Nopa
Number one performing arts charity

Privacy Policy

PRIVACY POLICY

NOPA is committed to protecting your privacy. At all times we aim to respect any personal information you share with us, or that we receive from others, and keep it safe. This Privacy Statement (Statement) sets out our data processing practices and your rights and options regarding the ways in which your personal information is used and collected (including through this dedicated NOPA website).

This Statement contains important information about your personal rights to privacy. Please read it carefully to understand how we use your personal information. 

The provision of your personal information to us is voluntary. However, without providing us with your personal information, we may not be able to involve you in our activities or respond to your enquiry.

What personal information do we use?

We may collect, store and otherwise process the following kinds of personal information:

  1. Your name and contact details including postal address, telephone number, email address;
  2. Your social media identity;
  3. Details of your organisation and the position you hold there;
  4. Information about your computer/ mobile device and your visits to and use of this website, including, for example, your IP address and geographical location;
  5. Personal information you provide to us
  6. Details about your interaction with NOPA;
  7. Personal descriptions; and/ or any other personal information which we obtain through our interactions.

Do we process special categories of personal information?

The EU General Data Protection Regulation (GDPR) recognises certain categories of personal information as sensitive and therefore requiring more protection, for example information about your health, ethnicity and religious beliefs.

In certain situations, the Trust may, through NOPA, collect and/or use these special categories of personal information (for example, information about individuals ethnicities may be made available to funding organisations aiming to improve equality of opportunity in certain areas, or information about individuals health conditions may be stored by an organisation record-keeping purposes). We will only process these special categories of personal information if there is a valid reason for doing so and where the GDPR allows us to do so.

How and why will we use your personal information?

Your personal information, however provided to us, will be used for the purposes specified in this Statement. In particular, we may use your personal information:

  1. To assess your involvement in NOPA;
  2. To update you on the status of your activity with us
  3. To provide further information about our work, services or activities (where necessary, only where you have provided your consent to receive such information); 
  4. To confirm your identification when you contact us; 
  5. To answer your questions/ requests and communicate with you in general; 
  6. For our own internal record keeping purposes; 
  7. To manage relationships with our partners and service providers; 
  8. To analyse and improve our work, services, activities, products or information (including our website), or for our internal records; 
  9. To keep our facilities safe and secure; 
  10. To run/administer NOPA, including our dedicated NOPA website, and ensure that content is presented in the most effective manner for you and for your device; 
  11. To audit and/ or administer our accounts; 
  12. To satisfy legal obligations which are binding on us, for example in relation to regulatory, government and/or law enforcement bodies with whom we may work (for example requirements relating to the payment of tax or anti-money laundering); 
  13. For the prevention of fraud or misuse of services; and/or 
  14. For the establishment, defence and/ or enforcement of legal claims.

Lawful bases

The GDPR requires us to rely on one or more lawful bases to use your personal information. We consider the grounds listed below to be relevant:

  1. Where you have provided your consent for us to use your personal information in a certain way (for example, we may ask for your consent to use your personal information to send you marketing or promotional information about NOPA or software developments, or to collect special categories of personal information. Special categories of personal information are explained above).
  2. Where necessary so that we can comply with a legal obligation to which we are subject
  3. Where necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering a contract.
  4. Where there is a legitimate interest in us doing so. 

The GDPR allows us to collect and process your personal information if it is reasonably necessary to achieve our or others legitimate interests (as long as that processing is fair, balanced and does not unduly impact your rights as an individual).

In broad terms, our legitimate interests means ensuring that NOPA operates efficiently.

When we process your personal information to achieve such legitimate interests, we consider and balance any potential impact on you (both positive and negative), and on your rights under data protection laws. We will not use your personal information for activities where our interests are overridden by the impact on you, for example where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).

Where we collect and/or use special categories of your personal information (please see above), we are required by the GDPR to rely on at least one from an additional set of conditions. We consider the conditions below to be relevant:

(a) Where you have already made public the relevant information (for example, where you have made it public on a social media account).
(b) Where the information is required for the establishment, exercise or defence of legal claims.
(c) Where the information is necessary for reasons of substantial public interest (for example, monitoring and ensuring equality of opportunity).
(d) Otherwise, where you have given your explicit consent for us to do so.

Communications for marketing/promotional purposes

We may use your contact details to provide you with information about our work, events, services and/or activities which we consider may be of interest to you.

Where we do this via email, SMS or telephone (where you are registered with the Telephone Preference Service), we will not do so without your prior consent (unless allowed to do so via applicable law).

Where you have provided us with your consent previously but do not wish to be contacted by us about our work, events, services and/or activities in the future, please let us know by using the contact link at the top of the page. You can opt out of receiving emails from the Trust at any time by clicking the unsubscribe link at the bottom of our emails.

Children’s personal information

When we process children’s personal information, where required we will not do so without their consent or, where required, the consent of a parent/ guardian. We will always have in place appropriate safeguards to ensure that children’s personal information is handled with due care.

How long do we keep your personal information?

In general, unless still required in connection with the purpose(s) for which it was collected and/or processed, we remove your personal information from our records six years after the date it was collected. However, if before that date (i) your personal information is no longer required in connection with such purpose(s), (ii) we are no longer lawfully entitled to process it or (iii) you validly exercise your right of erasure (please see Section 11 below), we will remove it from our records at the relevant time.

