Privacy Policy

Purpose of Site

This website has been designed, created, and is coordinated by The Ark to promote and inform you about our work.

You are also able to book via this website for our events, using our online ticketing partner, Ticketsolve, who acts as a data processor on behalf of The Ark.

Any data that you share with us via ark.ie or ark.ticketsolve.com will be processed and stored in compliance with the EU General Data Protection Regulations, as enacted in the Data Protection Bill 2018.

This website may include links to other external sites. The Ark is not responsible for the content or quality of any material contained on these sites and links should not be taken as an endorsement. We would advise you to check the privacy policy of any website that you may have concerns about.

If you wish to discuss this policy with The Ark or any other matters relating to our privacy policies generally, you can:

• Email data@ark.ie
• Write to us at: Data Protection, The Ark, 11a Eustace Street, Temple Bar, Dublin 2

Collection and Use of Personal Information

The information that you provide to us will be used only for its stated purpose. It is our policy never to share your information to any third party other than those outlined in this privacy policy who are directly carrying out the role of Data Processor for The Ark. We wil never sell your information or disclose it to external parties unless obliged to disclose such information by a rule of law.

What do we use your information for?

The information we collect from you may be used in one of the following ways:

• To process transactions - for the express purpose of delivering the purchased tickets, products or services requested, contacting you as necessary about your order.
• To personalize your experience - your information helps us to better respond to your individual needs.
• To administer a contest, promotion, survey or other site feature.
• To send marketing emails – provided you give us your consent, the email address you provide us may be used to send you information and updates.
• To improve our website - we continually strive to improve our website offerings based on the information and feedback we receive.

How do we protect your information?

The Ark takes the security of your data very seriously and aims to be open and transparent about how your data is collected and used. We employ appropriate physical and technical security measures, conduct staff training and generate organisation-wide awareness, and regular reviews of these responsibilities.
We maintain three databases where your information is stored. Next to each of these main databases are the platforms that we use to process and store the information:

• Customer data: Processed and hosted by Ticketsolve and MailChimp
• Invite lists & Fundraising Database: Insightly
• Form entries, applications and surveys: JotForm

Each of these platforms have been carefully selected to provide these services to The Ark based on their suitability for our needs as well as their demonstrated commitment to the security and safety of our data. All of these databases are hosted offsite, not on servers on The Ark’s premises. Only authorised, trained staff have access to these databases.

Using these platforms means that the data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us for the provision of support services. We have Data Processing Agreements in place with these third party platforms and a Data Protection Impact assessment has been done on each of them to ensure that they are each in line with 2018 GDPR legislation.

What information do we ask you for?

We collect personal information from you when you place an order, become a member, subscribe to our newsletter, fill out a form or survey, or apply for an employment opportunity. If you contact us, we may store your name, address and e-mail address in order to respond to your enquiry or request.

We also use cookies on this website to gather technical information to help us deliver content in teh best way for youyr device, monitor the way that the website is used and how effective and relevant our cummunications are.

How do we collect & process your information?

Orders:
All purchases (tickets and merchandise) made online, by phone or in person, are processed via https://ark.ticketsolve.com, a secure and dedicated sub domain of Ticketsolve, our online ticketing partner.

When you make a booking, you will be asked for your name, email address, billing address and phone number. Our legal basis for collecting this information is that of ‘Contractual Necessity’. We ask for this data in order to process transactions and fulfil your order or request – including keeping you updated about the event and any changes or cancellations. This data, and the account that you create will be kept for a maximum of 18 months from the date of your requested event or product delivery, unless you book further events or have joined our mailing lists.

Any credit card payments made online, over the phone or in person are securely processed via Realex (phone or online) or AIB merchant services (in-person sales). Your details are input using portals provided by, processed and retained by these third-parties purely for the purpose of completing that transaction. Credit card details are not stored or accessible to The Ark once processed.

Membership:
When you sign up for one of our membership schemes (including our free ArkEd or artists schemes), we will ask you for your details so that we can deliver your benefits and ensure that our communications are relevant to your interests. Just like orders, this information is collected on the legal basis of ‘Contractual Necessity’. These details will be processed and using secure forms provided and processed by Ticketsolve or JotForm. This information will be retained by us for the duration of your membership and a maximum of 18 months after the membership ends unless you renew or make another purchase, which will resent the 18 months.

