Privacy Policy
1. Who We Are
The Arts Pledge is a UK-based nonprofit organisation and subsidiary of Greencliff Group Ltd, a company registered in England and Wales (Company No: 11693360)
For the purposes of UK data protection law, we are the Data Controller of your personal data.
Contact: The Arts Pledge
Email: membership@theartspledge.com
Registered Address: 1 Marine Gardens, Bideford. Devon. EX39 2BN
1.1 Data Controller and Data Processor Roles
In most circumstances, The Arts Pledge acts as the Data Controller for personal data collected through our website, membership services, and events.
However, where we process personal data on behalf of member organisations or partners (for example where data is provided to facilitate participation in programmes, collaborations, or events), we may act as a Data Processor and process that data only in accordance with the instructions of the relevant organisation acting as the Data Controller.
In such cases, responsibility for determining the lawful basis and purpose of processing rests with the relevant member organisation.
2. Legal Framework
We process personal data in accordance with:
- UK General Data Protection Regulation (UK GDPR)
- Data Protection Act 2018
- Privacy and Electronic Communications Regulations (PECR)
3. What Information We Collect
A. Information You Provide
- Name
- Email address
- Phone number
- Billing and payment details
- Organisation or employer
- Membership details
- Event registration information
- Dietary or accessibility requirements (if provided)
B. Automatically Collected Data
- IP address
- Browser/device information
- Website usage data
- Cookies
C. Payment Information
Payments are processed securely via third-party payment providers (e.g. Stripe, PayPal or similar). We do not store full card details on our servers.
4. Lawful Basis for Processing
We process your data under the following lawful bases:
- Contractual necessity (e.g. event bookings, memberships)
- Legitimate interests (improving services, managing relationships)
- Consent (marketing communications)
- Legal obligation (accounting and regulatory compliance)
5. How We Use Your Data
We use personal data to:
- Administer memberships
- Process payments
- Manage event registrations
- Provide receipts and confirmations
- Send service updates
- Send newsletters (if opted in)
- Improve website performance
- Comply with legal obligations
6. Sharing Your Information
We may share your information with:
- Our parent company (where operationally necessary)
- Payment processors
- Event partners (only where required for event delivery)
- IT and hosting providers
- Professional advisers (legal, accounting)
- HMRC or regulatory authorities where required
We do not sell personal data.
7. International Transfers
If we use service providers outside the UK, we ensure appropriate safeguards are in place (e.g. adequacy decisions or International Data Transfer Agreements).
8. Data Retention
We retain:
- Membership and financial records: 6 years (for HMRC compliance)
- Marketing consent data: until withdrawn
- Event records: as reasonably required for operational purposes
9. Your Rights Under UK GDPR
You have the right to:
- Access your personal data
- Rectify inaccurate data
- Request erasure
- Restrict processing
- Object to processing
- Data portability
- Withdraw consent at any time
To exercise your rights, email: membership@theartspledge.com
You also have the right to complain to the Information Commissioner’s Office (ICO):
https://ico.org.uk
10. Cookies
We use cookies to:
- Enable website functionality
- Analyse traffic
- Improve user experience
You may manage cookies through your browser settings.
11. Security
We implement appropriate technical and organisational measures to protect your data, including secure hosting and encrypted payment processing.
12. Changes to This Policy
We may update this Privacy Policy periodically. The updated version will be posted with a revised effective date. may be checked through an automated spam detection service.