If you request to receive no further contact from us, we may keep some basic information about you on our suppression list in order to comply with your request and avoid sending you unwanted materials in the future.

Will we share your personal information?

We do not share, sell or rent your personal information to third parties for marketing purposes. However, in general we may disclose anonymised information to selected third parties in order to achieve the purposes set out in this Statement. 

These parties may include (but are not limited to):

  1. Funding or delivery organisations, as relevant;
  2. Suppliers and sub-contractors for the performance of any contract we enter into with them.
  3. Funding bodies with which we work;
  4. Banks (for payment processing purposes);
  5. Professional service providers such as accountants and lawyers;
  6. Parties assisting us with research to monitor the impact/effectiveness of our services;
  7. Regulatory authorities, such as tax authorities;

In particular, we reserve the right to disclose your personal information to third parties:

  • In the event that we sell or buy any business or assets, in which case we will disclose your personal information to the (prospective) seller or buyer of such business or assets;
  • If substantially all of our assets are acquired by a third party, personal information held by us may be one of the transferred assets;
  • If we are under any legal or regulatory duty to do so; and/or
  • To protect the rights, property or safety of NOPA, its personnel, users, visitors or others.

Security/storage of and access to your personal information 

The Trust is committed to keeping your personal information safe and secure and we have appropriate and proportionate security policies and organisational and technical measures in place to help protect your information.

Your personal information is only accessible by appropriately trained staff, volunteers and contractors, and stored on secure servers which have features to prevent unauthorised access.

International transfers of your personal information

Given that we are a UK-based organisation we will normally only transfer your personal information within the UK or the European Economic Area (EEA), where all countries have the same level of data protection law as under the GDPR.

However, because we may sometimes use agencies and/or suppliers to process personal information on our behalf, or if you are a customer based outside the EEA, it is possible that personal information we collect from you will be transferred to and stored in a location outside the EEA.

Please note that some countries outside of the EEA have a lower standard of protection for personal information, including lower security requirements and fewer rights for individuals. Where your personal information is transferred, stored and/or otherwise processed outside the EEA in a country that does not offer an equivalent standard of protection to the EEA, we will take all reasonable steps necessary to ensure that the recipient implements appropriate safeguards (such as by entering into standard contractual clauses which have been approved by the European Commission) designed to protect your personal information and to ensure that your personal information is treated securely and in accordance with this Statement. If you have any questions about the transfer of your personal information, please contact us using the details in section 14 below.

Unfortunately, no transmission of your personal information over the internet can be guaranteed to be 100% secure, however, once we have received your personal information, we will use strict procedures and security features to try and prevent unauthorised access.

Your rights and how to exercise them

Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for marketing or fundraising purposes or to unsubscribe from our email list at any time. You also have the following rights:

  1. Right of access – you can write to us to ask for confirmation of what personal information we hold on you and to request a copy of that personal information. Provided we are satisfied that you are entitled to see the personal information requested and we have successfully confirmed your identity, we will provide you with your personal information subject to any exemptions that apply.
  2. Right of erasure – at your request we will delete your personal information from our records as far as we are required to do so. In many cases we would propose to suppress further communications with you, rather than delete it.
  3. Right of rectification – if you believe our records of your personal information are inaccurate, you have the right to ask for those records to be updated. You can also ask us to check the personal information we hold about you if you are unsure whether it is accurate/up to date.
  4. Right to restrict processing – you have the right to ask for processing of your personal information to be restricted if there is disagreement about its accuracy or legitimate usage.
  5. Right to object – you have the right to object to processing where we are (i) processing your personal information on the basis of the legitimate interests basis (see section 4), (ii) using your personal information for direct marketing or (iii) using your information for statistical purposes.
  6. Right to data portability – to the extent required by the GDPR, where we are processing your personal information (that you have provided to us) either (i) by relying on your consent or (ii) because such processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering into a contact, and in either case we are processing using automated means (i.e. with no human involvement), you may ask us to provide the personal information to you or another service provider in a machine-readable format. 
  7. Rights related to automated decision-making you have the right not to be subject to a decision based solely on automated processing of your personal information which produces legal or similarly significant effects on you, unless such a decision (i) is necessary to enter into/perform a contract between you and us/another organisation; (ii) is authorised by EU or Member State law to which the Trust is subject (as long as that law offers you sufficient protection); or (iii) is based on your explicit consent. 

Please note that some of these rights only apply in limited circumstances. For more information, we suggest that you contact us using the details in the section below.

We encourage you to raise any concerns or complaints you have about the way we use your personal information by contacting us using the details provided in section 14 below.  You are further entitled to make a complaint to the Information Commissioner’s Office www.ico.org.uk. For further information on how to exercise this right, please contact us using the details in section 14 below.

Changes to this Statement

We may update this Statement from time to time. We will notify you of significant changes by contacting you directly where reasonably possible for us to do so and by placing an updated notice on our website.

Links and third parties

This Statement does not cover external websites and we are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policies of any external websites you visit via links on our website.

How to contact us

Please let us know if you have any questions or concerns about this Statement or about the way in which the Trust processes your personal information by using the CONTACT US form.