We at Turtle Key Arts respect and value your privacy. We take our responsibility to protect the privacy and security of your personal information very seriously. This policy explains how we collect, share, use and protect your personal information.
- 1. What personal information do we collect and why?
We collect only information required to perform services that you have asked us for. We will record personal details such as names, telephone numbers, email addresses and on occasion proof of identity over and above that available in the public domain.
When you visit our websites our webservers will temporarily record technical details including the IP-address of your computer or device or the type of browser and operating system you use to make our websites available to you. When you access our website from a mobile device we may collect information such as unique device identifiers for your mobile device, your screen resolution and other device settings.
When you register with our mailing list or one of our projects we may collect the following information from you: your name, child’s name, age, date of birth, gender, your contact details including address, e-mail address and telephone number, and diagnosis (if applicable).
- 2. What legal basis do we have for processing your personal data?
We deem that having engaged our services our legal basis for collecting your personal information is either under contract or legitimate interests, if you wish to contest this we would ask you to discuss this with us, you have the right to data erasure at any time.
- 3. What information do we share, with whom and why?
In order to provide you with our services, your personal information may be shared with project partners but we will always inform if we need to share your information and with who when you enter your information into our online form. We will never share your information with a third party. We aim at safeguarding your personal information and will ensure that it is adequately protected at any time.
Any receipt or transfer of funds will be via recognised secure payment systems. The firm will securely destroy any financial information once used and longer needed other than required by law.
We will further disclose personal information if we are required to do so by law or administrative or court order.
Other than that we will not share your personal information.
There are three types of Cookies: Session Cookies, Permanent Cookies and Third-Party Cookies.
Most Cookies used by our websites are Session Cookies. Session Cookies allow our websites to link the actions of a user during a browser session. They are used for a variety of purposes such as remembering your language settings. Session Cookies expire after a browser session and will not be stored for a longer term.
Persistent Cookies are stored on a user's device in between browser sessions which allows the preferences or actions of the user to be remembered across our websites. We use Persistent Cookies in particular to remember your preferences and choices when you use our websites so that you do not have to input your details multiple times, to remember how you have customised your use of our websites and to compile anonymous, aggregated information for statistical and evaluation purposes to help us understand how users use the website and help us improve the structure of our website.
You may opt out of Google Analytics by using the following link: http://tools.google.com/dlpage/gaoptout?hl=en
For more information on Cookies please visit: http://www.allaboutcookies.org/
5.What are my rights under this Policy?
Keeping your information up-to date is very important to us. Please let us know if any of your personal information, e.g. your contact details, have changed. We will then update the information we hold about you.
- 6. What about data security?
We have implemented extensive technical and organisational measures to ensure your personal information is safely protected at any time. These measures are subject to regular reviews and are adapted according to safety requirements. Safety measures we have adapted are:
Your data will not be transferred outside the European Economic Area [EEA] without the explicit consent from you.
We have in place general recognised standards of technology including operational security including, but not limited to, data encryption thereby enabling the protection of relevant data from misuse, loss, damage, alteration, destruction or unauthorised access.
Any receipt or transfer of funds will be via recognised secure payment systems. We will securely destroy any financial information once used and longer needed other than required by law.
Our website will adhere to SSL encryption protocols.
You will be notified of any breach of data which may pose a serious risk without delay.
We will not sell, pass on or contract with third parties your data without prior written [withdrawable] consent other than where required to by law.
We also train staff and contractors on data security
- 7. How long do we keep your personal data for?
We will only retain personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and your data, the purposes for which we process the data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Nevertheless, by law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for [six] years after they cease being customers for [tax] purposes.]
In some circumstances we may anonymise your data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you. At the time we become aware that you no longer require any of our products or services that we provide, your data will be deleted from our data base.
Data will be securely disposed of via the most appropriate secure method, either physical or by secure data wiping.
- 8. Your rights in relation to personal data
Under the GDPR, we respect your rights of data access and control to your personal data. In essence, you have the right to:
access to personal information
correction and deletion
withdrawal of consent (if processing data on condition of consent)
restriction of processing and objection
In addition, a Data Subject has the right to make a complaint to the Information Commissioner’s Office [ICO] on-line, by phone or in writing at the following:
T: 0303 123 1113;
Information Commissioner’s Office, Wycliffe house, Water Lane, Wilmslow, Cheshire. SK9 5AF.
There are circumstances where we will be unable to delete data as we are required to keep this by law.
- 9. Other websites
We are not responsible for the content or data protection practices of any other website. If you link to or otherwise visit any other website, please review the privacy policies posted at such website.
- 10. Updates of this Policy
We will review this Policy regularly and update it whenever necessary. We will post such changes on this website.
- 11. Who may I contact if I have any questions?
Turtle Key Arts
Lyric Sq, King St