Why we collect personal information
Connect the Dots is a consultancy supporting arts, culture and heritage organisations to understand current and potential audiences better and to evaluate their products and services. As part of this work we often need to make contact with individuals and groups of people, through emails, surveys, phone and video calls. People contacted may be members of the public, museum or gallery visitors, activity participants and other stakeholders.
Much of the time, and where at all possible, we ensure that individuals cannot be directly identified from the information we collect, and this is therefore not “personal data”. However, there are occasions where we may need to collect personal data, and these are:
- where an incentive is offered to complete a survey such as a prize draw or offer of a voucher, and we need to contact you to distribute the incentive
- where we ask, and you agree, to be contacted again to answer further questions
- so that we can ensure our survey or focus group sample is representative of the overall audience we are considering in terms of their characteristics
- where we need to answer a particular question or make comparisons between different groups of respondents according to a particular characteristic
The types of personal information we collect and how we get it
Most of the personal information we process is provided to us directly by the individuals themselves. Sometimes this can also be provided by a third party e.g. the client organisation; if this is the case your permission will be asked first by the organisation.
Responding to the needs of the situation, we may collect and process the following information:
- Personal identifiers e.g. name, job title, role in a project or activity
- Contact information such as phone numbers, email addresses, social media account names
- Personal characteristics e.g. age, gender, ethnicity, work status, family status
- Location data e.g. postcode
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. You are able to remove your consent at any time. You can do this by contacting email@example.com
(b) We need it to perform a public task
(c) We have a legitimate interest
More information about lawful bases is available here: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/
Sharing personal information with others
It is usually not necessary to share any personal information with the client when reporting on evaluation and research findings as data is aggregated and anonymised. There are a small number of scenarios where personal information may be shared with the client or another organisation:
- Where you have indicated you would like your contact details to be added to an organisation’s mailing list at the end of a survey
- Where you have indicated that you would like to take part in a future activity that the client is providing
- Where you have made an enquiry or complaint about the organisation in a survey and have asked for this to be followed up in your comments
- Where there is a safeguarding concern
With the exception of a safeguarding concern, your permission will be asked before your personal data is passed to another organisation.
How we store your personal information
The majority of personal data collected by Connect the Dots is stored on the following platforms:
Mail Chimp: https://mailchimp.com/legal/
Some personal data is also stored on a PC hard drive which is protected with anti-virus software. Email addresses are also stored securely with email accounts with LCN and Yahoo email providers.
We take care to minimise the amount of personal data collected and store it for the shortest time possible in order to complete the processing. For a survey, this is typically three months after the survey closes. For a project evaluation, this is typically one month after the project is completed. Data is routinely deleted from online platforms and from hard drives. In some cases, business email addresses may be retained after the project is completed for future use, but not any personal email addresses that may have been provided.
Your data protection rights
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at firstname.lastname@example.org if you wish to make a request.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at email@example.com
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113 ICO website: https://www.ico.org.uk