- Our customers, supporters and members are important to us, you make our world go around. Z-arts relies on your trust and we want you to know that we will always follow the law and best practice when it comes to handling your data.
- We will never bombard you with information that we think you won’t like, that you’re not interested in or that is irrelevant to you. We will always listen and adhere to your current communications preferences. If you ever feel like you are receiving information that you don’t want or are not interested in, let us know.
- We will only analyse your data to communicate with you more effectively or to help improve your experience of visiting us, and to ensure that we are achieving our goals.
- We will never sell your information, share it with a third party who will misuse it or handle it insensitively.
Z-arts (“we”) are committed to protecting and respecting your privacy. This policy sets out the basis on how we process, handle and use any personal data we collect from you, or that you provide to us. Please read the following carefully to understand our approach to and practices regarding your personal data and how we will treat it.
Why this policy exists:
We are committed to protecting your personal information and being transparent about what information we hold about you.
Using personal information allows us to develop a better understanding of our customers and audiences and in turn to provide you with relevant and timely information about the work we do. As a registered charity, it may also help us to engage with potential donors and supporters.
- Complies with General Data Protection Regulation law and follows good practice;
- Protects your rights;
- Is transparent about how it stores and processes your data;
- Protects itself from the risks of a data breach;
- Provides you with a clear explanation on how we and our subsidiaries collect and use data we receive directly and from third parties.
This policy explains:
- What information we may collect about you;
- How we may use that information;
- In what situations we may disclose your details to third parties;
- Information about how we keep your personal information secure, how we maintain it for you and your rights to be able to access it.
If you have any enquiries about this policy, please contact firstname.lastname@example.org
Who we are
Z-arts is a registered charity (charity number 1093556) and is funded by Arts Council England (ACE), Manchester City Council and GMCA as well as various trusts, foundations and individual donors and businesses. We are a registered company in England and Wales under registration number 41013224.
Z-arts is Manchester’s dedicated venue for children, families and friends and our mission is to inspire and enable generations of young people from across Manchester and beyond to utilise their creativity to maximise their potential. Creative learning is at the core of everything Z-arts do, both inside and outside the building. We work with schools and communities all over Greater Manchester, spanning the whole curriculum. We strive to be forward thinking in all our projects, making them as relevant, accessible, educational and, of course, fun as everyone who takes part in them deserves.
Under the Z-arts umbrella are Big Imaginations and our Z-café. Big Imaginations is a venue consortium right across the North West and Yorkshire. Our staff programme, market and fundraise for the consortium. Each venue is responsible for its own data records and personal data is never shared between venues, but anonymised data such as how many tickets are sold for each production is shared.
Z-café, which trades as Z-arts Trading, is managed and staffed by Z-arts. Information on the cafés payment system, which is the only way personal data is collected, can be found in the Client’s and Finance section.
We collect several types of information and in several ways:
- Information you give us
Information that you provide us with by corresponding with us by phone, email, letters, or otherwise, as well as by filling in forms on our website www.z-arts.org or physical forms such as feedback evaluation, support us forms, Bright Sparks membership forms, job applications, artist applications and/or commission applications. This information will include any information you provide when you register to use our site, subscribe to our service, search for a product, place an order on our website, participate in discussion boards, or other social media functions on our website, enter a competition, promotion or survey (on our website, via social media, through email communications, or physically) and when you report a problem with our website. If you have previously (prior to 25 May 2018) provided us with consent to be contacted using a tick box on our website, signing up to Bright Sparks membership or signing up to our e-newsletter via the website or provided your consent to be contacted with marketing communications at point of ticket sale/booking, this data is stored in our ticketing CRM system and we may contact you in line with your preferences.
The information you give us may include but may not be limited to your name, address, email address, phone number and any emergency contact details we may need, as well as financial and/or credit card information and any information you may need to share with us, such as access needs, photo consent and emergency contacts. The personal information you supply to us by opting-in to marketing communications (when you sign up, buy tickets, join our membership schemes, for example) will be used by Z-arts to keep you up to date with events, share good news, productions activities organised by Z-arts in our venue and in the community, and news and information from Z-arts. Each email we send you offers you the opportunity to amend these preferences including to opt-out.
