Privacy Notice, 18th December, 2023
Can Art Save Us? (“The Company”) complies fully with the General Data Protection Regulations (GDPR). The person responsible for ensuring compliance is Paula Moore, owner (“The Owner”) of the Company. Our registered address is at the foot of this notice.
We collect personal data in our legitimate interests, for our legal obligations, in the course of building relationships with prospective clients and to fulfil contracts with clients for social media support, in the course of engaging contractors, and in promoting The Company on our website and social media. The personal data we collect from you is detailed in this notice. We collect only the personal data we need. The Owner will review this notice regularly and in line with guidance from the Information Commissioner’s Office.
We collect data from prospective participants and partners over the telephone, by email and in person and in response to enquiries. We collect name, telephone number and email address and process this data based on your consent.
We process limited client personal data for insurance purposes in our legitimate interests.
From time to time we take photographs and videos for use on our website and social media accounts which may be of clients. We do so only with your consent.
We collect personal data from contractors, freelancers and associates in order to fulfil our contract with them. We collect name, telephone number, email address and trading address.
How long do we keep your data?
Where we have consent to use images and videos we keep them for the period relevant to the published work unless legal proceedings require us to keep them for a longer period.
We keep client data for the duration of the contract with them when applicable and for one year afterwards.
In the case of our financial obligations we keep client and contractor financial data for as long as required by HMRC, currently seven years.
In all cases we keep only what is needed and anonymise data wherever possible.
Who do we share your data with?
The Company shares data with third parties in order to fulfil its legal obligations, for example financial data for HMRC.
Client and Contractor personal data may also be held on Cloud based IT devices, which means that personal data may be transferred outside of the EU. Where this is the case, the Cloud based IT device has confirmed that it has appropriate safeguards in place. For example, we use Microsoft 365 which transfers data to the US. Microsoft 365 is certified under the EU-US Privacy Shield Framework. This means that the country to which your personal data is transferred (the US) is deemed to provide an adequate level of protection for your personal information.
Is my data safe?
Records are stored electronically on password protected devices and encrypted when appropriate (in the case of special categories of data).
What are my rights?
You have the right to withdraw your consent for any data we process about you based on consent;
You have the right to ask to see what data we hold about you;
You have the right to be ‘forgotten’ by the Company when you are no longer a client or employed by us. This right does not apply to data processed based on legal obligation;
You have the right to request we correct data we hold about you if it is inaccurate;
You have the right to request we restrict processing if you have requested your data be rectified until you have verified the accuracy of the personal data;
You have the right to request we restrict processing if The Company does not need the personal data but you require the data to establish, exercise or defend a legal claim;
You have the right to object to your data being processed for our legitimate interests;
You have the right to request we restrict processing where you have objected to processing based on legitimate interests and The Company is considering whether its legitimate grounds override those of your own.
In all cases speak to the Owner and she will respond to you without undue delay and within 30 days. The Company may request some of the above be put in writing. If you are unhappy with how we have processed your data, please speak to the Owner in the first instance.
You also have the right to complain to a supervisory authority if you are unhappy with how the Company has handled your personal data. To complain to the Information Commissioners Office, please go to www.ico.org.uk or call 0303 123 1113.
Paula Moore, Registered Office: 9, Vancouver Close, Worthing, West Sussex BN13 2SH.