twentythree is committed to keeping your personal information (data) safe and meeting our responsibilities under privacy law. Privacy law in the UK will soon change under the General Data Protection Regulation, which comes into force on the 25th May 2018, and which our policy reflects. You can find general information about data protection law on the ICO’s website: https://ico.org.uk/for-the-public/
This policy is intended to let you know how we use the data we hold about you, and your rights in regard to this. It does not provide exhaustive detail, but we are happy to provide more information or explanation on request – please email firstname.lastname@example.org.
Who we are
We are twentythree. Our postal address is: twentythree, Flat 3, 11 Claremont Road, Folkestone, Kent, CT20 1DQ, United Kingdom.
Who you are
You are an individual who has interacted with twentythree in one or more of these ways (please note, this list is not necessarily exhaustive):
• Used the twentythree websites (which are currently at www.twentythreetv.co.uk)
• Asked to join our mailing list or our Network
• Completed an online or paper feedback form or survey
• Contacted us via email or interacted with us on social media
• Sent money to twentythree online (through a third party like Kickstarter, PayPal, MyDonate or JustGiving), or by bank transfer, cheque, cash or services in kind
• Booked to attend a twentythree screening, performance, or event
• Participated in a twentythree project (or are the parent or guardian of a child under the age of 18 who has participated in a twentythree project)
• Been selected by twentythree to receive a surprise message, adventure or gift, using publicly available contact details
• Texted a twentythree mobile phone
• Told another company that they can pass information about you to twentythree.
What data we may hold about you
Data we hold about you may include:
• Photographs and videos taken during a twentythree screening, project or event
• Information you gave us in an online or paper form (such as feedback, contact details, and information like your age, ethnicity and gender)
• Details of twentythree performances and events you have attended, and purchases or donations you have made. These may include information available through services we use to process bookings, donations and payments, currently wooCommerce, Eventbrite, PayPal, Kickstarter and Indiegogo.
• Communications with us (such as emails and notes of phone calls) and any information you send us via email (such as your CV)
• Information you gave to during the course of a project or event, in order for us to create an interactive experience (such as a questionnaire to get to know you better in advance of attending). We will only use this data in order to deliver the experience, and will delete it as soon as it is no longer needed.
• Your publicly available social media activity and interactions with twentythree (such as your Twitter handle, posts about us, and your location)
• Publicly available information we have discovered about you through research, in the course of delivering a twentythree event or project you signed up for, or for which a friend referred you. Using the principle of loveliness, we will make sure information collected is appropriate, and will use it only as long as required to deliver your adventure.
How we use data about you
• We collect and hold data about you so we can do things like:
• Create and deliver experiences, adventures, and performances. Our work is interactive, so we often need to know a bit about you to make it possible. The way we use your data varies between projects, but always follows twentythree’s principles of adventure, curiosity and loveliness.
• Learn from your experience and feedback, to develop our work and tailor it to our audiences and participants
• Keep track of who has come to which twentythree screenings, classes and events
• Personalise the communications you receive from us
• Manage our organisation effectively at an administrative level
• Record who has given money or services to us, so we can keep you informed about how this has impacted our work, and claim GiftAid where possible
• Keep in touch with you as someone who may want to collaborate with us
• Send you information about twentythree, our events and ways to support us.
Depending on what you have asked to hear about, this may include:
• Sending you messages about twentythree’s work, events and performances, ways to support us, and occasional details about work by our friends
• Updating you on projects you have previously been involved in o
• Sending you event invitations, news and opportunities specifically relating to twentythree’s network
• Share with other people and organisations the feedback you have given us, in order to promote twentythree’s work and report on our impact.
Use of anonymous data
We share statistics about our audiences and participants with third parties (such as Arts Council England, BFI, BAFTA and venue partners) to report on our work, which may include data you gave us in a form. This kind of information will always be anonymised.
We use a third-party provider, MailChimp, to deliver our newsletters. Through this, we gather anonymous statistics about email opening and clicks.
We use Google Analytics to collect basic log information and details of what visitors do on our website, as well as information provided by your computer, like your browser type. This data is anonymised and we will never attempt to find out the identities of those visiting our website.
twentythree is committed to the welfare needs of all children, young people and vulnerable adults, whether they are participating in twentythree workshops or are performers or makers on twentythree projects. We aim to create intimate, respectful and trusting relationships with everyone involved.
twentythree is committed to a creative process which:
• Places the welfare of children, young people and vulnerable adults first;
• Respects the rights, wishes and feelings of young people, vulnerable adults and all with whom we are working
• Promotes the welfare of all people we work with and their protection within a relationship of trust;
• Ensures best health and safety practice. In our participation projects, we may collect data about the people taking part, including children & young people. We will seek consent from a parent or guardian before collecting data about children.
In order to deliver projects and keep participants safe, we may need information like medical details, school information, access requirements and notes and feedback on participants’ work with twentythree. This may be passed to emergency services if necessary. For people under 16 years old, we will use a nominated adult as the first point of communication, switching to the child on consent from that nominated adult or where needed to fulfil a contract.
How we keep your data safe, and who sees it
To protect your privacy, we make sure your data is kept securely and access is restricted to appropriately trained staff who need to use it for the processes outlined in this policy. We will keep and process your data only for long enough to fulfil the purpose we collected it for. After that point, we will dispose of in a secure manner.
We will never sell your data, but it may be processed by limited third parties in the course of achieving the purposes listed above. Third parties that may process your data for us include payment platforms, venues who need the names of bookers, ticket sites, and companies who store our data.
Some of our suppliers run their operations outside the European Economic Area (EEA). This means they may not be subject to same data protection laws as companies based in the UK, but we will take steps to make sure they provide a level of protection which meets the requirements of UK data protection law.
We may share information about you with law enforcement agencies and other organisations or individuals if we are required to by law.
Contacting us, access to your data, and your right of correction or erasure
We want to make sure that the data we hold about you is accurate and up to date, and you can ask us to correct or remove information you think is inaccurate. You also have the right to ask us to ‘forget’ you, by erasing the data we hold about you as far as reasonably possible. If you would like us to do this, please get in touch on email@example.com.
You have the legal right to request a copy of the data that we hold about you. If you would like a copy of some or all of the information we hold about you, please email firstname.lastname@example.org.
Opting out of marketing
We may communicate with you about ourselves, our events, ways to support us and other twentythree loveliness. We will usually only do this if you tell us we can, for example by joining our mailing list. If you aren’t on our mailing list, but you have previously attended or enquired about a twentythree event or class, we may occasionally get in touch about similar projects we think you’ll want to know about.
You have the right to tell us to stop contacting you for marketing purposes. If you want to opt out, just email email@example.com to let us know, or click ‘unsubscribe’ within the email we have sent you via MailChimp.
This policy was updated 24th August 2019.