Your privacy is important to us. This Privacy Notice is where we explain to you what personal data is collected when you visit our website, how it is collected, how we may use that information, where we store it, how long we store it for and how we protect it.
Who we are
Red Note Ensemble Ltd is a Charity registered in Scotland with charity number SC045030 and a company limited by guarantee registered in Scotland with company number SC355726 (“we”, “us” or “our”)
Our Registered Office is:
Red Note Ensemble Ltd, Summerhall, 1 Summerhall Place, Artist Block, Room 136, Edinburgh EH9 1PL
Access to our website is free and anonymous. Visitors’ personal details will not be recorded unless they choose to submit their data.
We are a data controller and responsible for your personal data.
Type of data we collect and how it is collected:
Personal data or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
As part of the registration process for our e-newsletter, we collect personal data. That information may include:
We also keep your details
We may also collect, use, store and transfer the following types of data:
How we use your information
We have set out below, in table format, a description of all the ways we plan to use your personal data and the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
| Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
|---|---|---|
| To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy notice (b) Asking you to leave a review or take a survey | (a) Identity (b) Contact (c) Profile (d) Marketing and Communications | (a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services) |
| To enable you to partake in a prize draw, competition or complete a survey | (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications | (a) Performance of a contract with you (b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business) |
| To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | (a) Identity (b) Contact (c) Technical | (a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation |
| To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you | (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical | Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy) |
| To use data analytics to improve our website, products/services, marketing, customer relationships and experiences | (a) Technical (b) Usage | Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) |
| To make suggestions and recommendations to you about matters that may be of interest to you (including, without limitation, information about campaigns, appeals, fundraising activities, Mailchimp or Eventbrite invitations to events, or ticket offers) | (a) Identity (b) Contact (c) Technical (d) Usage (e) Profile | Necessary for our legitimate interests (to develop our products/services and grow our business) |
| To register you as a new customer | (a) Identity (b) Contact | Performance of a contract with you |
| To process and deliver your order including: (a) Manage payments, fees and charges (b) Collect and recover money owed to us | (a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications | (a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us) |
However, we will not use your personal information for marketing purposes without your express consent. We don’t rent or sell your personal information to anyone under any circumstances.
Where we have your consent then you can withdraw your consent at any time by Contacting Us using the contact details set out below or clicking the unsubscribe button at the end of our emails.
We will also use your personal data where:
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
Social Media
We use social media to broadcast messages and updates about events and news. On occasion we may reply to comments or questions you make to us on social media platforms. You may also see advertisements from us on social media.
Depending on your settings or the privacy policies of social media and messaging services including Facebook, Instagram or Twitter, you might give third parties (like us) permission to access information from those accounts or services.
Third Parties
We do share your personal data (email address and name) with Eventbrite for ticketed events. We also share your personal data (email address and name) with Mailchimp for invitations to our events and distribution of our e-newsletter.
We gather statistics around ticket sales and subscription to our newsletter through the third parties mentioned above. For more information, please see Eventbrite’s and Mailchimp’s Privacy Notices. We may share anonymised personal information with other organisations, particularly Creative Scotland, who use this to analyse our audience development programmes, ticket sales and self-generated funding to understand the impact of the public investment made in us.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
Cookies
This section contains a link to our Cookies Policy
Legitimate Interests
“Legitimate Interests” means our interests in conducting and managing our business to enable us to give you the best service/products and the best and most secure experience. For example, we have an interest in making sure our marketing is relevant for you, so we may process your information to send you marketing that is tailored to your interests. It can also apply to processing that is in your interests as well. For example, we may process your information to protect you against fraud when transacting on our website, and to ensure our websites and systems are secure.
When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
If you have any concerns you have the right to object to processing that is based on our legitimate interests.
Linked Websites
Hyperlinks may be posted on our website that link to other websites (the “Linked Sites”). We are not responsible for the privacy practices of any Linked Sites or of any organisations that we do not own or control. Linked Sites may collect information in addition to that which we collect on the website. We do not endorse any of these Linked Sites, the services or products described or offered on such Linked Sites, or any of the content contained on the Linked Sites. We encourage you to seek out and read the privacy notice of each Linked Site that you visit, in order to understand how the information that is collected about you is used and protected.
How we store your data
The personal information that we collect from you will be stored within the United Kingdom and the European Economic Area (EEA). Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted from our website and any transmission is at your own risk. Once we have received your personal information, we will use strict procedures and security features to try to prevent unauthorised access.
We use a third-party service to help maintain the security and performance of our website. SUCURI delivers an extremely effective website monitoring and malware removal service in the event that our website has been hacked.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software.Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
Personal data that is stored or handled outside of the EEA shall not be transferred to a country or
territory outside the EEA unless that country or territory ensures an adequate level of protection under the GDPR guidelines.
How long will we hold onto your personal information
Depending on how you engage with us it may be necessary for us to store your personal information for
shorter or longer periods of time. Either way, we will only store your personal information for a legitimate and lawful reason.
We will only retain your personal data for as long as necessary to fulfil the purposes which we collected it from you including for the purpose of satisfying any legal, accounting or reporting requirements. You can find details on how long we may hold onto your personal information on our Retention Policy which can be found [HERE].
Access to your data
Under certain circumstances, you have rights under data protection laws in relation to your personal
data as follows:
If you agree, we will try to deal with your request informally, for example by providing you with
the specific information you need over the telephone.
You do not need to pay a fee to access your personal data (or to exercise any of the other rights). However, we will charge you a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Make a complaint
If you think your data has been misused or that we have not kept your data secure, you should contact us and tell us.
If you’re unhappy with our response or if you need any advice you should contact the Information Commissioner’s Office (ICO):
ICO helpline
Telephone: 0303 123 1113
The ICO can investigate your claim and take action against anyone who’s misused personal data. You can also visit their website for information on how to make a data protection complaint.
Changes to our Privacy Notice
We review our privacy notice yearly and each time new guidelines are put into place.
Contact Us
Please contact us if you have any questions about our privacy notice or information we hold about you:
