Skip to content

This Privacy Notice outlines how the the Institute of Cultural and Creative Industries (iCCi) at the University of Kent collects, uses and manages the personal information of individuals in accordance with data protection law.

The University of Kent is registered as a ‘Data Controller’ under registration number Z6847902. View the full entry on the register

This privacy notice gives you a clear explanation about how we collect and use this information, and how we work with third parties to deliver our service. In particular:

  • What information we may collect about you
  • How we use that information
  • In what situations we may disclose your details to third parties
  • Our use of cookies to improve your experience of our website
  • Information on how we keep your personal information secure, how we maintain it, and your rights to be able to access it.

At iCCi we are committed to protecting your personal information and being transparent with you about how we use it.

Who we are

iCCi is a department of the University of Kent. As part of the University we have exempt charitable status in accordance with the Charities Act. We fundraise for support, receiving funding from Arts Council England, as well as other trusts and foundations and donations from private individuals.

iCCi runs a number of venues and events for the University of Kent, namely Gulbenkian Arts Centre, Extra-curricular Music, Docking Station Medway, ART31 Generate, bOing! International Family Festival. This Policy covers data collected and used across all these venues and events.

How we collect your information

  • As a private individual when you buy a ticket, register on one of our websites, join one of our mailing lists or make a donation to any of our projects. Generally now we collect and hold all information in digital form, through online software.
  • As a business or educational establishment, when you give us your data to remain in contact, and for future potential business dealings. We may also find your business contact details from public listings and contact you with information that we consider of benefit to you.
  • If you make a payment for a service we use third parties (see below) to process your financial data. We retain information about your purchase (date, value, payment method), but we do not hold payment information systems.
  • Note that for some individuals we collect more information (Special Category Data – see below). Examples of this are young people joining one of our Creative Engagement events/projects, or anyone joining our access scheme.This information is collected via online forms and the data held in research software and our customer database.

General Data we collect

In order to provide a good service we collect contact data and a history of how you have interacted with us, for example if you have purchased a ticket, attended an event, joined a mailing list, hired our venues, responded to a questionnaire, held a contract with us or made a donation.

Data you may give us:

  • your name
  • email address
  • postal address
  • telephone number
  • details of your purchases and/or donations
  • contact permissions and data share agreements
  • any interests in event genres you want to hear about
  • more personal data (known as “Special Category data”), more detail on this below.

Digital Information about your interactions with us

Via cookies on our website and links in our email system, we collect information on how you interact with us.

We record on your account:

  • Any transactions you make with us – including the date, the amount you spend an what tickets/services you purchase.
  • Your preferences for types of information – how we can communicate with you.
  • How and when we communicate with you via email.
  • Any further information you provide for us as detail or notes.

We record in our email system:

  • If you open our emails and click specific links.

On our website we record:

  • How you interact with our website, via cookies

Special Category Data we collect

Data protection law recognises that certain categories of personal information are more sensitive such as health information, race, religious beliefs and political opinions, sexual orientation (referred to as ‘special category data’).

We do not collect this information unless there is a clear need to do so. This information either supports our duty of care for you, and/or is used to report to funders (eg Arts Council England) who have sponsored the activity.

Any special category information collected will be held securely and deleted no later than 7 years after your last interaction with us, and no sooner than 3 years after your last interaction with us.

Special category data we might ask from you includes:

  • dietary requirements or allergies
  • accessibility requirements
  • physical or mental health data
  • education and family background
  • ethnicity

and also

Criminal offence data:

  • if we suspect fraudulent or criminal activity.
  • if you or your dependent is on the young offenders register

Special category data: Creative Engagement

If you or your child participate in a Creative Engagement workshop we will collect special category data from you. This data is important for our team, who use it to tailor your experience and to ensure we meet our care and safeguarding responsibilities.

We also use the data collected to report to funders on the impact of their investment in our programmes – any reporting is collated and anonymous – we do not pass your individual data on to any other organisations.

Special Category Data: Access Scheme

When you join our Access Scheme we ask about your accessibility needs. This information helps our team to assist with your booking and to provide any support you need during your visit. You can choose to disclose as much or as little as you want.

