This is the privacy notice for the Contemporary Art Society. This policy tells you how we collect, use and store personal data as described in the Data Protection Act 2023.
The Contemporary Art Society is a private company limited by guarantee registered in England and Wales under company number 00255486 and registered charity number 208178, whose registered office is situated at 59 Central Street, London EC1V 3AF.
For the purpose of the Data Protection Act 2023, the Contemporary Art Society is the data controller.
This policy was last updated in April 2023.
With the help of our members, supporters and the clients of our art advisory services the Contemporary Art Society raises funds to purchase works by new artists which we give to museums and public galleries where they are enjoyed by a national audience; we broker significant and rare works of art by important artists of the 20th and 21st centuries for public collections through our networks of patrons and private collectors; we establish relationships with individuals and organisations to commission artworks and promote contemporary art in public spaces; and we devise programmes of displays, artist talks and educational events. Since 1910 we have donated over 8,000 works to museums and public galleries, from Bacon, Freud, Hepworth and Moore in their day through to the influential artists of our own times, championing new talent, supporting curators, and encouraging philanthropy and collecting in the UK.
We collect information which identifies you when you sign up to our mailing list, make a donation, purchase a ticket for an event, or communicate with us. If you make a purchase, sign up for an event or give a donation we usually collect your name, contact details and your bank or credit card information (if you make a transaction). We maintain a record of your transaction history, but we will not store your card number (although we may keep a note of the last four digits to help us identify transactions).
If you share any access requirements or other special requirements with us we will note this in your record on our contact management system. We keep a record of the emails we send you, and we may track whether you receive or open them so we can make sure we are sending you the most relevant information.
If you are a member or supporter, we may use information you have provided (including for instance where you live, your age and other demographic information) to help us to understand your interests and preferences, or to estimate your potential interest in other membership levels or supporting us further.
We may also use publicly available information (for example, through social media, Companies House, Charity Commission and Linkedin). In some cases, we will rely on having a legitimate need or interest to process the personal data of potential supporters. This means we may carry out initial research on potential high-level donors prior to requesting their explicit consent. We do not use wealth-screening companies to analyse our data.
The Contemporary Art Society processes personal data to further the objectives and aims of our organisation. This includes the collection of personal data from you to process your payments, personalise your supporter experience or provide you with information or services you have requested, to meet contractual requirements, and comply with our administrative duties, financial regulations and the law.
Personal details collected this way will only be used to provide you with information you would reasonably expect or have agreed to. For example, if you apply for a job opportunity we will collect information so we can assess your suitability for the role. If you are unsuccessful, we will keep your personal data on file for 12 months.
When we run activities in partnership with other organisations we will only share your personal data with them if you have given us permission to do so. We do not share or sell your personal information data to other organisations to use for their own purposes. We may pass your personal data on to third-party service providers contracted to us. In these circumstances, the third party will be obliged to keep your details securely, and to use them only to fulfil their contractual obligations to us. When they no longer need your personal data to fulfil this service, they will dispose of the details in line with our data retention policy.
We will keep information accurate, up to date, and not keep it for longer than is necessary. Where we collect personal data for direct marketing purposes, we will not process it after you have withdrawn your consent. We are required to retain certain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by sector requirements and agreed practices.
Your personal data, including in your capacity as a subscriber, supporter or Patron, will be held on a customer relationship management system, which holds contact details and a record of your interactions with us, such as event bookings, donations, Gift Aid declarations and queries. This system is also used to manage membership of our Patrons schemes and relevant information associated with that membership. Where possible we aim to keep a single record for each customer.
We only process personal information where we have a lawful basis for doing so. These are:
Where we process personal data as a result of your consent, we ensure that consent is freely given, specific and informed, and established by a clear affirmative act. Where you wish to withdraw your consent, we have set out (below) how you may do this.
Where we enter into a contract with third parties, processing of personal data may, as a matter of course, be necessary to execute such contract or take pre-contract preparation steps. This could include purchasing a ticket where we will email you about a specific booking, including ticket confirmation and event details.
Where we have legal obligations, processing of personal data may be required by law. This may include contact with our regulators or public institutions.
Where we process personal data as it is necessary for the purpose of our legitimate interests, we do so on the basis of a balanced evaluation of our interests and yours. We may therefore contact you about things which we feel are of interest to you or which, based on what we know about you, are in the interests of our charitable objectives to let you know. This will from time to time include marketing and fundraising, but at any stage you can tell us that you do not want to receive such information and we will stop contacting you with it.
Consent should be as easy to withdraw as it is to give and you may ask that we do not process your personal data, at any time. You may contact us to withdraw your consent using the contact details at the end of this privacy statement. Equally, where we process personal data based on our legitimate interest, you have a right to request that we stop processing personal data for our legitimate interests and withdrawal of your consent.
We take appropriate physical, electronic and managerial measures to ensure that we keep your information secure, accurate and up to date, and that we only keep it as long as is reasonable and necessary. Any external providers we use to process your data (for instance the operators of our contact management system) must meet our security policies and comply with all relevant legislation about how they store and process your personal data. We may also receive information about you from third parties but will only contact you if we have your express permission.
At your request we will confirm the information we hold about you and how it is processed. You can request the following information:
- Identity and the contact details of the person or organisation that has determined how and why to process your data.
- The purpose of the processing as well as the legal basis for processing.
- If the processing is based on the legitimate interests, information about those interests.
- The categories of personal data collected, stored and processed.
- Recipient(s) or categories of recipients that the data is/will be disclosed to.
- If we intend to transfer the personal data to a non-adequate country, or international organisation, information about how we ensure this is done securely.
- How long the data will be stored.
- Details of your rights to correct, erase, restrict or object to such processing.
- Information about your right to withdraw consent at any time.
- The source of personal data if it wasn’t collected directly from you.
- Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
What forms of ID will I need to provide in order to access this?
We accept the following forms of ID when information on your personal data is requested: passport, driving licence, birth certificate, utility bill from the previous three months.
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
If you have a complaint about the way we process your personal data, you can register your concern by contacting the Information Commissioner and following the instructions set out at www.ico.org.uk
For more information contact
To tailor an appropriate corporate package that best meets your objectives.