Email Newsletter:
We use MailChimp to create and send our email newsletters, to keep you in touch with our news and information about upcoming events. Our legal basis for collecting and processing your information for this purpose is that of ‘Consent’. This means that we will only ever send you this newsletter if you have actively consented to us doing so in the following ways:

• When you make an order, you will be given the opportunity to sign-up for our email newsletters. You will actively need to give consent to be added to this list by ticking a box online or by verbal assent if you are speaking with one of our staff members.
• You can also sign up for this list without making any purchase using the ‘Stay in Touch’ link on our home page or by speaking to a member of staff. The ‘Stay in Touch’ link takes directly to you to Mailchimp

You have the right to withdraw your consent. You can unsubscribe from this list at any time by using the unsubscribe link at the bottom of every email or by emailing data@ark.ie. Please note that in order to honour your request and ensure that you do not receive information from us, we may need to retain your email address on a ‘supression’ list on Mailchimp.

Forms, Competitions or Surveys:
When you fill out a form or survey or enter a competition, you will be asked to fill out an online form (using our secure third-party JotForm) or email your entry directly to us. We may ask you for personal information to enable us to process your entry or any prizes. This personal information will only be used in conjunction with the specific purpose you supplied them for, and will not be retained once this purpose is completed. As we are only processing your information due to your active submission of the entry or survey, our legal basis for collecting the information is that of ‘Consent’. There may be the option on an entry form to sign up for our email newsletter – consent for the emails is NOT a condition of entry into the competition.

Employment Opportunities:
If you apply for any employment opportunities, you will be supplying us with personal information via email or using our secure online application forms (JotForm). This information will only be used to process your application, and will not be retained beyond any time limits required by law or laid out in our Data Protection Policy. Our legal basis for collecting and processing your information for this purpose is that of ‘Contractual Necessity’ as you are submitting the information for the express aim/purpose of entering into a contract with The Ark.
Please note that anyone working with or at The Ark will be legally obliged to complete our Garda Vetting process.

Cookies & Online information

Cookies are small pieces of information that are stored by your browser on your computer's hard drive. They make it possible for us to provide our online ticketing service and track visitor statistics, such as returning visitors or the way people use the site. They help us to improve our site and to deliver a better and more personalised service to you, including speeding up searches on the site.

Currently (as allowed by the Data Protection Commissioners office) we operate cookies on the basis of ‘consent by implication’, which means that we assume you are happy with our use of cookies if you continue to use the site once made aware of them.

If you don't want us to use cookies when you use our website, you can adjust your internet browser settings not to accept cookies or delete them after your visit. Your web browser's help function should tell you how to do this. Alternatively, you can find information about how to do this for all the commonly used internet browsers on the website: http://www.aboutcookies.org. This website will also explain how you can delete cookies which are already stored on your device.

Please note that if you adjust your browser settings not to accept cookies, this may result in your being unable to use some of the facilities or features on our website, including any account-based features, booking tickets or purchasing from our online shop.

First-Party cookies on ark.ie:

Essential Cookies:

• Session Cookies - These cookies are temporary cookies that are removed once the transaction has been completed or you log out. It is not possible to purchase anything on the website without accepting these cookies. These cookies help manage the shopping baskets on our ark.ticketsolve.com, as well as enabling you to log in and use your ticketing account.
• Functional Cookies - We may collect technical information about your computer, including where available your IP address, operating system and browser type, to ensure that content from our site is presented in the most effective manner for your device or computer. We do not make any attempt to connect technical information with any individual’s personal information.
• Compliance Cookie - These cookies (cookieconsent_status and _cfduid) allow us to know whether or not you have been informed and given consent to the use of cookies on the site and therefore do not need to be presented with this consent request message again.

Non-essential Cookies:

Google Analytics tracking
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. Examples of the type of information this gives us include the number of visitors to the site, where visitors have come to the site from and the pages they visited. The cookies collect information in an anonymous form, so we don't know who is using our site. We use the information on how people use our website to compile reports and to help us improve the site. You can go to http://www.google.com/analytic... to find out more about Google Analytics cookies and how to opt-out of them.

