Art and Christianity (hereafter referred to as A+C) will comply with all data protection law and will ensure that it safeguards its records and data held on individuals. It will also ensure that all third-party processors such as suppliers, sub-contractors and consultants are also compliant with the law and in the way that they handle and store information.
Individuals who apply to join A+C as members and who submit personal data e.g. name, address, email and telephone number, will be asked if A+C may contact them by email with newsletters, general updates, marketing for events and other relevant information. Prospective and current members will be asked to positively tick a box with their preference. Individuals who are not members but who wish to receive free email updates (hereafter referred to as e-subscribers) and marketing for publications and events will also have the opportunity to positively opt-in to receiving these updates. All emails sent to members and e-subscribers will have an unsubscribe option and if actioned these people will not be sent any further emails. The database will indicate their preference and A+C shall retain records of members' preferences for audit purposes.
Individuals who enable the activities and objectives of A+C, such as staff, trustees, contributors to the journal and other publications, speakers at events, entrants for the A+C awards and nominators of Ecclesiart projects, will also be treated in accordance with the GDPR. Any data provided during the management of these projects, such as names, addresses, emails, telephone numbers, or other personal information, will be stored in password-protected email accounts only accessible to those members of staff for whom it is strictly necessary and for explicit A+C purposes. Such information will be kept for audit purposes only and will be deleted when no longer necessary.
1. Data Management (What data we hold and why we hold it)
We hold data related to our
- Members for the purpose of sending them our quarterly journal, as well as invitations to members’ events, and our e-newsletter.
- E-subscribers for the purpose of sending them our e-newsletter, and invitations join A+C and to attend our public events.
- Contributors to the activities and objectives of A+C as outlined above.
A+C recognises that members and e-subscribers have the right to be forgotten, under the terms and conditions of GDPR, and will comply where necessary, except where A+C is legally required to retain data (such as for HMRC records). A+C will keep all members’ and e-subscribers’ data up-to-date. Members and e-subscribers have the right to see the information we hold on them at any time; to know why we keep their data; to object to processing or to request data portability; to withdraw consent or lodge a complaint at any time. A+C will be pleased to provide this information upon request within the timeframes specified by the GDPR.
If at any time A+C decide to adjust how they use member and e-subscriber data, all members and e-subscribers will be contacted and asked to provide consent before any changes are made.
2. Third Party Processors (Who we share your data with)
A+C shall not pass on e-subscriber and member details to any other third party organisations or to any other member, apart from those processors essential to carrying out the purposes for which the member or e-subscriber has actively opted-in for. Processors will only be used by A+C once they have been monitored for compliance with GDPR.
Senior staff at A+C oversee our strategy and ensure all data storage and marketing activity is in line with GDPR. Any data regarding individual's payment details for purchases of membership, publications, events and donations will only be stored by GDPR compliant processors or in the office under the conditions outlined below. No Trustee holds any personal data on members or e-subscribers on behalf of A+C.
3. Management of Computer Files (How we store your data)
Personal data is held in the A+C office on a secure password-protected computer system and is only accessible by staff for whom the information is explicitly relevant, where it will only be used for the express purposes of A+C communications.
The office computer will have its files regularly backed-up to the cloud and by disc both on and off-site. These files will be password encrypted and only staff whose roles involve managing data for the express purposes of A+C communications will have access to the appropriate passwords. Copies of all passwords shall be retained by the director and administrative staff to ensure the capability of access in times of absence, or security breaches by virus or other means which affects access. A+C will ensure all data it holds will be protected against loss, theft and misuse.
17 May 2018
Banner image: Jacqueline James, Lenten Altar Frontal, 1990, York Minster