PRIVACY POLICY

This Privacy Policy refers to use of DCA at Home: for DCA’s wider Privacy Policy please visit https://www.dca.org.uk/privacy-policy

The Company, we and us means Dundee Contemporary Arts (DCA). We are committed to maintaining your privacy and looking after the personal information that you may provide us. The information we collect, process or use is held securely and treated in accordance with this privacy policy and with the General Data Protection Regulation of 2018 and the Privacy and Electronic Communications Regulations 2003.

Whenever you provide personal information to DCA, you are consenting to its collection and use in accordance with this policy, including our use of cookies (as explained below).

1. Our Commitment to Privacy

Your privacy is important to us. To better protect your privacy we provide this notice explaining our online information practices and the choices you can make about the way your information is collected and used. To make this notice easy to find, we make it available on our homepage and at every point where personally identifiable information may be requested.

2. The Information We Collect

This notice applies to all information collected or submitted on this website. This information may include, but is not limited to:

● Name

● Email address

● Date of birth

● Gender

● IP Address

● Browser and device Information

● Viewer metrics

● Purchase and payment details

3. Our basis for processing your personal information

In line with the GDPR, we will always ensure personal data is processed on one of the following legal bases:

● In performance of a contract with you

● When use of your data allows us to fulfil our contractual obligations to you; for instance via a confirmation email, or to provide you with important technical information about this service

● When there is a Legitimate Interest to do so

● When we have a Legitimate Interest in processing your information that matches yours and fundamental rights do not override those interests

● Consent

● When you have provided us with explicit consent to use your data for a defined purpose: for example if you have signed up to receive email updates and other marketing information

● Compliance with the law

● When use of your data allows us to fulfil our contractual obligations to you; for instance via a confirmation email, or to provide you with important technical information about this service

4. How we keep your information safe

To prevent unauthorised access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect from you.

5. Our Commitment to Children’s Privacy

This website is not intended for use by anyone below the age of 13, and no part of our website is structured to attract anyone under 13.

6. How You Can Access, Correct and Remove Your Information

You can access all the personal information that we collect from you by visiting your Account Settings page. We use this procedure to better safeguard your information. You can correct factual errors in your personally identifiable information by sending us a request that credibly shows error. To protect your privacy and security, we will also take reasonable steps to verify your identity before granting access or making corrections. If you would like your account and the information associated with it to be deleted, please contact us by emailing dca@dca.org.uk.

7. The Video Privacy Protection Act of 1988

The Company adheres to The Video Privacy Protection Act of 1988.

8. Use of Third Party Services

Your personal information might be passed to a third party if doing so allows us to fulfil your order(s) for our goods and services; to execute the communications we send to you; or to process transactions. We only work with trusted suppliers who can demonstrate comprehensive data security measures.

8.1 Google Analytics

We use Google Analytics to help us to understand how you use our site and tools, which allows us to know how to improve our products for your benefit. It follows your progress through the website, collecting anonymous data on where you have come from, which pages you visit, and how long you spend on the site. Google then stores this data in order to create reports. But don’t worry; they do not store your personal data. Google will track your IP address, and it may be transmitted to and stored by Google on servers in the United States. Google may use this information for the purpose of evaluating your use of the website, compiling reports on website activity for us, and providing other services relating to website activity and Internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. For more information on Google’s privacy policies, please visit https://policies.google.com/privacy. Google Analytics services are governed by the Google Analytics Terms of Service which can be found at: https://marketingplatform.google.com/about/analytics/terms/us/.

10.2 Intercom

We use third-party analytics services to help understand your usage of our services. In particular, we provide a limited amount of your information (such as sign-up date and some personal information like your email address) to Intercom, Inc. (“Intercom”) and utilise Intercom to collect data for analytics purposes when you visit our website or use our product. As a data processor acting on our behalf, Intercom analyses your use of our website and/or product and tracks our relationship by way of cookies and similar technologies so that we can improve our service to you. For more information on Intercom’s use of cookies, please visit https://www.intercom.com/terms-and-policies#cookie-policy. We may also use Intercom as a medium for communications, either through email, or through messages within our product(s). For more information on the privacy practices of Intercom, please visit https://www.intercom.com/terms-and-policies#privacy. Intercom’s services are governed by Intercom’s terms of use which can be found at https://www.intercom.com/terms-and-policies#terms.

10.3 Mandrill

We use Mandrill to send transactional emails, such as a welcome email, purchase receipt, or forgot password email. We provide a limited amount of your information, such as your email address, to The Rocket Science Group LLC, who operate Mailchimp and Mandrill. We utilise Mandrill to collect data for analytics purposes when you view the email. For more information on the privacy practices of Mandrill, please visit https://mailchimp.com/legal/privacy/. Mandrill’s services are governed by Mailchimp’s terms of use which can be found at https://mailchimp.com/legal/terms/.

10.4 Amazon Web Services

We use Amazon Web Services (AWS) who provide us with cloud storage solution. AWS has demonstrated compliance with a range of internationally recognised standards for content, data and infrastructure security, such as information security management system- ISO-27001, System and Organization Controls Report- SOC1/2, and The Payment Card Industry Data Security Standard; in addition, AWS has demonstrated alignment with the MPAA Content Security Best Practices and the AWS infrastructure is compliant with all applicable MPAA controls. For more information on AWS’ privacy policy please see: https://aws.amazon.com/privacy/

10.5 Stripe

We use a third party payment processor, Stripe, to process payments made to us. In connection with the processing of such payments, we do not retain any personally identifiable information or any financial information such as credit card numbers. Rather, all such information is provided directly to our third party processor, Stripe, whose use of your personal information is governed by their privacy policy, which may be viewed at https://stripe.com/nz/privacy. Stripe is certified to PCI Service Provider Level 1, the most stringent level of certification.

11. How long we will hold your information

We will not retain your information any longer than is reasonable.

11. Third Party Links

This website may contain links to other websites. We are not responsible for the privacy practices of these and you should read their own privacy policies. This policy applies only to personal information collected by us on this site.

12. Changes to this policy

Our privacy policy may change at any time, so you may wish to check it each time you visit our website, or check with our Box Office team when you visit. Any changes will apply from the time that they are posted to our website. If we make any significant changes in the way we treat your personal information we will contact you to let you know. If you have any questions at all about the ways in which we collect and use your personal information please contact us at dca@dca.org.uk.