- If you contact us we will keep a record of that correspondence and incorporate the information, it contains into our database. However, we promise we will only use this data to contact you if we feel you will find it relevant, useful or necessary. We will not tell you about things we know you’re not interested in You are always welcome to update your preferences on these or if we are contacting you too frequently. Information about your interactions with us
To make sure your online experience with us is a positive one, we may monitor anonymised data about how customers are using our website. This data can never be linked to your person:
- Personal Data recorded technically: this can include the Internet Protocol (IP) address; browser type and version; the device used to visit our website; time-zone setting; browser versions; operating system and platform, how you have come to be on our website (e.g. via social media, via a search engine)
- Information about your visit including: The Uniform Resource Locators (URL) clickstream to, through and from our site (including time and date); number of visits to our website and to particular pages; products you have viewed or searched for; page response times; download errors; lengths of visit to the website or pages; page interaction information (e.g. hover-overs, image clicks)
Regarding communications, email communication interaction information, we may automatically collect the following information:
- Page interaction information (e.g. hover-overs, image clicks)
We manage most data through our ticketing CRM (Customer Relationship Management) system, a cloud-based system that allows us to:
- Monitor customers and the tickets they’ve purchased, money spent, events they’ve attended, schemes they are a part of, e.g. Bright Sparks membership. This allows us to ensure we are programming future works that may prove popular, we can view a family’s progress and involvement with us over time, and we can submit the correct information to our finance departments, amongst other reasons.
- Store personal details of patrons: contact details, family members, gender, date of birth. This is part of our monitoring required by external funders, allows us to contact family members in an emergency, and ensure that participants are attending age-appropriate events and activities, amongst other reasons.
- Record donations and Gift Aid status, where applicable. This information is legally required by the HMRC and our financial records.
- Record any communication we have had with patrons e.g. receiving of our e-news. We may record additional correspondence, e.g. if we wrote personally to a donor, but this is not set practice. This allows us to closely monitor how often we are contacting customers and what about.
Our CRM system does not store any bank or credit/debit card details.
As part of our grant agreements, we also share anonymised post code data for Z-arts theatre audiences and Z-arts participants (if information has been provided and permission has been granted during the sign- up process) with Manchester City Council, Audience Agency, Arts Council and other funding bodies. This allows us to have a clear picture on where our audiences are coming from and we run the same report each year to compare our progress.
(The Audience Agency is a mission-led charity: Their purpose is to enable cultural organisations to use our national data to increase their relevance, reach and resilience. You can read more about them here.)
- Information from third parties
Z-arts will only gain anonymised information about you from other venues, organisations or artists that are either programmed by Z-arts, are part of the Big Imaginations network, or have hired out space at Z-arts.
In questionnaires or feedback surveys, Big Imaginations venues/organisations will ask whether you would like to hear from themselves, the production company of the show/event that you have attended, and Z-arts, and ask for your email address if you answer yes to any.
- Collection of data for users under 18
As a children’s arts venue, we host many workshops, classes and activities for children and persons under the age of 18. We only collect this information from a parent/carer/guardian, we do not collect this information directly from the child.
We collect this information to ensure we offer age appropriate activities, that we can monitored a young person’s involvement, that we can keep them safe within our space (photo consent and emergency contact details) and we can provide anonymised data to our funders (such as ages and postcodes.) Information we collect about your child includes:
- Full name
- Age and DOB
- Photo consent
- Access Requirements
- Medical history
- What school they attended
- Family relationships, including parents and siblings
- Sensitive personal data
We may collect sensitive personal information about you, including information about your racial or ethnic origin, your religious beliefs or other beliefs, and whether you have any access requirements or disabilities. We collect this information if you or we believe it may impact on your safety, enjoyment and involvement at Z-arts, for example if you need to use a hearing loop, or require additional facilitators to participate, or can’t eat certain foods. Such sensitive personal data will only ever be collected after having obtained your explicit consent to do so or where it is necessary to do so to comply with legal requirements, including for employment law purposes.
USES MADE OF INFORMATION – LEGAL BASIS
- Contract purposes
When you make a purchase from us, a booking with us, or donate to us, you are entering into a contract with us. To perform this contract, we need to process and store your data. For example, we will need to provide you with a booking confirmation via telephone or, more likely, email or we may need to contact you by email or telephone in the case of a cancellation of a show or in case of problems with your payment.
- Legitimate business interests
In certain situations, we collect and process your personal data for purposes that are in our legitimate organisational interest. However, we only do this when there is no overriding prejudice to you by using your personal information in this way. We describe below all the situations where we may use this basis for processing.
- With your explicit consent
We aim to communicate with you about the work that we do in ways that you find relevant, timely and respectful. To do this we use data that we have stored about you, such as what events you have booked in the past, including free events, as well any preferences you may have told us about.
