Bishwa Shahittya Kendra (BSK) UK and the www.bskuk.com website is committed to safeguarding your privacy and developed this Privacy Policy to explain how we use the Personal Data we collect about you.
The following complies with General Data Protection Regulation (GDPR).
This policy may change from time to time so please check it periodically.
This update is current as of 05 May 2022.
Please take a look at sections below and email bishwo.shahitto.kendro.uk@gmail.com if you have any further enquiries around the usage and collection of your Personal Data.
The Data Controller means the person or organisation who decides the purposes for which and the way in which any personal data is processed.
As BSK Data Controller we determine the purposes and means of the processing of your personal data.
You can contact us by emailing bishwo.shahitto.kendro.uk@gmail.com or you can write to us via:
Information Compliance Officer
Bishwa Shahittya Kendra
99 Lansbury Crescent
Dartford
DA1 5DQ
3.PERSONAL DATA
This section explains the sort of data we might collect about you.
3.1 The Data We Collect
In order to conduct and manage our business we collect, retain and use Personal Data and Sensitive Personal Data, referred to in this policy as “Personal Data”. We only collect, process and maintain the minimum necessary in order to provide our services effectively.
This information might be provided by you when using one of the services such as purchasing tickets, using our website, creating an account or subscribing to our email and postal marketing lists but it can also be collected from other sources, including third parties that you have authorised to pass on your information to us, or from data in the public domain.
Personal Data is information that relates to you (whether you are directly or indirectly identifiable), such as (but not limited to) your name, address, email address, telephone number, country of residence, date of birth, credit and debit card details, purchase history, location data, or online identifier e.g. IP Address and Cookies.
Special Category Data (sometimes called Sensitive Personal Data) refers to the above but specifically includes genetic data and biometric data, such as (but not limited to) religious or philosophical beliefs and political opinions, racial or ethnic origin, biometric data (e.g. photo in an electronic passport).
3.2 Retention of Your Personal Data
BSK retains your Personal Data only for as long as is necessary to fulfil its business needs and/or legal obligations. This period will vary depending on the service or function being performed but adheres to retention schedules that are regularly reviewed.
When the retention period is reached we may review whether we still need to retain it or update it. When we consider that the Personal Data is no longer needed for any purpose it will be securely deleted.
If you decide to that you no longer wish to do business with us we may keep some basic information so that we can confirm that the relationship existed – and that it has ended – as well as some of its details. This information may then be deleted in accordance with the appropriate retention policy.
For more information about your rights, such as the Right To Erasure please see Section 7 below.
3.3 Security of Your Personal Data
We take every precaution to protect your Personal Data.
We have put in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your personal information as secure as possible.
We will ensure that any third parties we use for processing your personal information do the same.
We will not transfer, process or store your data anywhere that is outside of the European Economic Area.
In order to process your Personal Data we must have a lawful basis to do so. When we process your data we either do so to fulfil contractual obligations, you have given us your consent, it is in our legitimate interest, or we have a legal obligation to do so.
In this section we outline typical reasons for processing your data and the lawful basis under which this is carried out. This is intended to help you understand how our Privacy Policy is applied in practical terms and is not intended as an exhaustive description of the ways in which Personal data is used.
4.1 Contract
One of the most common occasions when we might process your Personal Data is when we need to do so in order to fulfil a contract. If you purchase tickets through Eventbrite, for example, we will process Personal Data including your name, address, email address, phone number and credit/debit card details. To fulfil our contract, we may also send you order confirmations and pre-show information by email or post, or we might telephone you about your order.
In order to process a transaction your Personal Data including card details may be passed to third party service providers who act as Data Processors under instruction from us (see Section 5 below).
We may also collect personal data that you give to us about other people if you register them to attend an event. You agree that you have notified any other person whose personal data that you provide to us of this Privacy Policy and, where necessary, obtained their consent so that we can lawfully process their Personal Data in accordance with this policy.
4.2 Consent
All of our Direct Marketing communications via email and electronic messenger services are processed on the lawful basis of Consent.
When you opt in to receive direct marketing communications from us you agree to receive targeted news and information about events and activities (including fundraising), which we feel might be of interest to you.
For example, this communication might be about a new visit by a comedian you have seen before, news about our participatory activities, an advert about our membership scheme, a request for a donation or information about cultural activities taking place in Lincoln
You also have the opportunity to opt in to being contacted directly by specific visiting companies. When you opt into this you agree to your Personal Data being shared with a third party data controller (see Section 5 below).
You can withdraw consent at any time by logging into your Customer Account and updating your Data Preferences, clicking unsubscribe on a direct marketing email or by contacting us verbally or in writing via bishwo.shahitto.kendro.uk@gmail.com or via the Information Compliance Officer at the address in section 2 above (see section 7.9 below).
