The Association for Art History (the ‘Association’) is committed to protecting you and your information when you are using our services. In the course of your interaction with the Association, you will provide personal information which we will use to provide you with the service you have requested and in furtherance of our charitable objectives.
This Privacy Notice explains the type of information we collect, how we use that information and your rights regarding this information under the General Data Protection Regulation (GDPR). This legislation, in effect as of 25th May 2018, concerns the use of ‘personal data’—that which identifies a living person. In this Privacy Notice we will use that term as well as your ‘information’ to refer to data held about you.
1 INFORMATION WE HOLD
The Association holds the following types of information:
- Personal details (i.e. name, address, phone and email address, etc)
- Financial information (such as credit/debit card or direct debit details)
- Details on your interests, for example, in Association events, publications and notices
Your activities and involvement with the Association will result in personal data being generated. This may include details of your expertise; your visits to our website; your membership history; donations you have made to us; your participation in our online surveys or where you have applied for a job, grant or prize with us.
When we analyse data from our surveys, we can generate personal data about you to better understand your interest in our programmes and which communications and benefits of membership may interest you. We may also use third parties to help us conduct research and analysis on personal data and this may result in new personal data being created.
We may also receive personal data from third parties, for instance when we co-organise an event or partner with another organisation with which you have shared your information. If you post on our social media pages, we may collect information from those interactions.
2 HOW WE USE YOUR DATA
The Association only uses your data for purposes for which it was obtained, and we will never sell your data.
We use your data either with your consent or where it is necessary to fulfil the terms of a contract with you; comply with a legal duty; protect your vital interests or for our legitimate interests or those of a third party where your rights do not over ride those interests.
We use your personal data for administrative purposes related to carrying out our charitable purposes. These include:
- processing memberships, maintaining databases of members and upholding our obligations under membership contracts;
- processing event registrations, subscriptions to publications and requests for electronic communications
- managing comments and queries we receive
- managing your preferences regarding information and communication from us
Association research and analysis
We conduct research and analysis of our members to help assess the effectiveness of our membership offer, our events, publications and communications. For instance, we may use this information to assess the response to a programme and its viability. We may use this information to create programmes or stage events that you may find more valuable and pertinent to your professional needs.
We use your data to communicate with you and advise you of upcoming programmes and events that may be of interest to you. We may also use it to apprise you of membership offers or seek your support for the Association or a particular initiative.
We send you marketing communications electronically if you have given your consent to receive them. If you would like to change the manner or type of communications you receive from us, you can do this at any time by contacting us via email at firstname.lastname@example.org, by phone at 020 7490 3211 and via post at 70 Cowcross Street, London, EC1M 6EJ.
When you receive a communication from us, we may collect information about your response which, in turn, may affect how we communicate with you in future.
3 DISCLOSING AND SHARING YOUR DATA
The Association shares your personal data with third-parties who provide services to us. These providers and their services are listed here (LINK)
We share information with these service providers securely, and we retain responsibility for your data. The services are carried out under contracts which require that suppliers keep your information secure and in compliance with the GDPR.
We may share your data where required to so do by law, for instance when requested by the police such as for the prevention of a crime or for taxation purposes for the HMRC.
We may also share your information with a third party when co-organising an event (such as our annual conference which is convened with university partners). We will only share information where necessary and where consistent with your preferences.
4 CHILDREN AND YOUNG PEOPLE
The Association will not send marketing materials to those under 18 without the consent of a parent or guardian.
5 HOW WE PROTECT YOUR DATA
The Association employs various technical and physical measures to protect your personal data. Paper records are kept in secure locations and electronic data and databases are stored on secure computer systems. We have detailed security measures for staff to follow when accessing personal data as well as policies which stipulate who has access to personal information.
6 HOW WE PROVIDE DATA SECURITY
All of the Association’s forms in which you provide financial data will use the Secure Sockets Layer (SSL) protocol to encrypt the data between your browser and our servers.
If you purchase a membership or a ticket to an event online, we will pass your payment card details securely to our payment provider. The Association’s procedures comply with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council.
7 HOW WE STORE YOUR DATA
The Association is wholly based in the UK and we store data within the European Economic Area. Some organisations which provide data processing services to us do so under contract and may be based outside of the EEA. We will only allow them to do so if your data is adequately protected in compliance with the GDPR.
8 RETAINING YOUR DATA
We will only retain your personal data for as long as it is required for the purposes for which we collected it (e.g. we have a genuine and legitimate reason and we’re not harming any of your rights and interests). The period for retaining your data will vary depending on our legal obligations, the nature and type of information and the reason it was collected. For example, should you ask us not to send you marketing emails, we will stop storing your email address for marketing purposes; however, we will need to keep a record of your preference.
We continually review what information we hold and will delete personal data which is no longer required.
9 YOUR RIGHTS REGARDING YOUR DATA
You have a number of legal rights over the control of your data conferred by the GDPR.
These include rights to:
- object to our holding your information
- access the information we hold about you (this is referred to as a subject access request under the legislation)
- have your information rectified if incorrect
- transfer your information to another organisation
- have your information deleted
There are some exceptions to these rights under the legislation which limit our ability to respond to requests. Please contact us if you would like to exercise any of these rights or you would like more information about them at email@example.com, by phone at 020 7490 3211 or via post at 70 Cowcross Street, London, EC1M 6EJ.
Should you have a complaint about how we have handled your data, please contact us directly at the address provided above. If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to the UK Information Commissioner’s Office (ICO) which regulates and enforces data protection law in the UK. Information on how to do this can be found at the ICO website, www.ico.org.uk.
The Association uses local storage (such as cookies) to provide you with an optimal experience and to allow you to make use of certain functionalities. Further information can be found in our Cookies Policy HERE
12 LINKS TO OTHER SITES
Our website contains links to other websites. We are not responsible for the content or functionality of any such websites. Please let us know if a link is not working by contacting us at firstname.lastname@example.org.
13 CHANGES TO OUR PRIVACY NOTICE
We will amend this Privacy Notice to ensure that it complies with any change in data protection legislation or to reflect any changes in how we use your personal data. The Privacy Notice on our website will always reflect our current and prevailing policies and procedures.
If you have any questions related to this Privacy Notice, please contact us using the information provided above.