We use our legitimate organisational interest as the legal basis for any marketing communications by postal mailings and email, including pre-show information emails. We believe that audience members, patrons, participants and their guardians, and Bright Sparks members (including those who have been to a free open day or event) are connected to our mission and to our products, including Big Imaginations productions programmed to visit Z-arts and that they would be interested in future events and pre-show information to help them have the best possible visit they can.
In the case of postal mailings, you may object to receiving these at any time using the contact details at the end of this policy. When you sign-up on Z-arts webpage, you must ‘opt-in’ to receive postal mailing from us. In the case of email, we will only contact people who have agreed to be contacted by email, we will give you an opportunity to opt-out of receiving them during your first purchase or transaction with us. If you do not opt-out, we will provide you with an option to unsubscribe in every email that we subsequently send you, or you can alternatively use the contact details at the end of this policy.
We may also contact you about our work by telephone, however we will always get explicit consent from you before doing this. Please bear in mind that this does not apply to telephone calls that we may need to make to you related to your purchases (as stated above).
Unless you tell us not to, we think you are content for us to process (keep and use) your personal information for the following lengths of time. We will only contact you with marketing communications if you have purchased or booked a ticket or membership from Z-arts or Z-arts Bright Sparks within the past three years. As of May 2018, we promise not to keep your personal information for longer than 16 years; this is for analysis purposes to ensure we are achieving our aims and providing customers with the best possible experience.
Other processing activities
In addition to marketing communications, we also process personal information in the following ways that are within our legitimate organisational interests:
- We may analyse data we hold about you to ensure that the content and timing of communications that we send you are as relevant to you as possible.
- We may analyse data we hold about you to identify and prevent fraud.
- To improve your experience on our website, we may analyse how you use our website and the content and adverts that you interact with.
- To send surveys. We promise not to send too many surveys, but as it is necessary for us as a charity to report feedback from our customers and audiences to our funders and supporters, we will occasionally need to send out a survey via email to our customers and audiences.
- Photography – we will ask Bright Sparks members to provide consent for us to take photography of them and their children. We will also ask for people to let us know if they are happy to have their photographs taken when they come to one of our free fun days. Whenever we take photography, we will make you aware that that is what we’re doing and that these photographs may be used on our social media, website and/or other marketing materials. If you are a Bright Sparks member, your consent will be valid for a year and we will ask you for your consent if/when you renew your membership. You have the right to say no to us taking photographs of you or your children. All photos will be saved in a protected folder with restricted access. NSPCC advise having a photography policy.
- To provide anonymised data to our funders, specifically Children in Need and Youth Music.
- To remind you your membership for Bright Sparks is due for renewal.
In all the above cases we will always keep your rights and interests at heart to ensure that they are not overridden. You have the right to object to any of this processing at any time.at If you wish to do so, please use the contact details at the end of this policy. Please bear in mind that if you object to any of these processing systems, it may affect our ability to carry our tasks above that are for your benefit or it may affect our funding and therefore our offer and output. For example, we could not contact you if a class or show has been cancelled that you were due to attend, or we could not provide HMRC with finiacal records to evidence donations.
There are certain circumstances under which we may disclose your personal information to third parties. These are as follows:
- To the subsidiaries described above when it is necessary for them to be able to provide you with products or services that you have requested.
- To our own service providers who process data on our behalf and on our instructions (for example our ticketing system software provider). In these cases, we require that these third parties comply strictly with our instructions and with data protection laws, particularly with the security of personal data.
- To service providers of postal marketing communications. In these cases, we require that these third parties comply strictly with our instructions and with data protection laws, particularly with the security of personal data.
- Where we are under a duty to disclose your personal information to comply with any legal obligation (for example to government bodies and law enforcement agencies).
- To specific named visiting companies whose performances you have attended. In these cases, we will always ask for your explicit consent before doing so.
- When requesting Gift Aid payments from HMRC.
- If you have consented to hear from third parties via our Big Imaginations feedback forms.
Storing your personal data
Your debit and credit card information
If you use your credit or debit card to purchase from us or to donate, we will ensure that this is carried our securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). You can find more information about this standard here. Any payment transactions will be encrypted. This excludes information given to set-up a direct debit. Please see our fundraising section for more information regarding this.
Security of your personal information
We will put in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your personal information as secure as possible. We will ensure that any third parties we use for processing your personal information do the same.
We will not transfer, process or store your data anywhere that is outside of the European Economic Area.
You have a right to request a copy of the personal information we hold about you and to have any inaccuracies in this data corrected. You have the right to ask us not to process your personal data for marketing and fundraising purposes. You have the right to request no marketing communications from us and to update your communications preferences at any time. Please use the contact details at the end of this policy if you would like to exercise any of these rights.
Contact details and further information