Roving Artist data-protection policy
AS ARTISTS we have long recognised the importance of data: of keeping it securely and not abusing it. We take pride in our artistic and creative communications with existing and potential clients. However, we also realise that those who entrust us with their contact details do so in the expectation that we will use it judiciously and will not bombard them with ‘spam’. We have never sold contact details to any third party.
We welcome the recent introduction of GDPR and take the view that our use of data has always been within the spirit of this legislation. We have taken this opportunity to formalise our use of data into this data-protection policy.
This policy identifies the main sources of data we hold, what we use it for, and describes the means by which we use and process it.
A. Data Audit
We have identified the following sources of data we hold, and the manner in which we store it:
- Trade-show contacts. These are business contacts we have made when taking a stand to promote our services at a variety of event-related trade shows. The data is held in the form of electronic scans of business cards and associated notes, and/or scanner data from the show. Metadata for each contact includes the name and date of the show where we met, together with any notes we may have taken about the client at the time.
- Business clients and enquirers. Those who have contacted us with an enquiry for a corporate event, whether by phone, email or website form. Their contact details remain in our email archives, calendar archives and in any paperwork relating to the event, whether or not the event is confirmed.
- Personal clients and enquirers. Those who have contacted us with an enquiry for a private event (such as a wedding or birthday party) whether by phone, email or website form. Their contact details remain in our email archives, calendar archives and in any paperwork relating to the event, whether or not the event is confirmed.
- Regular contacts. In addition to the above event-enquiry records, regular clients (both business and personal) and regular suppliers also have their contact details recorded in the Mac application “Contacts”, our principle contact database, for ease of access. This database is automatically backed up to Apple’s iCloud.
- Silhouette Duplicates. These are white-paper copies of each silhouette cut by Charles Burns. They are sorted by event and eventually pasted into a series of large, blue albums. Individual names are not recorded (except in the case of notable and public figures) and contact details are never recorded. The metadata recorded for each silhouette includes the date, occasion and location at which it was cut.
- Photographs. These are occasionally taken at events where we work, and may include guests at those events. Some of these are taken by the artist, usually using a smartphone, while others are sent to us post event by the client. Metadata held includes whatever data was recorded by the camera device at the time (date, time, GPS location, etc.). Photographs are stored in the Mac application ‘Photos’ and/or email archives. Photographs stored in ‘Photos’ are automatically backed up in Apple’s iCloud.
- Website cookies. Our website may use a limited number of cookies. These are small files saved to the user’s computers hard drive that track, save and store information about the user’s interactions and usage of the website.
- Email data. The email programs we use utilise tracking facilities. These allow us (if ever time permits) to track the opening and forwarding of emails, the clicking of links within emails, and the times, dates and frequency of such activity.
B: Uses of Data
We have identified the following principle uses for the above data:
- Event details. We retain business and personal data relating to bookings and events to allow us to provide our services, communicate with clients about their events, establish their preferences, and for billing and payment purposes. This information is essential in allowing us to perform silhouette cutting at events.
- Post trade-show messages. All trade-show business contacts receive a follow-up message, by email and/or post, thanking them for visiting the stand and requesting further information. It also invites further questions about what we do.
- E-mail newsletter database. E-mails from trade-show contacts, regular clients, business enquirers and those private clients who have expressed an interest in our newsletter are complied into an email newsletter database. This contains names and emails only, together with any notes about when and why they were added to the database. This list is currently stored as a ‘Direct Mail’ database file (a Mac OS email program) and backed up to the Direct Mail’s own cloud service.
- E-mail newsletter. This is sent on an irregular basis, three or four times a year to all contacts in the above newsletter database. The email data collected by Direct Mail allows us to see who may be opening our newsletters or not.
- Postal updates. Regular clients may also receive occasional postal updates.
- Artistic and copyright records. Silhouette duplicates cut by Charles Burns are kept as a personal artistic record and to preserve the artist’s copyright for each silhouette cut. They allow Charles to monitor the development of his own skills as an artist, and to check ‘bad cutting habits’ when and if they develop.
- Reproduction of silhouettes. Duplicate silhouettes are also available to our clients should they wish us to compile a print of all the silhouettes cut at a particular event (most often a wedding), or to replace lost or damaged silhouettes of personal value.
- Social media. Images, including silhouette duplicates and photographs, are used in our various social-media campaigns, principally on Twitter, Instagram and Facebook.
- Christmas cards. Regular contacts receive a hand-made Christmas card each year.
Our communications, outside of those relating to a specific booking or an event, are sent on the basis that we have a legitimate interest in doing so. Any such communications are limited, tailored and only sent to clients or those people who we reasonably believe would be interested in receiving that particular communication.
The following systems are in place to obtain and record permissions for use of data:
- Business contacts made at trade shows are asked verbally if they are happy for us to keep in touch at the moment they give us their contact details.
- Post trade-show messages include the explanation that, in order to keep in touch, we will send a newsletter update three or four times a year. This is followed by clear and simple unsubscribe instructions should they have changed their minds about receiving such updates.