4.3 Legitimate Interest
Legitimate Interests means that we can process your Personal Data if we have a genuine and legitimate reason and we are not harming any of your rights and interests.
Generally, this means that when you provide Personal Data, unless stated otherwise, we will use this information for our legitimate interests to carry out our business of operating a theatre and arts organisation.
Before doing this, though, we will also carefully consider and balance any potential impact on you and your rights.
These are what we consider to be core ‘Legitimate Interests’, with some examples of the types of processes we might use to achieve them.
When we process your Personal Data for our legitimate interests, we will consider and balance any potential impact on you and your rights under relevant legislation.
Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to do so by law). For more information on your rights see Section 7 below.
4.4 Customer Profiles
In accordance with our legitimate interests we may make use of profiling and screening methods to identify potential new customers and supporters, produce more relevant communications, target digital advertising and provide a better experience for our customers and supporters. Processing your Personal Data for profiling can help us target our resources more effectively by gaining an insight into the background of our customers and supporters, helping us to build relationships that are appropriate to your interests and capacity to engage and/or donate.
To do this we may use third party Data Processors. We may also use additional sources of data to increase and enhance the information we hold about you. This may include (but is not limited to) obtaining details of changes of address, date of birth, telephone numbers and other contact details, information related to your wealth, and demographic data generated through geo-demographic tools, such as Audience Finder and MOSAIC, survey results and psychographic data. It may also include information from public registers and other publicly available sources such as Companies House, newspapers and magazines.
If you wish to object to the processing of Personal Data in any of the ways listed above or you simply have questions about this please contact us via bishwo.shahitto.kendro.uk@gmail.com or the Information Compliance Officer at the address in Section 2 above.
4.5 Children and Young People Under 18
BSK champion’s children and young people under 18 engaging with the arts. In order to help us make it easier for them to do so this may involve the collection and processing of Personal Data.
If you are under 18 then we are particularly keen to make sure that you are aware of the risks involved in passing on your Personal Data.
When ordering from us you are entering into a contract and this means we may need to process your Personal Data. If you are unsure what you are consenting to please speak to a member of the BSK team or email bishwo.shahitto.kendro.uk@gmail.com with your question.
We will generally process your Personal Data in the same way as we would for someone over the age of 18 but we have a responsibility to protect you from risks that you may not fully appreciate and from consequences you may not fully envisage. We’ve identified the following areas where we might process your Personal Data differently.
Using our legitimate interests to process your Personal Data. This means we will process your data because we have a necessary business reason to do so but in a way that does not conflict with your rights. We always carry out assessments and take into account the need to take extra care when processing your information in this way. We may still directly market to you and use your details for profiling and segmentation but we will also consider your age when communicating with you to avoid sending something content that is inappropriate.
When seeking consent to process your Personal Data for direct marketing via electronic communication, if you are under 13 we will need to ensure we have your parent or guardian’s consent as well. As a parent or guardian we encourage you to be aware of the activities in which your children are participating, both offline and online. If your children voluntarily disclose information, this may encourage unsolicited messages. We suggest that you discourage your child from providing any information without your consent.
We will never sell or rent your Personal Data to other organisations.
There are, however, certain circumstances under which we may disclose your Personal Data to third parties.
Technology is increasingly changing how we communicate, consume and share information with each other and at first glance it’s not always clear who is responsible for your Personal Information and how it is being processed. This section outlines how your details are used by us on the web.
6.1 Cookie Policy
Cookies are small pieces of information that are stored by your browser on your computer or mobile phone’s hard drive when you browse website.
For more information on cookies, please visit: aboutcookies.org
6.1.1 Why We Use Them
Cookies help us:
If the settings on your browser that you are using to view this website are adjusted to accept cookies we take this, and your continued use of our website, to mean that you are fine with this. Should you wish to remove or not use cookies from our site you can learn how to do this below, however doing so will likely mean that our site will not work as you would expect.
6.1.2 How Long Do Cookies Last?
When a web server sends a cookie, it asks your browser to keep that particular cookie until a certain date and time. These dates can be:
6.1.3 What Cookies Do We Use
We use cookies to make our website work including:
Our site, like most websites, includes functionality provided by third parties.
We use a third party – Eventbrite – to process our online ticketing (you may have seen the “Powered by Eventbrite” logo at the bottom of some of our web pages). Eventbrite uses cookies to manage the shopping baskets on our ticketing pages, as well as logging in and using your account pages. The cookies used for these functions are temporary cookies that are removed once the transaction has been completed or you log out. It is not possible to purchase anything on our website without accepting these cookies.
Our site includes the following third party functions which use cookies:
The privacy implications on this will vary from social network to social network and will be dependent on the privacy settings you have chosen on these networks.
Disabling these cookies will likely break the functions offered by these third parties.
