Our Privacy Promise
To be transparent in the way we use personal information and not use it for purposes we have not told you about.
To keep your personal information secure.
To only collect personal information that we need to deliver our charitable aims.
Not to sell your personal information for marketing.
To respect your privacy rights.
Our Privacy Notice explains how we aim to achieve this, as well as the ways in which we use your personal information and your rights to it. Please read it carefully.
1. Who we are
When we use the terms “we”, “us” or “our” in this Notice we are referring to The Business of Art & Culture Scandinavia (BARC Scandinavia) which is registered in Denmark.
Your personal information is used by BARC in the manner described in this Notice and may be shared internally between these component parts to achieve the purposes set out below.
2. We collect information about you:
(1) When you give it to us directly
For example, by filling in forms on our website (including for membership, signing up to our newsletters or to create a user account), communicating with us by phone, email or letter or filling out a survey.
(2) When you give it to us indirectly
Your information may be shared with us by third parties including, for example, your colleagues; business partners; sub-contractors in technical, payment and delivery services; advertising networks; analytics providers and search information providers. To the extent we have not done so already, we will notify you when we receive information about you from them and tell you how and why we intend to use that information.
(3) When it is available publicly
Depending on your privacy settings for social media services, we may access information from those accounts or services.
(4) When you visit our website
When you visit this website, we automatically collect the following personal information:
(a) Technical information, including for example the internet protocol (IP) address used to connect your computer to the internet.
(b) Information about your visit to this website, including for example the uniform resource locator (URL) clickstream to, through and from the site (including date and time), page response times, page interaction information (such as scrolling and clicks) and methods used to browse away from the page.
We also collect and use your personal information by using cookies on our website. For more information see our Cookies Notice.
We may combine your personal information from these different sources for the purposes set out in this Notice.
3. What personal information do we process?
We may collect, store and use the following kinds of personal information:
(1) Your name and contact details, including postal address, telephone number, email address and, where applicable, social media identity.
(2) Financial information, such as bank details or credit/debit card details.
(3) Personal descriptions and photographs.
(4) Information about your computer / mobile device and your visits to and use of this website, including for example your IP address and geographical location.
(5) Information about our services which you use/which we consider of interest to you.
(6) Any other information shared with us as per Section 1.
Certain categories of personal information are sensitive and therefore require more protection. We generally do not collect and use this type of information. If we do, we will only process your sensitive personal information if there is a valid reason for doing so and where the law allows us to do so.
4. How and why will we use your personal information?
Your personal information, however provided to us, will be used for the purposes specified in this Notice. In particular, we may use your personal information:
(1) to provide you with services, products or information which you request (for example, to enable you to become an ACE member or inform you about fundraising activities);
(2) to facilitate, process and administer payments received from you;
(3) to communicate with you, including circulation of relevant news;
(4) to send other types of communications to you, for example to notify you about any changes to our services or to answer any enquiries;
(5) to administer this website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
(6) to improve your interactions with this website, for example by ensuring that content is presented in the most relevant and effective manner for you and for your computer;
(7) to report on the results and impact of our work and services - for example the number of members and value of subscriptions;
(8) as part of our efforts to keep this website and internal operations safe and secure;
(9) to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
(10) to conduct research into the impact and effectiveness of our work and services;
(11) to deal with enquiries and/or complaints made by or about you;
(12) to audit and/or administer our accounts;
(13) to satisfy legal obligations which are binding on us, for example arising from contracts entered into between you and us or in relation to regulatory, government and/or law enforcement bodies with whom we may work;
(14) for prevention of fraud, misuse of services or money laundering; and/or
(15) for enforcement of legal claims.
5. Communications for marketing/fundraising
We may use your contact details to provide you with information about our work, products and/or services which we consider may be of interest to you (for example, about goods or services you previously purchased or used).
Where we do this via email, SMS or telephone (if you are registered with the telephone preference service), we will not do so without your consent.
6. How we share your personal information
We may provide your personal information to our contractors, suppliers and partners who provide services to us or on our behalf, or with whom we collaborate, provided we are satisfied that they provide sufficient guarantees in respect of safeguarding your personal information and privacy rights, and that we have in place an appropriate agreement with them.
We may also need to disclose your information if required to do so by law, or as expressly permitted under relevant data protection regulations. If we merge or undergo a reorganisation, in doing so we may acquire or transfer personal information as part of that transaction but your personal information would continue to be used for the same purposes.
7. Security/storage of and access to your personal information
We endeavour to ensure that there are appropriate and proportionate technical and organisational measures to prevent the loss, destructions, misuse, alteration, unauthorised disclosure of or access to your personal information. For example, your information is only accessible by appropriately trained staff and contractors, and stored on our secure servers with features enacted to prevent unauthorised access.
