Stapleford Granary Arts Centre & Cafe Privacy Policy

 

Introduction

Stapleford Granary Arts Centre & Cafe is the trading name for the Association for Cultural Exchange (Registered Charity No. 279567). 

The charity owns and operates the arts centre and the café at Stapleford Granary.

If you make a booking, join our mailing list, or sign up to our e-newsletter this policy explains which data we collect, how we store this, how we use it and the conditions under which we may disclose it to others. When using our website, this Privacy Policy should be read alongside the website terms and conditions.

 

For the purpose of the General Data Protection Regulation (2016/679) and the Data Protection Act 2018 (the “Legislation”), the data controller is the Association for Cultural Exchange. The registered address is Stapleford Granary, Bury Road, Stapleford, Cambridge, CB22 5BP.

 

Core principles

The core principles of this policy are as follows:

• We collect data and uses individual customer details only where there are legitimate business reasons to do so.
• We collect data only when we are legally entitled to do so.
• We are clear with individuals as to what information we will collect and how it will be processed.
• We only use personal data for the purpose(s) in which it was collected.

 

Personal information we collect

This is information about you that you give us by filling in forms on our website www.staplefordgranary.org.uk (our “Site”) or by corresponding with us by phone, email, at our events or otherwise. It includes information you provide when you book to attend an event, subscribe to our newsletter, make a purchase and when you apply for a job with us. The information you give us may include your name, address, email address, postcode and phone number. We use an approved third party (Spektrix) to operate our booking platform. They will send you an automated email message to confirm your booking details and may send further service emails if there is a change to your booking.

 

Information automatically collected

Information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, date and time zone setting, browser plug-in types and versions, operating system and platform.

 

Purposes for which we will use your personal data

We will only process your personal data in line with that which is permitted by the Legislation. We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Typically we will process your data to complete one of the following:

• To complete your booking.
• To manage your booking.
• To communicate updates relating to your booking.
• To contact you with details of new activities and events.
• To disclose to service providers in order to secure your booking.
• To measure or understand the effectiveness of advertising we send to you and others
• To notify you about changes to our service;
• To ensure that content from our site is presented in the most effective manner for you and for your computer.

 

We will process your data under one of the following conditions:

• Consent given (e.g. for obtaining feedback, photos and video recordings for marketing purpose)
• Performance of a contract or an agreement with you (e.g. entry to an event)
• Necessary for our legitimate interests (e.g use of CCTV on sites)
• Necessary to comply with a legal obligation (e.g. if requested by authority for investigation)

 

We transmit data to the following companies only for the purposes of processing your payment and any matters related to your booking: 

• Spektrix
• SagePay
• WorldPay
• PayPal Europe

 

How long we store data

We retain a record of your personal information in order to provide you with a high quality service. We will always retain your personal information in accordance with the General Data Protection Regulation (GDPR) and never retain your information for longer than is necessary.

 

Information we receive from other sources

This is information we receive about you if you use any of the other services we provide. In this case we will have informed you when we collected that data if we intend to share those data internally and combine it with data collected on this site. We will also have told you for what purpose we will share and combine your data.

 

Your rights

Your rights under data protection law are:

 

(a) The right to access

You have the right to know what personal data we hold about you and an explanation of the categories of data being processed, purposes of such processing, categories of third parties to whom the data may be disclosed. You have the right to a subject access request (SAR) to obtain a copy of your personal data. We will supply you with a copy of your personal data in a concise, transparent and easily accessible form. The first copy will be provided free of charge, but additional copies may be subject to a fee.

 

(b) The right to rectification

You have the right to have any inaccurate personal data we hold about you rectified and, for the purposes of processing a booking, to have any incomplete details completed.

 

(c) The right to erasure

You have the right to have your personal details erased without delay unless we have to comply with a legal obligation. This applies where the data is no longer needed for their original purpose, where the processing is based on consent and the data subject withdraws that consent.

 

(d) The right to object to processing

You have the right to object to the processing of personal data.

 

(e) The right to data portability

You have the right to request a copy of your personal data from the data controller in a commonly used format. You have the right to request a transfer of your personal data from one controller to another.

 

(f) The right to complain to a supervisory authority

If you feel that the way in which we process your personal data infringes data protection legislation you have the right to submit a complaint to the supervisory authority.

 

(g) The right to withdraw consent

We can only process your personal information with your consent and you have the right to withdraw that consent at any time.