How we use your personal information

In order to provide a good service to our patrons we collect contact data and a history of how you have interacted with us, for example if you have been to an event, signed up for a mailing list, used our facilities or donated.

We need your data for several reasons:

  • to deliver a good service – so we can complete your purchase, deliver tickets, contact you about the event you are attending, keep you safe if you are a young person participating in a workshop, understand your needs if you have access preferences and to ask for feedback afterwards
  • for research – we use information we hold on you to help put together a picture of our audiences overall, where our audiences come from, who we are attracting, and which parts of our programme are doing better than others
  • to stay in touch – and keep you up to date with events and latest news from Gulbenkian Arts Centre, Docking Station or any of our projects (you can say no to these at any time).
  • public interest – we want to make sure that the creative work that we do is reaching a cross section of our community. We want to offer our activity to those that might not normally access the arts easily and to make sure we are doing that, over time, we need to keep a record.

We aim to communicate with you about the work we do in ways that you find timely, relevant and respectful. To do this we use the data that we have stored about you, such as previous events you have booked for.

In addition to marketing communications, we also process personal information in the following ways that are within our legitimate interests:

  • to improve our websites, we may analyse information about how you use it and the content you interact with
  • we use information about you to build a picture of our audience, including segmentation profiling, geographical mapping and patterns of attendance
  • we may analyse data we hold about you to identify and prevent fraud.

As we have a contractual basis to process your personal data for the purposes of providing you with a ticket, if we do not receive your contact and activity details we will not be able to process your request and send you tickets or contact you if the show is cancelled.

Cookies

We use cookies on our websites, which are automatically placed onto your device to help the website function. Full details here:

For our Gulbenkian Arts Centre website:

thegulbenkian.co.uk/cookie-policy/

For our bOing Festival site:

bOingfestival.com/cookie-privacy-policy/

For iCCi, Docking Station & Music at Kent microsites:

https://www.kent.ac.uk/legal/cookies-at-the-university-of-kent

The Gulbenkian Arts Centre website has a cookie selector tool in place, allowing you to select and control which cookies you accept. bOingfestival.com does not have this tool.

Our lawful basis for processing your data

We rely on the following lawful basis as allowed by the UK GDPR for processing your personal data as this is necessary for:

  • our contract with you when you make a purchase or donate – Article 6(1)(b)
  • you have given your consent for one or more specific purposes such as sending you marketing communications by email or contacting you by telephone for marketing purposes (individuals) – Article 6(1)(a)
  • our legitimate interests or the legitimate interests of third parties – Article 6(1)(f).

Our legitimate organisational interests are:

  • sending you marketing communications (by post)
  • analysing trends and constructing reports for funders
  • holding contact information for and sending information to organisational contacts (funders, stakeholders, schools, groups or industry contacts)
  • analysing and reporting suspicious or criminal activity.
  • Keeping young people safe while they are in our care.

In the case of both post and email communications you will have the opportunity to opt in or out of any communications when you first register with us, and we provide an opt-out link with every digital communication we send.

We may also contact you about our work by telephone, however we will always get specific consent from you before doing this. Please note that this does not apply to telephone calls we may need to make related to your purchase (e.g. if an event is cancelled for example).

As we also use your special category data, we must identify a further basis for processing that data. The processing is necessary:

  • to protect your vital interests or those of another where you are physically or legally incapable of giving consent (e.g. in an emergency) – Article 9(2)(c)
  • for us to establish, exercise or defend legal claims (or where courts are acting in their judicial capacity) – Article 9(2)(f)
  • for reasons of substantial public interest (as defined within the Data Protection Act 2018) – Article 9(2)(g) (prevention or detection of crime, statutory purposes)
  • when you provide information to us voluntarily (for example, completion of the voluntary information) on the Creative Engagement registration form, we process this with your consent.You may withdraw consent to processing at any time.  Where you withdraw your consent you acknowledge that this applies to future processing only.
  • statistical purposes – we anonymise and use special character data to understand and report on our impact for funders.

Where we also use your criminal offence data, we will rely on Schedule 1, Part 3, Sections 33 and 36 (legal claims, substantial public interest)of the DPA 18 as the relevant condition in the Data Protection Act 2018.

