Privacy Policy

Koestler Arts Data Protection and Privacy Statement

Koestler Arts is the UK’s best-known prison arts charity. We’ve been awarding, exhibiting and selling artworks by offenders, detainees and secure patients for over 50 years. Koestler Arts is the working name of the Koestler Trust, registered charity number 1105759, with our registered offices at the Koestler Arts Centre, 170 Du Cane Road, London, W12 0TX. We are committed to protecting your personal data and ensuring the confidentiality of the personal information we collect. We aim to be clear when we collect your data and not do anything you wouldn’t reasonably expect. We are registered with the Information Commissioner’s Office under registration reference ZA163089 (see www.ico.gov.uk).

Your privacy is important, and to protect it, Koestler Arts adheres strictly to the laws and guidelines set out by the General Data Protection Regulation legislation (GDPR), effective from 25 May 2018. The following Privacy Policy offers an explanation of our information practices and how we use your personal information provided in person or online, via email, phone, in writing or other correspondence.

Why do we collect data?
In order to operate efficiently, Koestler Arts collects and uses personal data about service users, donors, participants, partners, supporters, volunteers and staff. We collect and process information to deliver an effective service and to allow us make better organisational decisions, fundraise more efficiently and, ultimately, help us to achieve our mission of motivating people to change their lives through participation in the arts while raising awareness of the challenges they face.

We collect and process data to:
• Provide our services, activities and online content.
• Personalise the way Koestler Arts content is presented to you.
• Analyse and improve our services.
• Evaluate and report on our charitable activities to funders.
• Market research and statistical analysis.
• Respond to, and, where relevant, attempt to resolve, any comments, queries or complaints you may have.

What information do we collect and how do we use it?
When you provide us with personal data you consent to the collection and use of this information for the purposes outlined in this policy. We will store and process any personal data you voluntarily provide us with for the purposes that they are provided (newsletter, enquiry) along with a history of inbound and outbound communications and any purchases and donations for the purposes set out in this policy. We are legally obliged to ensure that we only use this information for the purpose for which it was requested or provided, and to ensure that it is kept securely.

Collecting data for contractual purposes…
We may collect personal data (such as name, email address, address, financial details) when you:
• Purchase items through the online shop.

If we intend to use your personal information for a secondary reason such as marketing, we will either ask you directly for your expressed consent and/or provide you with an opportunity to say no.

We also collect and process data for legitimate organisational interests…
We may collect personal data (such as name, email address, address) when you:
• Sign up for our newsletter.
• Enter competitions, promotions or surveys.
• Attend an event.
• Make a donation.
• Subscribe, register or apply for services that require personal information to be given.
• Report a fault and give your contact details for us to respond.
• Complete voluntary surveys that we use for research purposes.
• Send us comments, complaints and queries by email of any other medium.
• Report a problem or complaint.
• Volunteer with us.
• Participate in services or our charitable activities.
• Join as a member of staff.

If you contact us, either by phone, post or email, we reserve the right to record that correspondence and any information included within it, unless you specifically request that we do not.

We may also receive information about you from third parties that we work with, for example Just Giving or Virgin Giving, where you have consented to them sending us your information.

We may use personal data to contact you and inform you of events, products and services we believe you will be interested in; to invite voluntary participation in research or surveys; to personalise our online services; and for administrative purposes such as accounting. We will always consider your right to privacy and ensure that our use of data is proportionate.

Newsletters:
You may receive the Koestler Arts Newsletter with information the about what the charity is working on, significant changes of staff or policy, achievements and awards, events, job vacancies, as well as to encourage you to support our work by volunteering or donating.

By signing up to the newsletter through the website, at events, using the ‘Support Us’ leaflet, or signing up on the back of feedback forms, you gave your consent for us to contact you. Koestler Arts uses MailChimp to create our newsletters and invitation emails and you can unsubscribe to the newsletters at any time using the ‘unsubscribe’ link at the bottom of every email.

Our emails may contain tracking facilities allowing us to track subscriber activity such how many emails are opened, links that are clicked on, dates and frequency of activity. We store and use this information for future analysis and evaluation and use it to refine future email campaigns and tailor content.

Online Shop and Financial information:
When you make a purchase from us or donate to us online, we will use your data to fulfil our contractual obligations to you. When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.

We use third parties including Woo Commerce and Sage Pay to process financial transactions through our online shop. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. We follow all PCI-DSS requirements and implement additional generally accepted industry standards. We do not see or retain credit or debit card details.

Gift Aid records and paper credit card receipts are kept on file in a secure environment for a minimum of 6 years in order to comply with HMRC regulations.

Website and cookies:
Our website www.koestlerarts.org.uk uses cookies to automatically collect information about the way you use our website. We use both session-based (last only while your browser is open) and persistent cookies (until you or your browser delete them, or until they expire, and help to make sure you are recognised when you some back to a website), dependent upon how you use or interact with this website. Our website uses Google Analytics, a web analytics service provided by Google, Inc, to regularly audit this information.