 

How to exercise your rights

You may exercise any of your rights in relation to your personal data by contacting us.

https://www.staplefordgranary.org.uk/keeping-in-touch/visit 

 

You have a right to complain to the Information Commissioner's Office if you believe that any use of your personal information by us is in breach of applicable data protection laws and/or regulations. More information can be found on the Information Commissioner’s Office website: https://ico.org.uk

 

How we protect your data

We ensure that we have physical and technological security measures to protect your personal information. Where processes are outsourced we only do so when a service provider has proven the necessary security credentials. Information you provide is stored on our reservations and CRM systems. This data is located on the servers of our approved third party supplier Spektrix. For further information please use the link below to view their privacy policy.

 

Spektrix privacy policy https://www.spektrix.com/en-gb/privacy

 

We take security measures to protect your information including:

• Limiting access to our buildings to those that we believe are entitled to be there
• Implementing access controls to our information technology.
• We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems and networks.
• All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

 

We do not share your personal information with others for the purpose of marketing.

 

Children

Our website is not designed to target children under the age of 16. In compliance with the Children’s Online Privacy Protection Act, we require all children under age thirteen (13) to obtain parental consent to join any of our lists. By accepting this privacy policy you are confirming that you are over 13 years old. All terms of our privacy policy apply to children under 13.

 

Cookies

To make this site work properly and to ensure you get the best experience when browsing we sometimes place small data files called cookies on your device. Consent to the use of cookies is provided by clicking the ‘Continue’ button on the banner that appears at the top of the page when you visit our website.

 

What are cookies?

A cookie is a small text file that a website saves on your computer or mobile device when you visit our site. It enables our Site to remember your actions and preferences (such as language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the Site or browse from one page to another. By using our website you accept our use of cookies.

 

Cookie types

Visiting a page on https://www.staplefordgranary.org.uk may generate the following cookie types:

 

1. Persistent Cookies

We may use cookies which are persistent, which means that they last beyond your session on our Site. Persistent cookies help our website to remember you as a visitor, each time you use the same browser and device to visit us. Persistent cookies are stored for a predetermined period of time unless they are deleted. Information on how to do this manually is provided below.

 

1. Session cookies

Session cookies are erased when a user closes the Web browser. The session cookie is stored in temporary memory and they do not collect information from a user's computer. We use session cookies to make sure that certain elements of our Site work seamlessly as you move from one page to another. Without session cookies, some elements of our Site would not work.

 

1. Anonymous Analytics Cookies

We use Google Analytics for statistical purposes. This provides us with information such as how many users we receive and how often these users visit our Site. We also collect data on a user's session such as their geographical region, how long they spend on our site and how frequently they visit.

 

You can opt out of Google Analytics tracking by visiting the link below:

https://tools.google.com/dlpage/gaoptout

 

How to control cookies

You can control and/or delete cookies as you wish. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit our Site and some services and functionalities may not work.

 

Links to external websites

Our website contains links to websites run by other organisations and we cannot be held responsible for the privacy policies of external companies.

 

Marketing communications

We will only contact you for marketing purposes if you have given us consent to do so. This may be by post or e-mail and you can change your marketing preferences at any time by contacting us. If you are subscribed to our e-newsletters then we track whether you open the message and which links you engage with. Unless you have chosen not to download images automatically in your email client, opening an email will report back to us that you have read the message. You may unsubscribe at any time. Please use the link at the bottom of each email or contact us to update your preferences.

 

Our details

This website is owned and operated by the Association for Cultural Exchange. 

 

We are a registered charity in England number 279567 and a company limited by guarantee registered in England 604757.

 

Our registered office is Stapleford Granary, Bury Road, Stapleford, Cambridge, CB22 5BP.

 

You can contact us:

• By post using the address above
• By email This email address is being protected from spambots. You need JavaScript enabled to view it.
• By telephone on 01223 849004
   

Copyright

The contents of www.staplefordgranary.org.uk are the property of the Association for Cultural Exchange and subject to intellectual property protection. No content of the website may be reproduced, copied, published, distributed or placed onto other websites without our consent. This privacy policy is regularly reviewed and was last updated on 29 September 2023. If you have any questions regarding this policy or your data security please contact us.

 

ICO

The Information Commissioner's Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they can help you address any concerns.

 

Updated 29 September 2023