We use cookies to compile visitor statistics such as how many people have visited our website, what type of technology they are using, how long they spend on the site, what page they look at, etc. This helps us to continuously improve our website. These analytics programs also tell us, on an anonymous basis, how people reached this site (e.g. from a search engine) and whether they have been here before, helping us to develop our services for you. Our site uses the following analytics programs:
These cookies provide information on visitors to Twitter and Facebook, check whether users are logged in to either platform and set application cookies for Twitter and Facebook.
Typically these types of cookies are used to deliver adverts, which will be more relevant to you and your interests. They are also used to limit the number of times you see an advertisement and to help measure the effectiveness of the advertising campaign. They are normally placed by advertising networks with our permission. They remember that you have visited a website and this information is shared with other organisations such as advertisers. Targeting or advertising cookies will often be linked to site functionality provided by the other organisation.
We use ‘Advertising’ cookies on the BSK website to:
6.1.3 Turning Cookies Off
You can usually switch cookies off by adjusting your browser settings to stop it from accepting cookies. Doing so, however, will likely limit the functionality of ours and a large proportion of the world’s websites as cookies are a standard part of most modern websites.
6.2 Social Media – Targeted Digital Display Advertising
In Section 4 we outline how we process your Personal Data under the lawful basis of legitimate interest in order to undertake direct marketing including targeted digital display advertising.
In addition to the use of cookies noted in 6.1.3 we also build profiles on Facebook by using your email address. These profiles are used to create lists of users that are more likely to respond to targeted digital display adverts. We do this by creating what are called Custom Audiences and Lookalike Audiences, using Facebook as our Data Processor.
To achieve this, we convert your Personal Data into an easily readable format such as a CSV file and upload it to our browser where it is hashed locally before being sent to Facebook. Hashing turns the Personal Data in the file into short fingerprints of code that cannot be reversed. It happens before your data is sent to Facebook. This pseudonymised data is more secure as no third party can decrypt it. Once received, Facebook matches this hashed Personal Data against its own hashed Personal Data. The matches are then turned into a Custom Audience in our Facebook account and the matched and unmatched hashes are deleted. Facebook states that the hashed email addresses are only used for the matching process and will not be shared with third parties or other advertisers. In addition, we do not have the ability to identify individual Facebook accounts within a Custom Audience, nor do we have the ability to tell which hashed email addresses were effectively matched or not.
Lookalike Audiences can also be created by using your email address in the same way as Custom Audience, but with an extra step where we request Facebook to use its algorithms to profile the Custom Audience against its users and create a new audience of similar people, which will not include you.
Both of these audience groups can then be narrowed further using Facebook’s Detailed Targeting settings, such as age range or distance from the venue, but we cannot reduce the audience below the minimum size of 1000. This ensures that all Custom and Lookalike Audiences remain a bulk list and individual users cannot be identified through the process of elimination. We then prepare an advert, select the audience and Facebook targets the digital display advertisement accordingly.
To test the effectiveness of our campaigns we may also make use of Facebook’s Offline Conversions function, where customer sales data is hashed similar to the above and compared to hashed Facebook users that were served an advert. This function then informs us to whether there is any correlation between the advert and the subsequent purchase.
When we process your personal data for our legitimate interests in this way we take great care to consider and balance any potential impact on you and your rights.
If you wish to object to the processing of Personal Data being used in any of the ways listed above or you simply have questions about this, please contact us via bishwo.shahitto.kendro.uk@gmail.com or the Information Compliance Officer at the address in Section 2 above.
However, the nature of Detailed Targeting via Facebook means that some of our adverts can still reach you (even if we have not used your Personal Data to create Custom or Lookalike Audiences). In this scenario Facebook is the Data Controller and will provide options within its privacy settings to allow you to opt out.
Under the General Data Protection Regulation you have a number of legal rights relating to the collation, retention, processing, sharing and use of your Personal Data. These are:
7.1 The Right To Be Informed
You have the right to be informed about the collection and use of your Personal Data. As a Data Controller we have an obligation to provide you with information relating to how we process your Personal Data, our retention periods for that personal data, and who it will be shared with.
This is called “Privacy Information”.
This Privacy Policy is our main method for providing you with this Privacy Information but we may do so using other techniques at the point of collecting your Personal Data from you.
Please note, we regularly review, and where necessary, update our Privacy Information.
We must also bring any new uses of your Personal Data to your attention before we start the processing.
7.2 The Right of Access
You have the right to access your Personal Data.
To request a copy of your Personal Data please email bishwo.shahitto.kendro.uk@gmail.com or to the Information Compliance Officer at the address in Section 2 above.
There is currently no charge for this.
