Privacy Policy

Beatroute Arts is committed to the protection and correct use of the personal data of anyone who is involved with us, including participants, their parents or carers, staff, freelancers, donors and volunteers. We make it our utmost priority to meet the standards and stipulations previously set out in the Data Protection Act and those in the General Data Protection Regulation (GDPR), which is effective from 25 May 2018.

We strive to only collect data that is absolutely necessary and store it securely for an appropriate amount of time. We will not contact you with marketing material unless you have explicitly asked to receive updates. At any time you can request to have your details erased or amended.

This notice provides general information about what data we collect, why we collect it, how long for and how it is used and stored. 

If you require more information on GDPR then please visit ICO’s website www.ICO.org.uk 

WHO IS COLLECTING YOUR DATA?

Beatroute Arts collects your data through the following methods:

• Online: registration forms, event sign ups, emergency contact forms, online messaging via our website and social media platforms, gift aid declarations and CVs and covering letters submitted via email.

• Hard copy or electronic copy of a registration form, emergency contact form, hall hire form, CV or application letter, gift aid declarations.

WHAT DATA IS BEING COLLECTED AND WHY?

We only collect data which is required for the lawful purposes of administering the business of Beatroute Arts. These purposes are:

• Child protection

• Provision of the correct type of activity for the participant

• Provide legal consent

• Funding applications and reports

• Staff administration including payroll

• Advertising, marketing and public relations (if consent granted)

• Research

• Recruitment

WHAT TYPES OF PERSONAL DATA DO WE COLLECT?

We process personal information to enable us to support the provision of activities for our community, maintain our own accounts and records, promote our activity and to support and manage our employees. We also process personal information about staff who deliver our services, both freelance and salaried and also of those who volunteer with the organisation.

The types of personal information we use include:

• Personal details such as names, addresses, telephone numbers, email address, age

• Emergency contact details

• Employment details, for example for those that work for us either directly or are engaged by us to provide a service (eg sessional staff, contractors etc.)

• Financial details, where we provide or take payment for services 

• Visual images for use in marketing,  PR & use on the organisations social media platforms

• Responses to surveys, where individuals have responded to marketing questions

• Our website uses cookies but these are not used to identify you personally

 • Anecdotal evidence for inclusion in funding applications and reports.

We also process sensitive information that may include:

• Medical information or additional needs

• Employment tribunal applications, complaints, accidents, and incident details

HOW WE USE INFORMATION ABOUT YOU?

• To ensure activity is planned and delivered to meet participants’ needs

• To contact you with important information 

• To review the activity provided to ensure it is of the highest possible standard

• To report to our funders on our activity

• To maintain health and safety for staff (including sessional workers and volunteers) and participants

• To process incoming payments for activity or outgoing payment for work, services or refunds

• To share with emergency services in case of emergency, in line with information provided by members/sessional workers in registration/emergency contact forms.

• To highlight our work on our website and social media platforms. 

IS DATA SHARED WITH ANY THIRD PARTIES?

Data is only used by the members of Beatroute staff who need to process it or use it to lead activity safely and correctly.

If permission is granted then we may share images or film footage of participants with press or funders.

Employee details are shared with SCVO who process our payroll.

There are a number of reasons why we share information. This can be due to:

• Our obligations to comply with current legislation

• Our duty to comply with a Court Order

• You have consented to disclosure

HOW LONG IS YOUR DATA STORED?

• Participant data is kept for 2 years after their last attendance

• Job applications and records are kept in a secure file for 6 months

• Marketing databases will be refreshed every 3 years

• If consent is provided, then images and videos will be kept for an indefinite amount of time for Marketing and PR purposes

SECURITY

All data is kept in a secure place – digital or hard copy.

We will not use information that identifies you unless there is a lawful reason to do so.

All appropriate staff will receive training to ensure they maintain the standards set out in data protection and GDPR.

Our Director, Jenny Reeve, is in charge of data management, ensuring high standards of security are maintained.

In the unlikely event of a data breach – we will report the incident to ICO within 72 hours.

WHAT RIGHTS DO YOU HAVE WITH REGARDS TO YOUR PERSONAL DATA?

Under GDPR, every individual has the right to:

• Erasure – also known as the right to be forgotten

• Have inaccurate personal data rectified or completed if it is incomplete

• Prevent their data from being processed for marketing purposes

You can make a request in writing or in person and we will get back to you within 1 month to confirm your request has been addressed.

QUESTIONS

If you have any questions or feedback on how we manage your data then please get in touch in the following ways

• by email info@beatroutearts.com 

• by phone 0141 558 1387

• by letter to Beatroute Arts, 285 Wallacewell Road, Glasgow, G21 3RP 

If you wish to complain about the way we have used your data then you are advised to get in touch with us in the first instance. If you are unsatisfied with how we have responded, then you can report it to the ICO (Information Commissioner’s Office).

Updated 18th April 2023