Email and web tracking cookies:
In our official ezines (sent using MailChimp) we put in tracking so that we can tell how much traffic those emails send to our site and we can track, at an individual level, whether the user has opened and clicked on the email. We rarely use the latter information at a personal level, rather we use it to understand open and click rates on our emails to try and improve them. Sometimes we do use the personal information e.g. to re-email people who didn’t click the first time. If you want to be sure that none of your actions on our email are tracked then you should use your browser to control cookies or unsubscribe from our newsletter using the unsubscribe link at the bottom of the email. No other emails that we may send you have tracking included, for example personal correspondence or emails with invoices attached.

Conversion tracking cookies:
As a charity, we need to ensure that we use resources carefully and with maximum return on investment. To help us optimise the impact of our available advertising budget, we use advertising conversion tracking and targeting pixels or custom URL’s, which enable us to track the pages that have been visited or purchases made by people who have seen our advertising campaigns. This helps us measure the effectiveness of advertising campaigns on these networks and optimise these campaigns by using their insights or reporting options – making them data processors. Results are given as non-personalised, aggregate figures. We make no attempt to match this information with any personal data that we have from our booking process. The networks that we currently use are: Google, Facebook, Twitter and Pinterest. See below for information on how to find out more about their Data Policies.

Third-Party Cookies:

As well as the advertising conversion tracking and targeting pixels outlined above, where we are essentially the data controller, we also host various third-party tools and services on the website to enhance your experience, help you share information or enable us to optimise online advertising campaigns (see section below on Online Advertising). These tools include social like or share buttons and embedded secure forms for sign-ups or competitions. They also include services to enable us to embed our media into the website – eg to embed video, we use tools from YouTube, Facebook or Vimeo or to share audio recordings we may use services such as SoundCloud or Spotify.

These tools or services often include cookies from these third-parties. The Ark is not the Data controller for the information gathered via these cookies, and has no access to the information. You can find out more about the third-parties cookie policies and how to opt-out of their processing activity via the links below.

• Google services - Including YouTube. When you use the website, Google is able to track information about the way you interact with the embedded video, technical information about the devices and browsers you are using. If you are also logged into your Google accounts, they are also able to connect your use of the site with your profile. They are also able to create remarketing lists based on pages visited or actions that The Ark can then use for advertising purposes if we wish. We have no access to the information. You can find out more about your Google privacy choices here.
• Facebook - Including Instagram. Our website hosts and uses Facebook Business Tools including their like & share buttons, embedded video and the Facebook Pixel. The Pixel enables Facebook to carry out some of their Data Processor duties for us (eg track conversions as previously mentioned). It also enables Facebook to carry out their own data processing based on their data & cookie policies – including tracking your activity (whether or not you are logged into your Facebook account), to supply other business tools such as custom audiences (See our online advertising section below) and monitor their product use and performance. You can find out more about how Facebook uses cookies here: https://www.facebook.com/policies/cookies/#
• Twitter - We host Twitter’s tools, including pixels, that enable us to have twitter buttons and content embedded. Twitter are able to track how many people have interacted with or viewed a service as well as tracking individuals across the web. It also enables Twitter to create custom audiences based on the tracking information for visits to pages on ark.ie, that we can then use in our advertising campaigns (see our online advertising section below). You can find out more about Twitter’s use of cookies and how to manage your Twitter privacy options here: https://help.twitter.com/en/rules-and-policies/twitter-cookies
• Pinterest-– As we use Pinterest buttons and occasionally advertise on their platform, we host a Pinterest tag on our website that Pinterest can use to understand who’s visited or made purchases on our site. They can use that info to show ads to the right people on Pinterest. For information abouit how they process your data: https://policy.pinterest.com/en/privacy-policy
• Vimeo - We occasionally use Vimeo’s video player to embed video into our website. When we do this, Vimeo uses cookies to collect technical information and your activities on that page. You can find out more about how Vimeo uses cookies here: https://vimeo.com/privacy
• SoundCloud - We occasionally use Soundclouds player to embed audio into our website. When we do this, Soundcloud uses cookies to collect technical information and your activities on that embedded content. You can find out more about how Soundcloud uses cookies here: https://soundcloud.com/pages/cookies
• JotForm – As previously mentioned, use JotForm’s online forms to run competitions, surveys, invites & rsvps and application forms. They are acting as Data Processors for The Ark for all of this use. However as we are embedding or including links to JotForms secure forms, this means that you will be served with their own cookies that they have in place to monitor, track and understand usage of their site and tools. You can find out more about the way that JotForm uses cookies here: https://www.jotform.com/privacy/

This should not be seen as an exhaustive or complete list of the services we use, or might use in the future, when embedding content, but these are the most common. We will update this list, as and when we put other third-party tools or services in place. We will always ensure a third-parties GDPR compliance before putting them in place with a Data Protection Impact assessment.