Who your information will be shared with

We use third party organisations (known as data processors) who carry out services on the iCCi’s behalf under contract. We will ensure that only the minimum amount of relevant personal data necessary for the purpose is transferred. We will ensure that contractual agreements exist to ensure compliance with data protection regulations and that data is used solely under our instruction. In these circumstances personal data shall be deleted by the data processor after the contract has terminated.

We store your data in one or more of these systems:

  • Our Box Office system, Tessitura
  • Our mailing providers, Wordfly and Mailchimp.
  • Our event management system, Artifax
  • Our survey software, Qualtirix
  • Microsoft 360 Office Package.

When you purchase a ticket for an event online, we use the Tessitura Merchant Services Payment Software which uses Adyen as a payment provider.Your credit or debit card details are encrypted, tokenised when stored by our Tessitura Software System, so we are unable to see or acess full payment details.

We work with data analytics companies, Audience Agency and PWC (on behalf of Arts Council England) who access our database and amalgamate audience data to produce reports we use to understand and report on our performance.

Third Party data sharing: Companies

If you give us permission, we will share your name and email with partners companies (for example visiting performers).

We facilitate this by putting in a pop up in your purchase pathway that asks you if you are happy to share your data with that specific company and you have the options to either ignore it, or click yes or no. We will share the data of all subjects that click “yes” only. We advise that you check out the privacy notices of said promoters before you agree to sharing your data with them.

This data is shared if the company requests it, for up to 12 months after the event.

Third party data sharing: Data analytics & reporting

We share anonomised data with third parties including funders, visiting performing companies and processers of data (eg PWC & Audience Agency). This data is used to anyalyse and assess the impact of the work we do, but does not include any information that can link back to you personally.

Third party data sharing: Legal requirement

Sometimes it is necessary for your personal information to be shared:

  • with competent authorities (such as the police, NCA) or Action Fraud for law enforcement purposes (for substantial public interest reasons – Article 9(2)(g) – for preventing or detecting unlawful acts, safeguarding or fraud purposes)
  • with our professional advisors where it is necessary for the establishment, exercise or defence of legal claims – Article 9(2)(f).

Occasionally the iCCi may, if appropriate, legitimate and necessary, rely on relevant exemptions to UK GDPR provisions as are allowed under the Data Protection Act 2018 (in relation to crime and taxation, management forecasts, negotiations, confidential references).

Transfer of your information outside of the UK

When it is necessary for us to transfer your personal information across national boundaries to a third party data processor, such as one of our service providers, we will ensure this safeguards your personal information by requiring such transfers are made in compliance with all relevant data protection laws.

Occasions where this happens are listed below:

Personal data is processed on our behalf by Tessitura, Inc. using a cloud based system, data is transferred to the processor in the US.

Contact data is transferred to our email provider Wordfly – The Wordfly Privacy Policy and Security Statements can be found here: https://www.wordfly.com/privacy-policy  and https://www.wordfly.com/security/

Contact data is transferred to our email provider Mailchimp. – The Mailchimp Data Processing Addendum is here: https://mailchimp.com/legal/data-processing-addendum/ and their Global Privacy Statement is here: https://www.intuit.com/privacy/statement/

How long your personal data will be kept

Contact and purchase data

We store your information for no more than 90 months (just over 7 years) from the date of your last interaction with us.

This reflect the legal time period (6 years plus the current financial year) we are required to hold information on services we provide.

After 90 months of inaction, we delete all data in your profile that can be linked to you. We maintain a historical record of purchases you made for historic record, but all your personal information is deleted.

Before then, you can access and amend your personal details at any time online, or by contacting our Tickets and Information team.

Special Category Data

We aim to delete Special Category Data (see above) no later than 3 years after your last interaction with us. A note that Special Category Data is harder to identiy and delete though our automated systems. Any Special Category Data we don’t catch and delete will be deleted after 90 months as above.

If you have concerns about this, you can contact us at boxoffice@kent.ac.uk

Security

We will ensure that security measures are in place to prevent the accidental loss of, unauthorised use of or access to your data. Access is given to staff on a carefully controlled, ‘need to know’ basis. Our staff are required to keep your data safe and complete data protection training.

We have procedures in place to deal with any data security incidents and will notify you and the ICO in the event of a data breach where we are required to do so.