7.3 The Right to Rectification
Although we make every effort to ensure the accuracy of all Personal Data held by us, you may feel that what we currently have on record is inaccurate or incomplete. If you wish us to update this information you can make a request for rectification either verbally or in writing via bishwo.shahitto.kendro.uk@gmail.com or via the Information Compliance Officer at the address in Section 2 above.
7.4 The Right to Erasure
Under GDPR you have the right to have Personal Data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances.
If you wish to request the erasure of your Personal Data you can make a request either verbally or in writing via bishwo.shahitto.kendro.uk@gmail.com or via the Information Compliance Officer at the address in Section 2 above.
7.5 The Right to Restrict Processing
You have the right to request the restriction or suppression of your Personal Data. This means that you can limit the way that we use you data but this is different from having your data erased.
You may wish to exercise this right because you have issues with the content of the information we hold or how we have processed your data. This is usually a temporary measure whilst we investigate the accuracy of your Personal Data or the grounds for processing it.
If you wish to request the restriction of processing of your Personal Data you can make a request either verbally or in writing via bishwo.shahitto.kendro.uk@gmail.com or via the Information Compliance Officer at the address in Section 2 above.
7.6 The Right to Data Portability
This right allows you to obtain and reuse your Personal Data for your own purposes across different services in a safe and secure way, without hindrance to usability (e.g. in a commonly used machine-readable form such as a CSV file). This only refers to Personal Data that you have provided to us, is processed through automated means and where that processing is based on your consent or the performance of a contract.
If you wish to request your Personal Data in a portable format you can make a request in writing via bishwo.shahitto.kendro.uk@gmail.com or via the Information Compliance Officer at the address in section 2 above.
7.7 The Right to Object
You have the right to object to the processing of your Personal Data based on legitimate interests (see Section 4 above). This can specifically include direct marketing (including profiling); and for the processing for purposes of scientific/historical research and statistics.
If you object to the processing of your Personal Data for direct marketing purposes, we must stop processing your Personal Data in this way immediately and there are no exemptions or grounds to refuse.
If you wish to object to the processing of Personal Data, you can make a request either verbally or in writing via bishwo.shahitto.kendro.uk@gmail.com or via the Information Compliance Officer at the address in section 2 above.
In addition, to help you exercise control over the processing of your Personal Data for Direct Marketing via electronic communication you can unsubscribe at any time by following the links on direct marketing emails or, if you have purchased tickets online via our website you can log into your Customer Account and update your Direct Marketing preferences there.
7.8 Rights in relation to automated decision making and profiling.
We use your Personal Data to undertake profiling to better understand our audiences more deeply so that we can produce relevant communications and provide a better experience for our customers and supporters (see 4.4 above). You can object to the processing of your Personal Data in this way under the Right to Object outlined in Section 7.7 above.
If you wish to object to the processing of Personal Data you can make a request either verbally or in writing via bishwo.shahitto.kendro.uk@gmail.com or via the Information Compliance Officer at the address in Section 2 above.
7.9 The Right to Withdraw Consent
As noted in Section 4.2 above, we process your Personal Data for electronic Direct Marketing purposes by your Consent and you have the right to withdraw this at any time. This does not affect your other rights under GDPR.
To withdraw your consent for the processing of your Personal Data as outlined above you can do so verbally or in writing via bishwo.shahitto.kendro.uk@gmail.com or via the Information Compliance Officer at the address in Section 2 above.
7.10 Complaints
If you believe that the processing of your Personal Data has infringed on the General Data Protection Regulation you can lodge a complaint with the Information Commissioner’s Office. More information about reporting a breach can be found here: https://ico.org.uk/for-organisations/report-a-breach/
In order to deliver our services, we work with selected third party service providers to process data on our behalf and on our instructions. This is to ensure your Personal Data and the safeguarding of your privacy is managed efficiently and effectively.
In these cases we require that these third parties comply strictly with our instructions and with data protection laws, for example around security of personal data.
Our main third party Data Processors are:
BSK will use third party ticket provider, Eventbrite, for one off events and workshops. We utilise the website to manage event attendees and to contact you directly with any updates or changes. For more information, please see Eventbrite Privacy Policy
The data collected is personal data and will be handled in accordance with GDPR to protect the privacy of our staff, customers and visitors.
NHS Test and Trace or Public Health Officers will ask for these records only where it is necessary. For example, if our premises has been identified as the location of a potential COVID-19 outbreak.
NHS Test and Trace will work with us, if contacted, to ensure that information is shared in a safe and secure way. We must share the requested information as soon as possible to help the NHS identify people who may have been in contact with the virus and help minimise the onward spread of COVID-19.
NHS Test and Trace will handle all data according to the highest ethical and security standards and ensure it is used only for the purposes of protecting public health, including minimising the transmission of COVID-19. For more information, please see the government website for maintaining records to support NHS Track and Trace.