Arts Council England Place Based Peer Learning Programme Community Website Privacy Policy

Updated: June 2023

About this notice

Arts Council England ('we' 'us' 'our') and our supplier, Hivebrite collects, stores and uses (processes) a range of information from you to manage the Place Based Peer Learning Programme Community Website at https://placebasedpeerlearning.org.uk/ (the Community Website), and to fulfil our objects as set out in our Royal Charter.  You can find our Royal Charter on our website.

 

We are committed to being transparent with you about how we collect, use and store (process) that information.

 

This specific privacy notice tells you what to expect when we or our supplier, Hivebrite (Hivebrite) collect, use and store your personal data.

 

This specific privacy notice is in addition to our General Privacy Notice and Hivebrite’s Privacy Policy.  You can find our General Privacy Notice on our website.  You can find Hivebrite’s Privacy Policy on their website: https://hivebrite.com/privacy-policy

 

This specific privacy notice applies to personal data we may collect, create, receive, use and store:

 

• When you apply for a user account for the Community Website

• When you login to your user account for the Community Website

• When you post to, reply to, or read posts from the Community Website

• When you interact with other users publically and privately on the Community Website

 

This specific privacy notice provides details of how you can exercise your rights under Data Protection Laws, which means the Data Protection Act 2018 (DPA 2018) and the United Kingdom General Data Protection Regulation (UK GDPR) or such other laws as may apply or come into force that regulate the collection, processing, and privacy of personal data.

 

Your Rights

Under the UK GDPR we must ensure that your personal data is:

 

• Treated fairly, lawfully and in a transparent manner

• Only collected for specified, explicit and legitimate purposes

• Adequate, relevant and limited to what is necessary

• Accurate and, where necessary, kept up to date

• Kept for no longer than is necessary

• Kept securely and protected against unauthorised or unlawful processing, accidental loss, destruction or damage, using appropriate measures.

 

You have the right to:

 

• Be informed about our processing of your personal data

• Request access to your personal data and information about how we process it

• Request that your personal data is amended if inaccurate and that incomplete personal data is completed

• Request the restriction or suppression of your personal data

• Request the erasure or deletion of your personal data

• Move, copy or transfer personal data (Data Portability) - where the processing is based on consent or for the performance of a contract; and when processing is carried out by automated means.

• Object to the processing of your personal data

• Be informed about automated decision-making and profiling.

• Withdraw your consent to our processing of your personal data where our processing of your data is based on consent

 

If you want to exercise one or more of your rights, please:

 

• Either email our Information Team at [email protected]

• Or call us on 0161 934 4317

 

If you want to make a subject access request, please email our Information Team at: [email protected]

 

Please note that we may need to take steps to verify your identify if, as an example, you email or call us from an email address or telephone number that is not on our file.

 

What information do we collect?

We and Hivebrite collects, stores, and uses (process) a range of personal information about you:

 

• your names

• your email address

• the organisation that you work or volunteer for

• your job title

• if you login with your LinkedIn or Facebook or Google account, that you have one of these accounts and your corresponding user ID for your account with LinkedIn or Facebook or Google

• your geolocation

 

How we collect this information?

We and Hivebrite collects this information in a number of ways; through your application for a user account; information that is publically available online; if you login with your LinkedIn or Facebook or Google account, the information that LinkedIn or Facebook or Google shares with us to complete your application for a user account.

 

We and Hivebrite stores this information in a number of different places, such as our IT systems and Hivebrite’s IT systems that provides the underlying platform for the Community Website.

 

How will we use information about you?

Our legal basis for collecting, storing and using (processing) information about you is:

• Your Consent

• Legal Obligation

We need to collect, store, and use (process) information about you to ensure that we and Hivebrite may provide you the Community Website.

 

Who has access to data?

Your information may be shared internally with:

• Our Place Based Peer Learning Programme Community Team

• Our IT staff

• If you make a complaint or raise a concern, to our Complaints Team

• If you make a Subject Access Request or a Freedom of Information Request, to our Information Team

We may share your information externally with:

• Hivebrite

• Hivebrite’s IT staff

• External Legal Advisors where relevant

Hivebrite may share your information with their suppliers.  Please see Hivebrite’s Privacy Policy on their website: https://hivebrite.com/privacy-policy

 

We will not transfer your data to countries outside the European Economic Area.

 

Hivebrite and their suppliers and subprocessors may transfer your data outside of the European Economic Area.  Where Hivebrite makes such a transfer they will ensure that your privacy rights continue to be protected and use Standard Contractual Clauses to transfer data.  Please see Hivebrite’s Privacy Policy on their website: https://hivebrite.com/privacy-policy

 

How do we protect data?

 

We take the security of information, which includes your data, seriously. We have internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our staff and Hivebrite in the performance of their duties.

 

Where we engage third parties to process personal data on our behalf, they do so on the basis of our written instructions. Those third parties are under a duty of confidentiality to us and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

 

How long will we use your information for?

We will only retain your personal information for as long as necessary to fulfil the purposes for which we collect it, including for the purposes of satisfying any legal, accounting or reporting requirements.

 

Our supplier, Hivebrite’s Privacy Policy sets out how long they will retain your personal information.  Please see Hivebrite’s Privacy Policy on their website: https://hivebrite.com/privacy-policy

 

In some circumstances, we or Hivebrite may anonymise personal information so that it can no longer be associated with you, in which case we may use that information without further notice to you.

 

What if you do not provide us with your personal data?

You do not need to provide us with your personal data but you will not be able to use the Community Website.

 

Automated decision-making

Decisions are not based solely on automated decision-making.

 

Changes to this specific privacy notice

We reserve the right to update this specific privacy notice at any time.

 

We will provide you with a new specific privacy notice when we make any substantial updates, which will be available on our intranet.

 

We may also notify you in other ways from time to time about the processing of your personal information.

 

If you have any questions about this privacy notice, please contact the DPO.