This policy applies to information held about clients and prospective clients, suppliers and prospective suppliers, contacts and all other persons about whom Be Smart About Art Ltd. holds information. By ‘information,’ we mean personal information about you that we collect, use, share and store.
In this policy, “we,” “us,” “our” and “BSAA” means Be Smart About Art Ltd., and “you” means the individual to whom the information relates. We are the data controller and we operate our website www.besmartaboutart.com (our site).
Information we collect about you
We may collect and store the following types of information about you when you visit our site or by corresponding with us (for example, by e-mail). This includes information you provide when registering to use our sites or sharing any data via our social media functions.
The information given to us may include:
▪ your name;
▪ your contact information such as your address, email address and telephone number;
▪ Your payment details / financial data i.e. your bank name, account number and sort code (note that payment information provided for BSAA Members is not collected by Be Smart About Art, and is secure via PayPal, a GDPR compliant service); ▪ when browsing our site, your IP address, your browser type and language;
▪ information related to your attendance of, and interest in, BSAA events, services and products;
▪ information about you that you give us in person at our events, by filling in forms on our site www.besmartaboutart.com (our site) (e.g. the contact us section or to sign up to our mailing list) or by corresponding with us by phone, email or otherwise;]
▪ information in relation to your purchase of our goods and services; and
▪ for individuals who sign up for BSAA Membership, your selected username (however note that we do not have access to your password).
How we collect information about you
You may give us your information by filling in forms on our site or by corresponding with us by post, phone, email, on social media or otherwise.
This includes information you provide when you:
▪ visit us at our events as well as third-party events with which we’re affiliated;
▪ purchase services and/or goods; and
▪ meet you at another event
Legal basis for processing
Our processing of your personal information is necessary (i) for the purposes of legitimate interests pursued by us; (ii) in order to comply with a legal obligation to which we are subject; or (iii) for the performance of contracts to which you will be a party to and in order to take steps at your request prior to you entering into those contracts.
In relation to any processing of special categories of personal data, we will generally rely on obtaining specific consent from you at the time unless there is otherwise a legal requirement for us to process such information.
Where our processing is based on the legitimate interest grounds described above, those legitimate interests are:
▪ collecting personal information to provide you with a smooth and efficient client experience;
▪ running our business;
▪ to make sure you receive updated information on BSAA’s activities;
▪ to provide the services you have requested; and
▪ for our own marketing, research and development.
How we use your information
We use your information to:
▪ provide information about our events, services and products;
▪ keep you informed about events, services and products that we think you may find interesting;
▪ carry out our obligations arising from any agreements entered into between you and us;
▪ communicate with you;
▪ administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
▪ keep our site safe and secure;
▪ comply with legal and regulatory obligations; and
▪ for security and to check your identity.
Will we share your information with third parties?
Except as expressly set out in this policy we will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. The personal information you provide to us may be shared with the following categories of companies if this is necessary to provide you with our services or products, respond to your inquiries or for any of the purposes described in this policy:
▪ service providers; or
We may also share your personal information with:
▪ law enforcement agencies, other governmental agencies or third parties if we are required by law to do so; and
▪ other business entities should we plan to merge with or be acquired by that business entity, or if we undergo a re-organisation with that entity.
At any time, you have the right:
▪ to request access to or a copy of any personal data which we hold about you;
▪ to rectification of your personal data, if you consider that the information we are holding is inaccurate;
▪ to ask us to erase your personal data, if you consider that we do not have the right to hold it;
▪ to withdraw consent to our processing of your personal data (to the extent such processing is based on previously obtained consent);
▪ to ask us to stop or start sending you marketing messages as described below in the marketing section;
▪ to restrict processing of your personal data;
▪ to data portability (moving some of your personal data elsewhere) in certain circumstances;
▪ to object to your personal data being processed in certain circumstances; and
▪ to not be subject to a decision based on automated processing and to have safeguards put in place if you are being profiled based on your personal data.
Any request from you for access to or a copy of your personal data must be in writing and we will endeavour to respond within a reasonable period and in any event within one month in compliance with data protection legislation. We may ask for proof of your identity before providing any information and reserve the right to refuse to provide information requested if identity is not established. We will comply with our legal obligations as regards your rights as a data subject.
We aim to ensure that the information we hold about you is accurate at all times. To assist us in ensuring that your information is up to date, do let us know if any of your personal details change at the following email address firstname.lastname@example.org.
Where you are one of our clients or have otherwise agreed to be contacted for marketing we may use your personal information to send you information about our events, services and products. You can stop receiving marketing messages from us at any time by clicking the ‘Unsubscribe’ link at the bottom of any email we send you.
You also have the option of “unsubscribing” from our mailing list at any time thereby disabling any further such e-mail or other communication from being sent to you by emailing email@example.com.
We will action any opt out request from you without delay.
How long will we keep your information?
We will only keep the information we collect about you for as long as required for the purposes set out above or as required to comply with any legal obligations to which we are subject. This will involve us periodically reviewing our files to check that information is accurate, up-to-date and still required. Where we are permitted to send you direct marketing communications we may retain your contact information necessary for this purpose, for as long as you do not unsubscribe from receiving the same from us. If you opt out from marketing, we will retain your information to enable us to respect your wishes to not be contacted for marketing purposes.
Security and storage of your information
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
The information that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us, or for one of our service providers.
When we, or our permitted third parties, transfer your information outside the European Economic Area, we or they will impose obligations on the recipients of that data to protect your information to the standard required in the European Economic Area or otherwise require the recipient to subscribe to international frameworks intended to enable secure data sharing. In the case of transfers by us, we may also transfer your information where: (i) the transfer is to a country deemed to provide adequate protection of your information by the European Commission; or (ii) where you have consented to the transfer.
Links to other sites
Certain features of our site will allow for social networking. You should ensure when using these features that you do not submit any personal data that you do not want to be sent, collected or used by other users, such as profile details or e-mail address.
Questions, comments and requests regarding this policy are welcomed and should be addressed to firstname.lastname@example.org.
If you have any concerns about our use of your information, you also have the right (as a UK resident) to make a complaint to the Information Commissioner’s Office, which regulates and supervises the use of personal data in the UK, via their helpline on 0303 123 1113.
Children under 14
We do not intentionally collect any information on children under 14 years of age. We will undertake to delete any details of such users where a parent or guardian has notified us that any such details have been obtained.
Changes to this policy
Any changes we make to our policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our policy.