Cookies on linked websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over cookies that other website might use so we would advise you to check their privacy and cookie policy

Online Advertising

As a non-profit arts organisation, we have a legitimate interest to secure a wide but well-targeted awareness of our events and activities but on a tight budget. Alongside traditional print advertising, online and digital marketing channels are essential to our sales and public awareness.

We use third-party tools on our website (see cookies section) for our main advertising partners – Facebook, Google, Twitter and Pinterest – to be able to create custom audiences of people who have expressed an interest in a particular event or service based on their behaviour on the site and they can enhance that custom audience with a ‘lookalike’ audience where they use their own data to identify other people with similar characteristics or behaviours to the people identified from our site. This is all done without us having any access or control of that data – the third-party is the Data Controller in these situations.

These platforms can also act as a data processor for The Ark if we provide them with data that we’re holding to create a custom audience or to be able to match off-line conversions with campaigns to give us a clearer picture of the success of a campaign.

We have carried out a Legitimate Interests Assessment and we believe that we can use the legal basis of Legitimate Interests to justify creating advertising campaigns using services from advertising platforms based on data they have collected via cookies on our site and to create a campaign based on a list of people that have signed up for marketing communications from us.

We reached this conclusion based on the following points:

For those who we are advertising to based on the third-parties data (not The Ark’s data) on their site use:

1. Those individuals have been made aware of and had a clear opportunity to disable the third-party cookies during their visit.
2. They also have had the opportunity to opt out of interest-based advertising via these platforms.
3. They would be encountering advertising on the sites involved anyway, so advertising isn’t obtrusive or unexpected. It can be argued that it is in their interests for it to be relevant, personalised content.

For those individuals who we can ‘match’ to users of these sites for targeted advertising based on data that we hold, supplied to these sites for matching:

1. We already have a clear relationship with them, they have agreed to marketing communications already.
2. With their demonstrated engagement with The Ark and the website, it could be reasonably expected for them to see interest-based adverts on these sites.
3. They also have had the opportunity to opt out of interest-based advertising via these platforms.
4. They would be encountering advertising on the sites involved anyway, so advertising isnt obtrusive and it can be argued that it is in their interests for it to be relevant, personalised content.
5. The data we supply is minimal – just email address, no other data. This data is hashed for security before being uploaded to these sites. Data is then deleted as soon as the ‘matching’ process is done.

We feel that our legitimate interests in marketing on social media in this way, with third-parties that we have a data processing agreement in place with, isn’t outweighed by the minimal impact of the adverts on the rights of the individuals involved.

What other processes do we use the Legitimate Interests legal basis for?

• The use of CCTV in the public areas of our building, in the interests of the safety and well-being of our audiences and the safeguarding of children.
• Postal marketing of similar events within the 18 months of our customer data retention period.
• Postal & email distribution of our school’s & education newsletters to the official, publically available Department of Education primary school lists.
• Retaining images of children engaged in our events and activities in our organisational archive once the initial consent-based five year promotional and documentational retention period is finished. Identifiable data connected to the images will be minimised.
• Sending invites and updates to our carefully curated list of The Ark’s stakeholders and industry colleagues.
• Researching using publicly available information about, and communication with, trusts and coporations for the purposes of fundraising or development opportunities.

Any individual can object to being included in legitimate interest based processing by contacting us by email to data@ark.ie

Do we disclose any information to outside parties?

We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information, unless a particular outside party is clearly stated at the point of transaction or consent. This does not include the trusted, contracted third parties who assist us in processing our data – see our current list of third-parties here. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. Non-personally identifiable visitor information and statistics may be provided to other parties for benchmarking, advertising, or other uses.

Children’s Personal Data & Use of the website by Children

We welcome GDPR and the Data Protection 2018's commitment to special protection for children’s personal data. The Ark has always had special policies in place to safeguard the children that attend our events.

