Privacy Notice
WHO ARE WE?
We are The Ark Children’s Cultural Centre (CLG) (The Ark), a registered charity and not for profit organisation. Our head office is in 11a Eustace St, Temple Bar, Dublin 2. The Ark is the data controller in respect of personal data which we collect and process with the purpose of providing our services.
The Ark is committed to protecting the privacy and data protection rights of individuals whose personal data we process.
This notice sets out the basis on which any personal data we collect from you, or from others, will be processed by us. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
DETAILS OF PERSONAL DATA PROCESSING
In the course of providing our services, we collect and process personal data as set out in this Notice. This includes personal data we receive directly from individuals (Data Subjects) when they contact us by mail, phone, email or otherwise, or when they complete a physical or online form. It also includes personal data we receive indirectly from other sources including, for example, schools or our partners.
We will only process personal data for the specific purposes set out in this Notice or for any other purposes specifically permitted by the applicable law. We will notify those purposes to the individual whose personal data is being processed when we first collect the data or as soon as possible thereafter.
The personal data we collect, details of the processing activity and the lawful bases are as follows:
| PROCESS | DESCRIPTION OF PROCESSING | LAWFUL BASIS |
|---|---|---|
| Customers/Members | - | Contract |
| - | When you become a customer or member of The Ark, we may collect the following types of personal data from you: name, address, contact details, financial information (e.g., payment information) We also collect some special category data (e.g. age categories). | |
| - | When we provide our services we may collect names, address, age,, name of school, parent guardian names and contact details. We also collect some special category personal data including health information (e.g. allergies, medications). | |
| - | We use this data to set you up as a customer/member on our systems; to sell tickets for arts activities; to provide membership services, to provide you with information on entertainment & events, to administer and deliver our activity and for health and safety purposes. | |
| - | When corresponding with us by phone, e-mail or otherwise, we ask you to disclose only as much information as is necessary to provide you with our services. | - |
| Sales and Marketing | - | Consent / Legitimate interest |
| - | We collect the following information: name, address, email address, phone number, communication preferences. | |
| - | We use this data to deliver information about our products and services via email and post; to send you invitations to events; to personalise a user’s experience; to administer competitions, promotions, or surveys; to improve the ark.ie website; to sell you tickets for events. | - |
| Finance | - | Contract |
| - | We collect name, address, contact details, financial information (e.g. bank details). We use this data to ensure payment of our invoices; for internal and external auditing and to make appropriate financial returns to revenue; to process payment of invoices. | - |
| Suppliers/Partners | - | Contract |
| - | We collect personal data from suppliers and partners (e.g. IT service providers, other arts organsations) and their employees such as names, contact details, financial information. We use this data to set you up as a supplier/partner on our system; to liaise with you on projects that we are undertaking with you; to provide you with information and to process payment of your invoices. | - |
| Recruitment/Contractors | - | Legitimate Interest. |
| - | When we engage in a recruitment process with you, we process your personal data which you share with us such as information you may provide in your CV, a cover letter, your name, address, e-mail address and phone number. CVs should include information relevant to your employment history and education (degrees obtained, places worked, positions held, relevant awards, and so forth). We may also collect portfolio information. | Where you become employed by us our legal basis will be then based on performance of a contract. |
| - | We ask that you do not disclose sensitive personal information (e.g. gender, height, weight, medical information, religion, philosophical or political beliefs, financial data) in your application. | |
| - | We use this data to screen candidates, to assess suitability for roles, to facilitate garda vetting and to make offers to successful candidates or contractors. We process this information in order to recruit staff members, volunteers and contractors. | - |
| Website data | - | Legitimate interest and/or consent. |
| - | We collect data from cookies on our website (ark.ie). | See our cookie policy for more information: https://ark.ie/about/cookie-policy |
| - | We use this data to administer and improve our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes; as part of our efforts to keep our website safe and secure; to measure or understand the effectiveness of advertising we serve to you. | |
| - | We use this data to administer and improve our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes; as part of our efforts to keep our website safe and secure; to measure or understand the effectiveness of advertising we serve to you. | |
| - | These tools or services often include cookies from these third-parties. The Ark is not the Data controller for the information gathered via these cookies, and has no access to the information. You can find out more about the third-parties cookie policies and how to opt-out of their processing activity via the links below. | - |
| CCTV | - | Legitimate Interest |
| - | We operate CCTV at our cultural centre in 11a Eustace St, Temple Bar, Dublin 2. CCTV is only installed in public areas of the building. Data collected and processed is used for the purposes of crime prevention, health and safety and child protection. | |
| - | CCTV footage is retained by The Ark for a period of 28 days. | - |
| Special category data collected | - | Explicit Consent |
| - | We also process special category data. This includes special category data received by Ark from data subjects directly and indirectly. Examples of special category data collected include health information for attendees to events (allergies and medication). We use this data to provide our services effectively and for health and safety purposes. | - |
When you become our customer/member the processing of your personal data, and/or that of members of your team who you nominate to liaise with us, will become a condition of the contract between us as we require certain information in order to be able to provide you with our services (e.g. contact information). In those circumstances, if you do not provide your information when requested, we may be unable to provide our services to you.
