buyers, applicants and artists we work with:

Name, address, email and phone contact details
Communication contact preferences
Ethnicity
Age
Details of any disability
Socio-economic background
Gender (for example, for HMRC)
National Insurance Number
Tax Code
Employment references
Employment history
Employment contract
Personal ID (Passport)
Pay rate
Absence details – annual leave, sickness, maternity/paternity leave, compassionate leave, lateness
Details of accidents and incidents at work
Education and qualifications
Training
Disciplinary action
Termination of employment

Applause collects the following personal data to enable the organisation to monitor its Equality Action Plan under the terms of agreement with Arts Council England.

Ethnicity
Sexual Orientation
Gender identity
Age
Disability or impairment status
Applause does not collect the following personal data –
Religion
Politic
Trade Union membership

Applause may collect ‘health’ data for specific circumstances such as, to support its Access Policy, for dietary requirements, for particular projects relating to health outcomes.

Why do we collect your personal data?

We collect, process and use your personal data to keep in touch with you. We will only ever collect, keep and use your personal data when we have a purpose and reason to do so. This is understood as ‘lawful basis’ as identified by the ICO.

We collect your personal data:

So that you can volunteer with us. If you are an Applause volunteer/volunteer promoter, we collect your personal data so that we can keep in touch with you about:

Information about Applause’s work and new performance opportunities for you to programme within your venues.

By sending you our e-newsletter so that you are aware of the positive impact you have on our work.

Dedicated volunteer/volunteer promoter ‘thank-you’ or training/professional events. (As defined by The ICO, the lawful basis for processing your data for these purposes is ‘contractual’, where administering your volunteer record and ‘legitimate interest’ when sending you information about our work).

To ask for your opinion and send you information about our work. We also collect your personal data so that we can send you information about our work that we think will be of interest to you. This includes information about events, performances, fundraising appeals, products, feedback and other activities. We may also use your personal data to ask for your opinion about our work. (This is defined as ‘direct marketing’ by The ICO).

Getting to know you better Your personal data also helps us to get to know you better and to develop a profile of you on our secure database, enabling us to send you information in a relevant way, that suits you. For example, keeping track of the donations you make to Applause helps us to send you information about our fundraising activity that we feel you would like to hear about. Similarly, keeping a record of the performances or various family activities that you have attended, helps us to send you relevant project, performance and event updates.

Cookies

The Applause website uses cookies, as almost all websites do, to help provide you with the best experience we can. Cookies are small text files that are placed on your computer or mobile phone when you browse websites.

Our cookies help us:

Make our website work as you’d expect
Remember your settings during and between visits
Improve the speed/security of the site
Continuously improve our website for you
Make our marketing more efficient (ultimately helping us to offer the service we do at the price we do)
We do not use cookies to:
Collect any personally identifiable information (without your express permission)
Pass data to advertising networks
Pass personally identifiable data to third parties
Pay sales commissions
Granting us permission to use cookies

If the settings on your software that you are using to view this website (your browser) are adjusted to accept cookies we take this, and your continued use of our website, to mean that you are fine with this.

Should you wish to remove or not use cookies from our site you can learn how to do this below, however doing so will likely mean that our site will not work as you would expect.

Our own cookies

We use cookies to make our website work including:

Remembering your search settings
Remembering if we have already asked you certain questions (e.g. you declined to use our app or take our survey)

There is no way to prevent these cookies being set other than to not use our site.

Third party functions

Our site, like most websites, includes functionality provided by third parties. A common example is an embedded YouTube video. Our site includes the following which use cookies:

Disabling these cookies will likely break the functions offered by these third parties

Anonymous Visitor Statistics Cookies

We use cookies to compile visitor statistics such as how many people have visited our website, what type of technology they are using (e.g. Mac or Windows which helps to identify when our site isn’t working as it should for particular technologies), how long they spend on the site, what page they look at etc. This helps us to continuously improve our website.

These so-called “analytics” programs also tell us if, on an anonymous basis, how people reached this site (e.g. from a search engine) and whether they have been here before helping us to put more money into developing our services for you instead of marketing spend.

We use: Google Analytics – please see their safeguarding your data page.

Turning Cookies Off

You can usually switch cookies off by adjusting your browser settings to stop it from accepting cookies (Learn how here). Doing so, however, will likely limit the functionality of our’s and a large proportion of the world’s websites as cookies are a standard part of most modern websites.

It may be that your concerns around cookies relate to so-called “spyware”. Rather than switching off cookies in your browser you may find that anti-spyware software achieves the same objective by automatically deleting cookies considered to be invasive. Learn more about managing cookies with antispyware software.

How we collect, process, protect and dispose of data

We collect data via email, CVs, application forms for recruitment or applications to open to call out’s, commissions, awards, grants and other opportunities for artists.
We collect data for online marketing, if you have opted in, through email newsletter subscription via Mailchimp from on our website, our online ticket booking system (Eventotron and event booking systems like Eventbrite and CAF donate site. A link to our privacy statement will be visible at data collection point (for example when you opt in to receive a newsletter or buy a ticket for one of our events) and include opt-ins for receiving future communications from Applause and/or a third party (artist, company).
We collect data for artists and organisations we work with. We also store personal data on artists support and projects on the following password-protected third party platforms: Mailchimp, Eventotron.
We collect data on social media. Depending on your settings or the privacy policies for social media and messaging services like Facebook, Instagram, YouTube, Soundcloud or Twitter, you may give us permission to access information from those accounts or services.
We collect data for fundraising when donating via CAF, Eventbrite or face-to-face or by personal request.
We collect data for events bookers via Eventotron.
We collect data for our education work. The data of individuals under 18 years old will only be kept after signed consent from parent, legal carer or guardian.
When working in criminal justice settings such as prisons or youth offending institutes, we are strictly forbidden to collect any personal data as this would be a security and confidentiality breach.
We collect employees’ data via email, post, paper employment forms such as contracts, passport, emergency contact form and payroll information.
We may encrypt sensitive data (documents and mobile devices) to ensure it is safely stored or shared.

