The University of Nottingham, University Park, Nottingham, NG7 2RD, is committed to protecting your personal data and informing you of your rights in relation to that data.
The University of Nottingham is registered as a Data Controller under the Data Protection Act 2018 (registration No. Z5654762).
One of our responsibilities as a data controller is to be transparent in our processing of your personal data and to tell you about the different ways in which we collect and use your personal data. The University will process your personal data in accordance with the UK General Data Protection Regulation (UK GDPR, GDPR) and the Data Protection Act 2018 (DPA) and this privacy notice is issued in accordance with the GDPR Articles 13 and 14.
Lakeside Arts is part of the University of Nottingham and for the purposes of this Privacy Policy, “we” means Lakeside Arts, University of Nottingham.
This policy explains:
- why we collect your personal data;
- the legal basis for processing your personal data under GDPR;
- what personal data we collect and where we get this information from;
- how long we keep your personal data for;
- who we share your personal data with;
- how we keep your personal data secure;
- your rights as a data subject and how you can check and update any of your personal data.
We may update our Privacy Notice at any time and we encourage you to check back here regularly to review any changes.
Why we collect your personal data
We define personal data as information relating to a live, identifiable individual. We may need to gather and use information about you for a number of reasons. Here are the main ones:
- To provide a service you have requested (e.g. booking tickets).
- Contact you if we need to obtain or provide additional information (e.g. changes to events).
- Provide you with information on upcoming events, exhibitions and/or opportunities to donate to Lakeside Arts, so long as you have consented to these communications (e.g. emailing about upcoming events).
- To improve our programming and customer service by better understanding our audience’s needs (e.g. retaining notes on customer service issues to ensure mistakes aren’t repeated).
The law also requires us to acquire and keep certain information. Occasionally this information is anonymised so you can’t be identified.
The legal basis for processing your personal data under GDPR
Under the General Data Protection Regulation, we must establish a legal basis for processing your personal data and communicate this to you. The majority of data processed under the terms of this notice is classified as non-sensitive personal data, as such we typically rely on three legal basis for processing your personal data, which vary depending on what we’re using it for. These are:
- To perform or take steps to enter into a contract;
- Your consent;
- Legitimate interests pursued by the University (except where such interests are overridden by your interests, rights or freedoms).
What personal data we collect and where we get this information from
Generally, we collect your information when you decide to interact with us. This could include purchasing tickets online, over the phone or in person or it could be when you sign up to receive emails from us. Whenever we do so we will always explain why we are requesting this information, and under what circumstances and how your information will be processed.
How long we keep your personal data for
We will only retain your personal data for as long as is reasonably necessary to fulfil the purposes set out in this privacy notice, including for the purposes of satisfying any legal, accounting, or reporting requirements. We will not keep more information than we need. The retention period will vary according to the purpose, for example if purchasing a ticket only, we will typically keep your data for up to six years from the date of your last transaction whereas if you have pledged a legacy to us, we will hold your details until notified by your executors. You can view our records retention schedule on the University of Nottingham website.
If you ask us to stop sending direct marketing communications to you, we will keep the minimum amount of information (e.g. name, address or email address) to ensure we adhere with such requests.
Who we share your personal data with
Internal recipients
We may share your personal data, including your sensitive personal data, between colleagues and departments who have received appropriate training and legitimately need access to that information in order to carry out their normal duties to support and facilitate your relationship with us.
External recipients
Personal data collected when you purchased tickets or signed up to receive communications from us is securely stored in our Spektrix database, which is hosted externally by Spektrix Ltd in a secure data warehouse. On occasion, Spektrix Ltd will have access to your data when assisting with the maintenance and development of our systems, however only on our instruction.
We will never share, sell, rent or trade your personal information to any third parties for marketing purposes without your prior consent.
Some of our service providers may have access to your data in order to perform services on our behalf – payment processing and email marketing are good examples of this. We use Elavon’s Opayo Gateway to process credit and debit card transactions. This requires us to provide personal and payment data to Elavon Financial Services DAC in order for them to process payments. Spektrix integrates via an Application Programming Interface (API) with dotdigital EMEA Limited’s dotdigital email marketing platform. When we send you a promotional, pre/post-visit or survey email, it will have come from dotdigital. This requires us to transfer, via the API, your name, email address and another other relevant information we hold (for example, the name of the event you have booked for) to dotdigtal when sending emails. We control which emails are sent and the content of those emails.
We enter into an agreement with anyone who provides a service for us to ensure that they meet our standards for data security. They will not use your data for anything other than the clearly defined purpose relating to the service that they are providing.
How we keep your personal data secure
We are committed to protecting the personal information you entrust to us. We adopt robust and appropriate technologies and policies, so the information we have about you is protected from unauthorised access and improper use.
Your rights as a data subject
You have the following rights in relation to your personal data processed by us:
Checking and updating your personal data
You should find it easy to access and amend the personal information that we hold on you, or request that we stop contacting you. It’s your data and we want to make sure you feel in control of it.
If you have an online account with us, you can amend your personal details and email contact preferences at any time. Simply sign in on the website and access your account, or, if you prefer, you can contact us by phoning, emailing, or writing using our contact details below. Every email we send to you will include details on how to change your communications preferences or unsubscribe from future communications.
By email: Lakeside-Box-Office@nottingham.ac.uk
By phone: +44 (0)115 846 7777
By post: Nottingham Lakeside Arts, University Park, Nottingham, NG7 2RD