17 November 2020
The purpose of this policy is to give you a clear explanation about how Container collects and processes your information.
Personal data is defined as any information that can be attributed to a living individual. We adhere to the General Data Protection Regulation (GDPR) principle of transparency. As data controllers we will only process your personal data in accordance with the GDPR, the Data Protection Act 2018 and any other privacy laws that apply (“the Data Protection Legislation”).
This policy explains:
• When we collect information from you
• What we collect
• What your rights are under GDPR,
• How to contact us if you have questions, concerns or wish to exercise your rights regarding the use of your personal data.
Who We Are
Container is an online magazine exploring different perspectives in creative technology. It is led by the Creative Economies Lab at UWE Bristol as part of its collaborative research and development programmes: Bristol+Bath Creative R+D and South West Creative Technology Network. The data controller is UWE Bristol.
You can contact us with any questions about how your data is used at email@example.com.
When do we collect information from you, and what data do we collect?
Generally, we collect your information when you decide to interact with us. We will always tell you about the information we wish to collect from you and how we will use it.
Here are the main ways we collect personal data, why we’re using it, and the legal basis for using it:
When you use the website:
• When you sign up to the Container Email List: We will collect your email address and name to send you marketing and updates via email, provided you have consented / opted in through signing up to the list.
When you apply to contribute to container:
• In order to carry out a contract with individuals who apply to contribute to Container – as a writer, content creator or as part of a residency – we will collect:
– personal data including name, email address, occupational and employer information, home and work postcodes, content keywords and description, and any network affiliations in the South West (e.g. your relationship to partner universities and industry partners).
– additional data such as your headshot and professional biography.
– we may also ask you to participate in anonymous diversity and equality monitoring – participation in this is voluntary.
When you register / book tickets for live events:
• We will collect your email address and name in order to send you event tickets and updates.
• To provide a service to you, and also fulfil our legal Health and Safety obligations we may also collect data regarding accessibility, allergy and dietary requirements in order to ensure health, safety and accessibility for all Container participants and audiences.
Who do we share your data with?
We share data with the third party service providers listed below, who provide services to us so that we are able to fulfil our obligations to you. Any data processed on behalf of Container is processed only to the extent required by them to perform the services that Container requests. Any use for other purposes is strictly prohibited within a data sharing agreement between us and the provider. Furthermore, any data that is processed by third parties must be processed within the terms of this policy and in accordance with the United Kingdom Data Protection Act 2018 and General Data Protection Regulation 2016.
• Mailchimp: Mailchimp’s servers are based in the US. Mailchimp participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. They are committed to subjecting all Personal Information received from EEA member countries, United Kingdom, and Switzerland, respectively, in reliance on each Privacy Shield Framework, to each Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view their certification, visit the U.S. Department of Commerce’s Privacy Shield website available here.
• Eventbrite: Eventbrite’s servers are located in the US. Eventbrite is certified with the EU-US Privacy Shield Framework which means that they comply with a heightened standard when handling Personal Data transferred to the US from the European Union.
• Plausible Analytics: Plausible Analytics track the usage of the website without collecting any personal data or personally identifiable information (PII), without using cookies and while respecting the privacy of the website visitors. It is based in the EU and fully GDPR compliant. See their data policy here.
If you apply to contribute to Container, your data (as detailed above) will be shared with our Editorial Team and may be shared with our programme partners:
• The partners for Bristol+Bath Creative R+D are: University of the West of England (UWE), Bristol, Watershed (Bristol), Bath Spa University, the University of Bristol and University of Bath.
• The partners for South West Creative Technology Network are: University of the West of England (UWE), Bristol, Watershed (Bristol), Bath Spa University, the University of Bristol and University of Bath, Kaleider (Exeter), University of Plymouth and University of Falmouth.
Aggregated, anonymised data may be shared with our funders and public stakeholders, unless we have your informed consent to share identifying information.
We may also share your data when we have a legal obligation to disclose your information. If we are required to provide a third party with your personal information (whether by court order or otherwise), then provided we have collected and retained an email address for you, we will use reasonable means to notify you promptly of that event.
How do we keep your data secure?
We take a robust approach to protecting your information with secure electronic and physical storage areas for data with controlled access. Alongside these technical measures there are comprehensive and effective policies and processes in place to ensure that users and administrators of information are aware of their obligations and responsibilities for the data they have access to. By default, people are only granted access to the information they require to perform their duties. Mandatory data protection and information security training is provided to staff and expert advice is available if needed.
How long do we keep your data for?
Your data will only be retained for as long as is necessary to fulfil its cited purpose. Here is how long we will retain your data for each data set:
• When you use the website: anonymised data will be collected and held via Google analytics for as long as the Container site is operational
• When you sign up to the Container Email List: for as long as Container is operational unless you decide to unsubscribe. In the event that Container ceases to exist, the mailing list will be deleted within six months.
• When you apply to contribute to container: for as long as Container is operational unless you request for it to be deleted.
• When you register / book tickets for live events: your data will not be retained after the event unless you have opted in to receive marketing from Container.
In the event that Container ceases to exist your personal information will be deleted within six months.
Your rights and how to exercise them
Under the Data Protection legislation you have the following qualified rights:
• The right to access your personal data held by or on behalf of Container
• The right to rectification if the information is inaccurate or incomplete
• The right to restrict processing and/or erasure of your personal data
• The right to data portability
• The right to object to processing
• The right to object to automated decision making and profiling
• The right to complain to the Information Commissioner’s Office (ICO)
We will always respond to concerns or queries you may have. If you wish to exercise your rights or have any other general data protection queries please contact: firstname.lastname@example.org.