We will use the information that we collect about you in accordance with:
The Data Protection Act 1998 as amended by the Data Protection Bill
The Privacy and Electronic Communications (EC Directive) Regulations 2003
The EU General Data Protection Regulation (Regulation EU 2016/679), (‘GDPR’) which becomes effective from 25 May 2018
Under the Data Protection Legislation, all organisations which handle personal information must comply with a number of important principles regarding the privacy and disclosure of this information.
We believe that the lawful and correct treatment of personal information is critical to our successful operation. We recognise that to maintain our professional reputation and integrity, we must be fully compliant with this legislation.
By providing us with your data, you warrant to us that you are over 13 years of age.
1. Your personal data – what is it?
Personal data means information relating to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
2. Who are we?
Arvon is a national UK creative writing charity (No. 306694) and is a charitable company limited by guarantee registered in England and Wales with company number 1086582. Arvon is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
3. What information do we collect or keep?
We may collect the following information about you when you register with us, book on a course, place an order for products or services, donate, complete customer surveys, provide feedback and participate in competitions:
Identity data includes first name, last name, gender, age, title, date of birth (if applying for Arvon 18-25 only)
Contact data includes billing address, email address and telephone numbers
Marketing and Communications data includes your preferences in receiving marketing from us and your communication preferences, details of emails we have sent them and how you have engaged with them, feedback you have given us, communications you sent to Arvon, how you heard about us, survey responses you have completed and any competition entries you have submitted. This helps us to manage our relationship with you and ensures you only receive communications from us that are relevant and timely.
Event data including events you have been invited to and whether you attended
Booking data includes dietary and accessibility requirements and past bookings
Financial data includes bank details, credit/ debit card details and payment details (not collected by Arvon but by a third party service provider and not retained by them after processing the payment).
Transaction data includes details about payments to and from you and other details of products and services you have purchased from us, gift voucher details, including recipient of gift voucher, and any donations you have made to Arvon.
Evaluation data includes course reports by centre staff and tutors.
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
Profile Data includes your username and password when you create an account for us.
Donor Data includes donation history, Gift Aid declaration details, relationships with other individuals and organisations on our database, details of your engagement with Arvon and potentially, research information from publicly available sources.
Course and Grant Application Data, includes completed application form, held for three years, supporting evidence of financial status (kept securely and destroyed immediately once decision made about application) and post-course reports.
Recruitment Data, including cover letter, application form and CV (only retained for six months if unsuccessful)
Special Personal Data
Special Personal Data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences, except if you are applying to work at Arvon in some roles.
Some special categories of personal data, such as information about health or medical conditions, are processed to assist in providing services to those with disabilities.
Where we process special categories of personal data, such as information about ethnic origin, sexual orientation or religion or belief, this is done for the purposes of equal opportunities monitoring. Data that we use for these purposes is anonymised, except in the case of grant applicants, where it is collected with your express consent; you are entirely free to decide whether or not to provide such data and there are no consequences for failing to do so, and you can withdraw the consent at any time.
4. When do we collect data?
We collect data, which may include personal information, when you:
- visit our website
- contact us via email, telephone, post, live chat or contact forms
- register with us
- book on a course
- place an order for our products or services
- donate to Arvon
- apply for a grant and complete a grant report
- apply for a course
- apply for a job with Arvon
- apply for our professional development scheme
- complete our customer surveys
- provide us with feedback
- participate in an Arvon competition
5. How will we use the information about you?
We will process your personal data:
As necessary to perform our contract with you and to update our records
As necessary for our own legitimate interests; to process your order, manage your account, understand your needs, provide you with a better service and to promote our work as a charity, and in particular for the following reasons:
- Internal record keeping – this may include the secure holding of data with third-party organisations who provide us with services.
- To improve our courses and other activities.
- To provide you with relevant and timely information about the work we do
- To engage with current and potential donors
- We may aggregate information anonymously to provide statistics to evaluate our work and to feedback to our funders about our performance.We will ensure our own legitimate interests do not override your own interests and fundamental rights.
Where you have agreed to receive email marketing communications from us, we may provide your email address in an encrypted format to social media companies, such as Facebook, Instagram, Twitter or YouTube, or to digital advertising networks that are providing services to us by displaying our advertising to you on those social media platforms and other websites, as well as identifying audiences with interests similar to yours. You can opt out of your data being used to display advertising to you here.
From experience we know that our donors would expect us to have ascertained a level of interest and considered the appropriateness of a request for donations before approaching them. We therefore research some of our customers and supporters and occasionally potential supporters to find shared interests. If you are a member or donor, we may use a number of basic research tools to estimate your potential interest in other membership levels or in supporting us further.