Legitimate Interest and Opt In Consent

As defined by The ICO, Applause use two different lawful bases for processing your personal data for direct marketing purposes:

Legitimate Interest Not overriding your rights or interests – This is where we have identified a genuine and legitimate reason for contacting you. We use legitimate interest to send you the information listed in the above points by post, email or telephone (if you are not registered with the Telephone Preference Service, and you have given us your telephone number).

Opt-in Consent – This is where you have given us permission to contact you through particular communication channels. We use opt-in consent to send you the information listed above by email, post, text message (SMS) or telephone (if you are registered with the Telephone Preference Service).

You have every right to update the way we get in touch with you about our work at any time.

Analysis and grouping

We gather research information via general surveys and funded research projects. Via this we analyse Rural Touring members, audiences, suppliers and performers to determine common characteristics and preferences. We do this by assessing various types of information including statistical data or demographic information (e.g. age or location).

By grouping people together based on common characteristics, we can better advocate and educate on the rural Touring sector.

Anonymised data

We may aggregate and anonymise personal data so that it can no longer be linked to any person. This information can be used for a variety of purposes, such as recruiting new audiences and performers, or to identify demographics and diversity in the sector

Subject access requests

Subject access request refers to the right that individuals have to see a copy of the information an organisation holds about them. You can read more about Subject Access on the Information Commissioner’s Office’s (ICO) website.

If you want to know the information that Applause holds about you, you can find out more about how to do that on the ICO website.

Please submit to office@applaiuse.org.uk with the email subject line “Subject Access Request”.

In line with GDPR:

Applause will respond within 40 days of the date on which the request is received.

We can refuse or charge for requests that are manifestly unfounded or excessive.

If we refuse a request, we will explain to the individual why, without undue delay and at the latest, within one month, and that they have the right to complain to the supervisory authority and to a judicial remedy.

We will need to verify your identity before the request will be considered and acted upon. We require level 2 identity proofing for any subject access requests – such as a passport and driving license as well as a utility bill.

For more information on right of access, please refer to the ICO.

The right to be forgotten

Applause recognises the right to be forgotten and a data subject’s right to access and control the data relating to the. Data subjects can:

Access and obtain a copy of their data on request
Change incorrect or incomplete data
Request us to delete or stop processing their data
Ongoing documentation of measures to ensure compliance
Applause is committed to ongoing improvements to ensure it is GDPR compliant.

Personal data breaches

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. A breach could be accidental and deliberate.

We have data breach detection, investigation and internal reporting procedures in place to ensure any breaches of personal data are dealt with and resolved as quickly as possible.

Applause will report to the ICO about certain types of personal data breaches within 72 hours of becoming aware of the breach, where feasible. A summative report will in due course also be sent to The Charity Commissioners for their information once any investigation has been conducted.

If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, we will also inform those individuals without undue delay.

We keep a record of any personal data breaches.

We have cyber security insurance to protect us if a breach should occur.

Third Parties

Applause regularly collaborates with other third party organisations. We collaborate with artists and organisations on a regular basis and we will only share your data when you have given consent or opted in.

Applause’s policy is to check that all our third party suppliers who have access to personal data operate in line with GDPR. We have agreements and contracts in places with artists, partners and service providers to ensure that data is secure. Applause is not responsible for the privacy notices and practices of third parties.

Applause may include information about events and projects by third parties (such as organisations we collaborate with, have toured work to or have presented work by) in our marketing promotion via email newsletters and on social media.

How we dispose of data

We will keep your information only for as long as is reasonably necessary for the purposes set out in this privacy notice and to fulfil our legal obligations. We will not keep more information than we need. The retention period will vary according to the purpose, for example:

We delete all unsuccessful applications for jobs for 6 months after the application deadline.
We delete all unsuccessful applications for artists’ grants and support, within 18 months after the application deadline.
We ensure that any individual artist/promoter has given us consent to store their data on our CRM database.
We delete unsolicited CVs sent to us by email or by post.
Inactive or bounced email addresses are removed from Mailchimp through automated data cleansing at least quarterly.
We will delete any unsubscribed emails in Mailchimp on a monthly basis.
Every email we send to individuals via Mailchimp includes details on how to change your communications preferences or unsubscribe from future communications. You can unsubscribe or adjust your settings to opt in to the communications they want to receive.
We keep employee records and payroll information in line with our statutory and legal obligations.
We will review and evaluate any data held in Mailchimp/ Eventotron/ Eventbrite every 4 years.
Data Retention Policy
We will store your personal information for as long as it is required for the initial purposes it was collected for.
We delete data that is no longer require and we review the information we hold.

Your Rights

You are entitled to control your personal data and we respect your right to control your data. As a data subject you can:

Access and obtain a copy of your data on request
Change incorrect or incomplete data
Request us to delete or stop processing your data

Information Commissioner’s Office

For further assistance with complaints regarding your data, please contact the Information Commissioner’s Office, whose remit covers the UK.

Address: Wycliffe House Water Lane Wilmslow SK9 5AF Telephone: 0303 123 1113 Email: casework@ico.org.uk