WHAT INFORMATION ABOUT YOU DO WE OBTAIN FROM OTHERS?
When you use our services, we may obtain the following categories of personal data from others:
- We may collect personal data including names and contact details.
- When we provide our services to schools we may collect names, addresses, ages, dates of birth, name of schools, parent/guardian names and contact details. We also collect some special category personal data including health information (e.g. allergies, medications).
WHO DO WE SHARE YOUR DATA WITH?
In Schedule 1 we outline the carefully vetted third-parties that we use to process our data. We do not share data with third-parties such as other theatre companies, funders or individuals.
If we are under a duty to disclose or share your information in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect our rights, property, or safety, our customers, or others. This includes exchanging information with An Garda Siochana, Tusla or other companies and organisations for the purposes of fraud protection and credit risk reduction;
HOW LONG DO WE KEEP HOLD OF YOUR INFORMATION?
We only collect the amount of personal data that is necessary for us to provide our service to you and to fulfil our obligations. We will only keep that data for certain periods. The time periods for which we retain your data depends on the type of personal data and the purposes for which we use it. We will keep your personal data for no longer than is required or permitted.
For further information on the periods for which your personal data is kept, please see our data retention policy which can be accessed here [LINK TO DATA RETENTION POLICY].
DO WE TRANSFER YOUR INFORMATION OUTSIDE THE EUROPEAN UNION OR THE EUROPEAN ECONOMIC AREA?
Yes. Certain personal data that we collect from you will be transferred to one of our suppliers based in the US for Marketing purposes. This is of course constitutes a personal data transfer outside the European Economic Area (“EEA”) to a location where there is no adequacy decision relating to the safeguards for personal data from the European Commission. The following appropriate safeguards have been put in place to protect your information:
- Standard Contractual Clauses - You may obtain a copy of those safeguards by contacting us at data@ark.ie or you can write to us at: Data Protection, The Ark, 11a Eustace Street, Temple Bar, Dublin 2.
AUTOMATED DECISION-MAKING AND PROFILING
We do not currently use automated decision-making or engage in profiling. In the event that we do begin engaging in this type of processing activity, we will update this privacy notice accordingly. See our cookie policy for more information.
CHILDREN’S PERSONAL DATA & USE OF THE WEBSITE BY CHILDREN
We welcome GDPR and Data Protection 2018's commitment to special protection for children’s personal data. The Ark has always had special policies in place to safeguard the children that attend our events in line with The Ark’s Child Safeguarding Policy.
As The Ark’s target audience is children ages 2-12, we acknowledge that they are all below the legal age for giving consent to the processing of their personal data. This website has been created in the understanding that it is the significant adults in the children’s life that will be using it. There are minimal opportunities for children to supply information to us via the site and we reasonably expect that any children 12 or under who are using the site are doing so with the express permission and supervision of adults. Therefore, we judge the risk that we would be processing children’s data via the site to be minimal. Any personal data that we request about the children who take part – including taking pictures and video - will always be gathered with the express consent of the parent or guardian and used in line with The Ark’s Child Safeguarding Policy.
WHAT ARE YOUR RIGHTS WITH RESPECT TO YOUR PERSONAL DATA?
You have the following rights:
- to request access to any Personal Data held by us relating to you (a “Data Subject Access Request”). To make a Data Subject Access Request, please email us at data@ark.ie.
- to have any inaccurate or misleading data rectified, corrected or erased (subject to certain statutory restrictions);
- to restrict the processing of Personal Data in certain circumstances;
- not to be subject to a decision based solely on automated decision-making including profiling (subject to certain statutory restrictions);
- to data portability, which allows individuals to move, copy or transfer Personal Data from one IT environment to another. You can request to obtain a copy of your Personal Data in a commonly used electronic format so that you can manage and move it.
- to object to processing of Personal Data based on public interest grounds or based on legitimate interest of the data controller (subject to certain statutory exceptions).
- where your data is processed based on your consent, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of processing based on consent before your consent was withdrawn.
Please note that these rights are not absolute rights and may be subject to statutory restrictions.
To avail of any of the rights set out above, you can email us at data@ark.ie or you can write to us at: Data Protection, The Ark, 11a Eustace Street, Temple Bar, Dublin 2. Suitable proof of identification may be required before a request can be processed.
You also have the right to make a complaint to a supervisory authority. For a list of Supervisory Authorities in Europe, please see this list on the European Commission’s website: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
WHAT WILL HAPPEN IF WE CHANGE OUR PRIVACY NOTICE?
This notice may change from time to time, any changes will be posted on our website and will be effective when posted. Please review this notice each time you use our website or our services. This notice was last updated in June 2023
HOW CAN YOU CONTACT US?
If you wish to contact us in relation to the processing of your personal data by The Ark you can email us at data@ark.ie or you can write to us at: Data Protection, The Ark, 11a Eustace Street, Temple Bar, Dublin 2.