In general, the personal information that we collect from you will be stored within the UK or European Economic Area ("EEA"). However, we use agencies and/or supplies to process personal information on our behalf. Your personal information may therefore be transferred or stored outside, and/or otherwise processed by contractors operating, outside, the UK or EEA who work for us or for one of our suppliers. This includes staff engaged in, among other things, the processing of your payment details and the provision of support services.
Some countries outside of the UK or EEA have a lower standard of protection for personal information, including lower security requirements and fewer rights for individuals. Where your personal information is transferred, stored and/or otherwise processed outside the UK or EEA, we will take all steps reasonably necessary to ensure that the recipient implements appropriate safeguards (such as by entering into the standard contractual clauses) to protect your personal information and that your personal information is treated securely and in accordance with this Notice. If you have any questions about such safeguards, please contact us (see section 13).
Please note that we cannot guarantee the security of personal information transmitted via the internet.
8. Your rights
You have the following privacy rights:
(1) Right of access – you can write to us to ask for confirmation of what information we hold on you and to request a copy of that information. Provided we are satisfied that you are entitled to see the information requested and we have successfully confirmed your identity, we will provide you with your personal information subject to any exceptions that apply.
(2) Right of erasure - you can ask us to delete your personal information from our records. In many cases we propose to anonymise that information, rather than delete it.
(3) Right of rectification – if you believe our records of your personal information are inaccurate, you have the right to ask us to update those records. You can also ask us to check the personal information that we hold about you if you are unsure whether it is up to date.
(4) Right to restrict processing – you have the right to ask us to restrict the processing of your personal information if there is disagreement about its accuracy or legitimate usage.
(5) Right to object – you have the right to object to processing where we are (i) processing your personal information on the basis of legitimate interests, (ii) using your personal information for direct marketing or (iii) using your personal information statistical purposes.
(6) Right to data portability – where we are processing your personal information (i) because you gave us your consent, (ii) because such processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering into a contract, and the processing is carried out by automated means, you may ask us to provide it to you or another service provider in a machine-readable format.
(7) Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for marketing/fundraising by electronic means (for example to be unsubscribed from our email newsletter list).
To exercise any of these rights, please send a description of the personal information in question using the contact details in section 13. Where we consider that the information with which you have provided to us does not enable us to identify the personal information in question, we reserve the right to ask for (i) personal identification and/or (ii) further information.
Please note that you may only use/benefit from some of these rights in limited circumstances. For more information, we suggest that you consult guidance or please contact us using the details in section 13.
9. Lawful processing
The law requires us to rely on one or more lawful grounds to process your personal information. We consider the grounds listed below are relevant:
(1) Where you have given consent to us for a particular purpose (for example, if you have signed up to our Newsletter).
(2) Where necessary so we can comply with a legal obligation (for example where we are obliged to share your personal information with regulatory bodies who govern our work and services).
(3) Where necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering a contract (for example if you purchase tickets to a Workshop, Masterclass or to our Conference).
(4) Where there is a legitimate interest in us doing so, the law allows us to collect and use personal information if it is reasonably necessary to achieve our legitimate interests (as long as that processing is fair, balanced and does not unduly impact your rights).
In general, “legitimate interests” means the interests of running ACES as a members based for example administering events. However, “legitimate interests” can also include your interests, such as when you have requested information or certain goods/services from us, and those of others.
In the unlikely event that we collect and use sensitive personal information about you (such as your health information for example in relation to accessibility for an event) we will obtain your explicit consent beforehand.
10. How long we keep your personal information
In general, unless still required in connection with the purpose(s) for which it was collected and/or is processed, we remove your personal information from our records two years after the date it was collected. However, if before that date (i) your personal information is no longer required in connection with such purpose(s), (ii) we are no longer lawfully entitled to process it or (iii) you validly exercise your right of erasure, we will remove it from our records at the relevant time.
If you request to receive no further contact from us, we will keep some basic information about you on our suppression list in order to avoid sending you unwanted materials in the future.
We do not store customer credit card details.
11. Changes to this Notice
We keep this Notice under review and may update it from time to time, so we recommend that you check it regularly. Where necessary we may also notify you of significant changes by email.
The Notice was last updated on October 21st, 2019.
12. Third party sites
Our website contains links to other sites. We are not responsible for the content of those sites and the ways in which they treat personal information. We encourage you to read the privacy policies of any external websites you visit via links on our website.
13. How to contact us (including complaints)
Our registered office is at Bloxhub, Bryghuspladsen 8, 1473 København K. However, if you wish to contact us please use the details below.
Please let us know if you have any questions or concerns about this Notice or about the way in which your personal information is being processed by contacting us on email or telephone.