As necessary to comply with a legal obligation e.g. when you exercise your rights under data protection law and make requests; for compliance with legal and regulatory disclosures, for establishment and defence of legal rights; to verify your identity and where anti-money laundering checks are required. We may process your personal data without your knowledge or consent where this is required or permitted by law.
We will ensure our own legitimate interests do not override your own interests and fundamental rights. Generally, we do not rely on consent as a legal ground for processing your personal data, other than in relation to sending marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by emailing us at email@example.com
6. Disclosures of your personal data
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions. We do not transfer your personal data outside the European Economic Area (EEA). We will not sell, distribute or lease your personal information to third parties unless we are required by law to do so.
7. Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with this original purpose. If you wish to find out more about how the processing for the new purpose is compatible with the original purpose, please contact firstname.lastname@example.org
If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal ground of processing.
8. How will we keep your personal information secure?
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. We comply with our obligations under the “GDPR” by:
- keeping personal data up to date
- storing and destroying it securely
- not collecting or retaining excessive amounts of data
- protecting personal data from loss, misuse, unauthorised access and disclosure
- ensuring that appropriate technical measures are in place to protect personal data
9. How will we communicate with you?
If you have elected to receive them, we may periodically send emails or printed materials to tell you about our courses or other activities, fundraising campaigns and writing opportunities from other organisations. You can unsubscribe from these communications at any time at the footer of the email, or edit your mailing preferences here.
If you have booked on a course with Arvon we may send you occasional emails with news of Arvon courses, as we consider this legitimate interest. We will only do this for two calendar years after your last course booking. If you have opted-in to receive our postal brochure, we may send your address details to a credit reference agency, to check if you are still at this address.
We are a registered charity and rely heavily on voluntary contributions from our audience and other funders. Based on the frequency of your visits and purchasing patterns, we may promote our memberships to you or ask you for additional support for our work.
10. Service Providers
We may sometimes share your information with our third party Service Providers. These third party Service Providers enter into a contract that requires them to use your personal information only for the provision of services to us and in a manner that is consistent with this policy. We make sure anyone who provides a service for Arvon meets our standards for data security and privacy. They will not use your data for anything other than the clearly defined purpose relating to the service that they are providing.
If you give us your permission to claim Gift Aid, then we are legally obliged to use your personal information to make the relevant claim from Her Majesty’s Revenue and Customs (HMRC).
Some of our third parties service providers are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA. For example, our online surveys and our database are provided by US companies.
Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is implemented:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or
Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or
Where we use providers based in the United States, we may transfer data to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
11. Links to other websites
12. Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: –
The right to request a copy of your personal data which Arvon holds about you.
If you would like a copy of the information held on you please contact us at email@example.com and we will send the personal data we hold about you.
The right to request that Arvon corrects any personal data if it is found to be inaccurate or out of date.
If you believe that any information we are holding on you is incorrect or incomplete, please contact us at firstname.lastname@example.org and we will promptly correct any information found to be incorrect.
The right to request that your personal data is erased where it is no longer necessary.
Please contact us if you would like your personal data erased and we will do so promptly, unless we have a contractual or legal requirement to keep the data.
The right to withdraw your consent to the processing at any time.
If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at email@example.com, or by clicking the ‘unsubscribe’ link at the footer of the email or you can edit your mailing preferences here.
The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.
The right to object to the processing of personal data.
You can see more about these rights at: ico.org.uk
If you wish to exercise any of the rights set out above, please contact firstname.lastname@example.org. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
13. How long will we keep your information?
We will keep your information only for as long as is reasonably necessary for the purposes set out in this privacy notice and to fulfil our legal obligations. We will not keep more information than we need. The retention period will vary according to the purpose, for example:
- All financial evidence supplied with your grant application will be destroyed immediately after a grant decision is made and communicated to you.
- If you have pledged a legacy to Arvon, we will hold your details until notified by your executors.
- Gift Aid declarations and associated paperwork are held for up to 6 years after the calendar year to which they relate.
- We will keep your contact details and booking records indefinitely, unless you ask us to remove your details, in order that we can maintain our alumni records.
- If you ask us to stop sending direct marketing communications to you, we will keep the minimum amount of information (e.g. name, address or email address) to ensure we adhere to such requests.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We are for tax purposes legally required to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers.
In some circumstances you can ask us to delete your data: see above for further information.
14. How to contact us
By email: email@example.com
By phone: 0204 529 4970
By mail: Arvon, Unit 103, Clerkenwell Workshops, 27/31 Clerkenwell Close, London EC1R 0AT
15. Updates or Changes to the Privacy Notice and Further Information
Last updated: 21 February 2019