- Each newsletter includes a footnote with a reminder that the recipient is receiving our newsletter because they have expressed an interest in our work and asked us to keep in touch. This is followed by clear and simple unsubscribe instructions should they have changed their minds, and a link to the current version of this data-protection policy.
- Our newsletter is currently sent out using the Mac program ‘Direct Mail’. This program handles all unsubscribe requests automatically. It retains a record of all unsubscribed emails to ensure that they are not accidentally re-subscribed in the future.
- Whenever possible we obtain permission to use photographs in social media. However, this is only possible if the subject’s name is known, which is often not the case. Photographs containing images of children or vulnerable adults are never used in this way.
- Since silhouettes are regarded as being by nature anonymous, and since the artist retains copyright of such images, we use duplicates of silhouettes cut by Charles freely in social media. We do not include names (where these are known) without at least the verbal permission of the subject.
- Any request to take down a particular image from social media, whether a photograph or silhouette, is complied with without question.
- Original paper silhouettes are presented to guests at events on printed cards. Each card includes the copyright symbol “©” and the name to the artist, as a reminder that artists automatically retain copyright of their own work. This reminds guest that they should seek permission from us to use the image, particularly for commercial use. Implicit in this copyright is also the artist’s right use to use the image in any reasonable way.
- We do not share personal data with any third parties without express permission, and have a policy of never selling personal data to any third party whatsoever.
- No permission is sought to send Christmas cards to clients, whether business or personal.
The following notes apply to the security of your data:
- Some of the information we receive will be transmitted electronically, e.g. information provided via our website or by email. We would remind clients and suppliers that information transmitted via the internet is not completely secure. Although we do our best to protect any information transmitted in this way, we cannot guarantee its complete security.
- We have put in place appropriate security measures, including password protection (using complex passwords) and physical security measures at our premises, to prevent personal data being accidentally lost, accessed or used in an unauthorised way, altered or disclosed.
- All information provided to us is stored in the United Kingdom. No information is transferred to, or stored at, a destination outside the European Economic Area.
- In addition, we limit access to personal data to staff members who have a business need to know. They will only use data in accordance with our instructions and they are subject to a duty of confidentiality.
- We have put in place procedures to deal with any suspected personal data breach. We will notify those affected, and any applicable regulator, of a breach where we are legally required to do so.
E: Data Rights
Everybody, in summary, has the right to:
- Request access to their personal data (commonly known as a “data subject access request”).
- Request correction of personal data that we hold about them.
- Request erasure of their personal data.
- Object to processing of their personal data where we are relying on a legitimate interest (or those of a third party) and there is something about their particular situation which makes them want to object to processing on this ground as they feel it impacts on their fundamental rights and freedoms.
- Request restriction of processing of their personal data.
- Request the transfer of their personal data to themselves or to a third party.
- Withdraw consent at any time where we are relying on consent to process personal data.
- Complain to the Information Commissioner about the way in which we collect and use personal data (although we hope this will not be necessary). They can be contacted at www.ico.org.uk/ concerns or by telephone on 0303 123 1113.
F: Deletion of Data
We will delete personal data in accordance with the following guidelines:
- Emails can be easily removed from our newsletter database via the unsubscribe link at the bottom of each newsletter. We make sure these are easy to use and do work. By default, Direct Mail keeps a copy of unsubscribed emails. It does this solely to ensure they are not accidentally re-subscribed in the future and will not be used for any other purposes.
- Some people prefer to unsubscribe by sending a brief email asking us to do so. These requests need to actioned manually, and we make sure to do so before the next newsletter goes out. Any such request is retained to ensure that the individual is not accidentally re- subscribed in the future and shall not be used for any other purpose.
- Information submitted via a website form or contact by any other means (e.g. email or telephone) which does not lead to an instruction or the individual being added to our marketing database will be deleted and destroyed after [12 months].
- Information relating to any booking or an event will be deleted after 7 years, unless there is a legal reason for retaining it longer.
- Hard copies of business cards and associated handwritten notes are destroyed soon after being scanned (usually within a few months bf being received).
- Scanned copies of business cards and associated handwritten notes will be deleted after ten years.
- Any emails, which do not fall within any of the above categories, will be deleted from any archives during periodic clear outs, not more than ten years after the date they were sent or received
- Duplicates of silhouettes cut by Charles Burns, together their metadata, are kept as a personal artistic and historic record, as well as to preserve the artist’s copyright for each image. They are therefore kept indefinitely.
G: Contacting Us
This is the data-protection policy of The Roving Artist Ltd a company registered in England and Wales (company number 06142397).
To contact us about any of the above matters click on the silhouette below, or
Post: The Roving Artist Ltd, Mays Barn, Emmer Green, Reading, RG4 8UA
Telephone: 0118 947 6637 or 07803 085637
This policy is effective from the date below. We may change this policy from time to time by updating this webpage.
Last update: 09-VIII-2021 by Charles Burns