As The Ark’s target audience is children ages 2-12, we acknowledge that they are all below the legal age for giving consent to the processing of their personal data. This website has been created in the understanding that it is the significant adults in the children’s life that will be using it – in fact event descriptions for children’s activities are written with the intention that adults can read the description out to the children to involve them in the process of deciding whether to take part. There are minimal opportunities for children to supply information to us via the site and we reasonably expect that any children 12 or under who are using the site are doing so with the express permission and supervision of adults. Therefore we judge the risk that we would be processing children’s data via the site to be minimal. Any personal data that we request about the children who take part – including taking pictures and video - will always be gathered with the express consent of the parent or guardian.

Pictures and Video of Children

“The use of images play an important role in many aspects of work with children and young people. Images in many formats can be used to record, document, demonstrate, promote and celebrate activities and experiences. Increasingly, accessible and diverse technology has meant that recording, sharing, disseminating and publicising images is more widespread than ever before.” (Source. The Arts Council Guidelines for taking and using images of children and young people in the arts sector

The Ark has a clear policy in place for capturing images of children for documentation, archiving or promotional use:

• Images can only be captured with the written consent of the child’s parent or guardian. Other adult relatives are unable to give consent for this.
• Witholding of a consent must never affect or limit the child's experience of the activity they are taking part in.
• Even if a parent has given consent, if a child decides that they don’t want their picture taken, their wishes must be respected.
• Parents taking pictures of their own child at an event is fine (assuming it’s not disruptive to the event or infringing artists' copyright) but if they’re taking pictures that include other children, they should be reminded of the importance of data protection and ask them to refrain from taking pictures featuring other children. If that is unavoidable, they should be reminded that these images should not be shared online.
• Capture of images should be done in a respectful way, with no or minimal impact on the focus or experience of the children.
• Care must be taken to avoid inadvertant discrimination or sterotyping of any child, particularly on the basis of disability, ethnicity or gender.
• Images should not include personal data such as name badges or school crests. Where they do appear, they should be removed or obscured using editing software.
• Accompanying photo credits should be mindful of giving information that could be used in a way that threatens the child’s safety – eg their name, their school or specific address details.
• Images of children’s artwork should only be taken with the permission of the child and any names should be cropped out.
• Images featuring unidentifiable aspects such as a child’s hands, silhouette or the back of their head can be captured but it must be impossible to identify or recognise the child based on that photograph.

Duration of Use:
Despite consent being given for the indefinite use of images, in line with our commitment to children we have decided to put a period of five years on retention for promotional use. This will avoid potential embarassment for children of their imagery being used when they are significantly older. It also ensures that we will have ceased using their image for promotional use before they turn 18. After 5 years, images will only be used for archival and reporting purposes.

Our use of CCTV within The Ark's Building.

We monitor and record images using closed circuit television at our venue. We do this for the purposes of crime prevention, child protection and public safety. The footage is only accessible to authorised members of staff and will only be shared if requested by An Garda Siochana. Our CCTV footage is retained for a maximum of 55 days before deletion.

Your Rights

In line with GDPR and the Data Protection Act 2018 you have the right to:

• Make a Subject Access Request - You have the right to access information we hold about you. If you wish to exercise your right of access, you must submit a written request to data@ark.ie. The information will be delivered within 30 days of your request. Please note that we will ask you to provide proof of your identity before we supply the information to you.
• To have your information updated or corrected - if you discover that any of the data that we are holding is out of date or inaccurate, please get in touch via data@ark.ie and we will update the information.
• To object to direct marketing - You have the right to ask us not to process your personal data for marketing purposes. Email marketing will only ever take place if we have had consent from you for that purpose. We use the Legitimate Interests legal basis for postal marketing and it can only take place for similar events within 18 months of your most recent booking. You can unsubscribe from email marketing at any time via the links at the bottom of every email. To opt out of postal marketing, just email data@ark.ie or call 01 670 7788.
• To have your information deleted from our records - Unless there is a compelling legal basis for us to retain your data, you can ask us to delete your information. Just email data@ark.ie to request this.
• To restrict the processing of your information - The Ark doesn’t use any automated decision-making but you would have the right to object to this type of decision-making or to any processing that we are carrying out on the legal basis of Legitimate Interests.

Updates to this Privacy Policy

This Privacy Policy will be audited every six months to ensure continued compliance with regulations. Interim updates will also be made where we change any policies or procedures, bring new third-party Data Processors on board, or to reflect urgent changes or developments in the regulations.