Monitoring the way you and other visitors use our site helps us to tailor our content and make sure we are curating the site correctly. While this data is collected automatically, it is also anonymous: we can see that someone arrived at our site, looked at X pages and clicked on Y links but we cannot see that it was you. No personal information is collected or stored by our cookies.

You can manage the cookies being stored on your computer by selecting ‘delete cookies’ in your browser. You may opt to view the site without cookies by adjusting your browser’s settings. If you do disable cookies some functions of the site may no longer work correctly. By using this website, you consent to the processing of data about you by Google in the way described above.

External Links: When you click on links on our website, they may direct you away from our site. Koestler Arts cannot guarantee or verify the contents of any externally linked website despite our best efforts. Users should therefore note they click on external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.

Social Media Platforms:
We also use anonymised analytics from our social media platforms to monitor engagement across all services, including Twitter, Instagram, Facebook, You Tube and Vimeo.

Our website uses social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.

Sensitive personal data:
We do not request or knowingly collect or process any identifiable sensitive personal data from members of the public.

In the instances where we do collect sensitive personal data, we do so to make sure we are meeting our contractual, statutory, and management obligations and responsibilities as an employer and service provider. We collect personal information such as racial or ethnic origin, religious beliefs or other similar beliefs from service users and Award entrants for monitoring and evaluation purposes, often a requirement of funding. We take steps to anonymise and separate this data, and to store it for no longer than is necessary to obtain the anonymous statistics required for our funders and in order to ensure that our Awards meet our equality and diversity objectives.

Fundraising and Development:
As a charity, we rely on donations for a significant proportion of our work. Koestler Arts has a very hard-working Development team who are constantly applying for grants and appealing for donations to allow us to continue our vital work. To this end, and to best serve the organisation, they will research companies and individuals using publicly available information with a view to building a picture of interests and preferences so that we can tailor our communications and requests for financial support appropriately, which we know is important to philanthropic donors.

For those people we collect personal information (job title, directorships, contact information, demographic data (including estimated income and property value), date and size of previous donations to the Koestler Trust or other charities, and details of philanthropic activities), obtained from sources including: search engines, the press, social media, and reputable public data sources, including Trustfunding.org.uk, Companies House and Wealthmonitor. This data is held in strict confidence by the Development Team and is not accessible by anyone else outside of the organisation.

As a charity, reporting and evaluation is a necessary and essential part of our work. We process some data we hold anonymously (for example sales history, website engagement, event attendee numbers, information about donations and amounts) to report to our funders and help us plan our future activity. Koestler Arts may use and disclose general information in aggregate (so that no individuals are identified or personal data is disclosed) for strategic development purposes.

How we protect your data:
We have in place physical, electronic and managerial procedures to safeguard and secure the personal information we collect.

Koestler Arts will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. We take seriously our responsibility to protect the data you choose to share with us. We also take precautions to protect your data once we have it (including paper-based or computer records) – it is securely held, redacted or anonymised where necessary, password protected and available only to the few members of staff who are responsible for contacting you.

Third Party Services:
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us. Third-party service providers such as payment gateways and other payment transaction processors have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions. We recommend that you read their privacy policies, so you can understand the manner in which your personal information will be handled by these providers. We use Stripe to process payments, their privacy policy can be found at: https://stripe.com/gb/privacy

Sharing your personal information
Koestler Arts does not sell or share personal information with any third parties for marketing purposes.

Notification of Changes to this Privacy Policy
We reserve the right to modify this privacy policy at any time in the light of any relevant changes in legislation or related good practice, please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website.

What are your rights?
Where Koestler Arts is using your personal data on the basis of consent, you have the right to withdraw that consent at any time. You can opt out of receiving information from us via email using the un-subscribe link.

You can contact us at any time if you wish to view, verify or amend your personal data or preferences. We reserve the right to verify that any requested amendments are accurate. You may request that we delete your data but where we are required to maintain the integrity of our records we may choose to anonymise your data instead. If you would like to suppress all contact from us we will need to keep limited personal data in order to comply with this request.

Questions, comments and requests regarding this Privacy Policy are welcomed and should be addressed to us using the contact details below.
By email: info@koestlerarts.org.uk
By phone: on +44 (0)20 8740 0333
In writing: Koestler Arts, 170 Du Cane Road, London, W12 0TX

Verification, updating, amendment or removal of personal data will take place within one month of receipt of your request.

How to make a complaint
In the first instance, please talk to us directly so we can resolve any problem or query. You also have the right to contact the Information Commissions Office (ICO) if you have any questions about Data Protection. You can contact them using their help line 0303 123 113 or at www.ico.org.uk.