We put in place safeguards to keep your personal information as secure as possible, and we ensure that any third parties we use for processing your information do the same.

If you use your credit or debit card to purchase from us or to make a donation, we will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS).

Your rights

You have a right to request a copy of the personal information that we hold about you and to have any inaccuracies in the data corrected. Please use the contact details below if you would like to exercise this right.

Please be aware of the following rights which can be accessed free of charge by contacting dataprotection@kent.ac.uk:

  • know how we are using your personal information and why (right to information)
  • access the personal data held by us (subject access request)
  • ask for correction of any mistakes (rectification)
  • to object to direct marketing
  • to complain to the ICO.

In some circumstances you also have the right to:

  • object to how we are using your information
  • ask us to delete information about you (the right to be forgotten)
  • have your information transferred electronically
  • object to automated decisions which significantly affect you
  • restrict us from using your information.

For further guidance regarding your rights please see the ICO website.

Your rights – if you have given consent or explicit consent for a specific use of your personal data

You can withdraw your consent at any time.

You can do this by contacting us at boxoffice@kent.ac.uk.

This does not affect the lawfulness of the processing based on consent before its withdrawal.

Your right to complain to the Information Commissioner

You have the right to lodge a complaint with the Information Commissioner’s Office.

Their helpline telephone number is: 0303 123 1113.

Contacts

If you have any questions about any aspect of this privacy notice, please contact our Ticket and Information team below:

boxoffice@kent.ac.uk
Gulbenkian, University of Kent, Canterbury, CT2 7NB
01227 769075

If you have any questions or concerns about the way the University has used your data, or wish to exercise any of your rights, please consult our website.

The University’s Data Protection Officer can be contacted at: dataprotection@kent.ac.uk.

 

 

 

 

ART31

ART31 takes its name from Article 31 of the UN Convention on the Rights of a Child, which states that ‘Children have the right to relax and play, and to join in a wide range of cultural, artistic and other recreational activities’.

ART31 is a vision created with, by, and for young people in Kent, championing the belief that all children and young people have an entitlement to access high quality arts and culture, to empower them to achieve their creative potential, and to genuinely engage young people as equal partners in any decision making that affects them.

The ART31 Youth Board is made up of young people from across Kent aged 13-25 who steer its governance, and influence policy and practice across the county and beyond, challenging the creative sector to examine existing ways of working and integrate young people into the core of their practice.

Our projects with young people

GENFest Young people posing in a cardboard Instagram frame

ART31 Generate

Providing workshops, support, and performance opportunities, Generate is where creativity gives voice to young perspectives whether in theatre making, film media, music, visual arts and more!

Youth Theatre
Live Streaming film equipment.

SCREEN31

Screen31 is a group for young people aged 15-25 interested in developing their film-making skills.
TECH31

TECH31

Set over two days TECH31 is a free workshop designed to provide 13-25 year olds with an opportunity to develop their skills in sound, lighting, stage management and much more. 
Actors on stage

National Theatre Connections – Gulbenkian Young Company

NT Connections is the National Theatre’s nationwide youth theatre festival. Each year it offers a unique opportunity for youth theatres and school theatre groups to stage new plays written for young people by some of theatre’s most exciting playwrights, and to perform in leading theatres across the UK.
Gulbenkian Uncovered image 03

Gulbenkian Uncovered

Are you enthusiastic, committed and creative? Gulbenkian Uncovered gives University of Kent students the chance to programme films and run events.

Square Pegs 1

Square Pegs Arts

Square Pegs Arts are an award winning charity who provide drama groups, music projects and other accessible Arts opportunities for children and young adults who have learning disabilities and autism, and produce original, inspiring, challenging Theatre. Difference is celebrated and everyone is supported to shine in their own way.
A selection of images arranged on a wall

KRAN Drama Group

KRAN is a drama group in partnership with Kent Refugee Action Network for young refugees and asylum-seekers.
Accessible Film Club

Relaxed Screenings

Monthly film screenings that are open to all, especially those with autism and learning disabilities.

Young People - Screen31 ARTY31

ARTY31

Gulbenkian’s ARTY31 group is for young people aged 8-12 with a wide variety of arts interests.

Film tickets

Results
Clear
See what other events are happening at the Gulbenkian
What's on Link icon