Stapleford Granary Arts Centre & Cafe is the trading name for the Association for Cultural Exchange (Registered Charity No. 279567).
The charity owns and operates the arts centre and the café at Stapleford Granary.
For the purpose of the General Data Protection Regulation (2016/679) and the Data Protection Act 2018 (the “Legislation”), the data controller is the Association for Cultural Exchange. The registered address is Stapleford Granary, Bury Road, Stapleford, Cambridge, CB22 5BP.
The core principles of this policy are as follows:
- We collect data and uses individual customer details only where there are legitimate business reasons to do so.
- We collect data only when we are legally entitled to do so.
- We are clear with individuals as to what information we will collect and how it will be processed.
- We only use personal data for the purpose(s) in which it was collected.
Personal information we collect
This is information about you that you give us by filling in forms on our website www.staplefordgranary.org.uk (our “Site”) or by corresponding with us by phone, email, at our events or otherwise. It includes information you provide when you book to attend an event, subscribe to our newsletter, make a purchase and when you apply for a job with us. The information you give us may include your name, address, email address, postcode and phone number. We use an approved third party (Spektrix) to operate our booking platform. They will send you an automated email message to confirm your booking details and may send further service emails if there is a change to your booking.
Information automatically collected
Information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, date and time zone setting, browser plug-in types and versions, operating system and platform.
Purposes for which we will use your personal data
We will only process your personal data in line with that which is permitted by the Legislation. We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Typically we will process your data to complete one of the following:
- To complete your booking.
- To manage your booking.
- To communicate updates relating to your booking.
- To contact you with details of new activities and events.
- To disclose to service providers in order to secure your booking.
- To measure or understand the effectiveness of advertising we send to you and others
- To notify you about changes to our service;
- To ensure that content from our site is presented in the most effective manner for you and for your computer.
We will process your data under one of the following conditions:
- Consent given (e.g. for obtaining feedback, photos and video recordings for marketing purpose)
- Performance of a contract or an agreement with you (e.g. entry to an event)
- Necessary for our legitimate interests (e.g use of CCTV on sites)
- Necessary to comply with a legal obligation (e.g. if requested by authority for investigation)
We transmit data to the following companies only for the purposes of processing your payment and any matters related to your booking:
- PayPal Europe
How long we store data
We retain a record of your personal information in order to provide you with a high quality service. We will always retain your personal information in accordance with the General Data Protection Regulation (GDPR) and never retain your information for longer than is necessary.
Information we receive from other sources
This is information we receive about you if you use any of the other services we provide. In this case we will have informed you when we collected that data if we intend to share those data internally and combine it with data collected on this site. We will also have told you for what purpose we will share and combine your data.
Your rights under data protection law are:
(a) The right to access
You have the right to know what personal data we hold about you and an explanation of the categories of data being processed, purposes of such processing, categories of third parties to whom the data may be disclosed. You have the right to a subject access request (SAR) to obtain a copy of your personal data. We will supply you with a copy of your personal data in a concise, transparent and easily accessible form. The first copy will be provided free of charge, but additional copies may be subject to a fee.
(b) The right to rectification
You have the right to have any inaccurate personal data we hold about you rectified and, for the purposes of processing a booking, to have any incomplete details completed.
(c) The right to erasure
You have the right to have your personal details erased without delay unless we have to comply with a legal obligation. This applies where the data is no longer needed for their original purpose, where the processing is based on consent and the data subject withdraws that consent.
(d) The right to object to processing
You have the right to object to the processing of personal data.
(e) The right to data portability
You have the right to request a copy of your personal data from the data controller in a commonly used format. You have the right to request a transfer of your personal data from one controller to another.
(f) The right to complain to a supervisory authority
If you feel that the way in which we process your personal data infringes data protection legislation you have the right to submit a complaint to the supervisory authority.
(g) The right to withdraw consent
We can only process your personal information with your consent and you have the right to withdraw that consent at any time.
How to exercise your rights
You may exercise any of your rights in relation to your personal data by contacting us.
You have a right to complain to the Information Commissioner's Office if you believe that any use of your personal information by us is in breach of applicable data protection laws and/or regulations. More information can be found on the Information Commissioner’s Office website: https://ico.org.uk
How we protect your data
We take security measures to protect your information including:
- Limiting access to our buildings to those that we believe are entitled to be there
- Implementing access controls to our information technology.
- We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems and networks.
- All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We do not share your personal information with others for the purpose of marketing.
What are cookies?
Visiting a page on https://www.staplefordgranary.org.uk may generate the following cookie types:
- Persistent Cookies
- Session cookies
Session cookies are erased when a user closes the Web browser. The session cookie is stored in temporary memory and they do not collect information from a user's computer. We use session cookies to make sure that certain elements of our Site work seamlessly as you move from one page to another. Without session cookies, some elements of our Site would not work.
- Anonymous Analytics Cookies
We use Google Analytics for statistical purposes. This provides us with information such as how many users we receive and how often these users visit our Site. We also collect data on a user's session such as their geographical region, how long they spend on our site and how frequently they visit.
You can opt out of Google Analytics tracking by visiting the link below:
How to control cookies
You can control and/or delete cookies as you wish. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit our Site and some services and functionalities may not work.
Links to external websites
Our website contains links to websites run by other organisations and we cannot be held responsible for the privacy policies of external companies.
We will only contact you for marketing purposes if you have given us consent to do so. This may be by post or e-mail and you can change your marketing preferences at any time by contacting us. If you are subscribed to our e-newsletters then we track whether you open the message and which links you engage with. Unless you have chosen not to download images automatically in your email client, opening an email will report back to us that you have read the message. You may unsubscribe at any time. Please use the link at the bottom of each email or contact us to update your preferences.
This website is owned and operated by the Association for Cultural Exchange.
We are a registered charity in England number 279567 and a company limited by guarantee registered in England 604757.
Our registered office is Stapleford Granary, Bury Road, Stapleford, Cambridge, CB22 5BP.
You can contact us:
- By post using the address above
- By telephone on 01223 849004
The Information Commissioner's Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they can help you address any concerns.
Updated 29 September 2023