Privacy Policy

Last updated: 24 May 2021

Corridor8 is a company limited by guarantee and a not-for-profit organisation. This privacy policy explains how our organisation uses the personal data we collect from you when you use our website: https://corridor8.co.uk/

Overview

We track/store only what is essential for reporting to funding bodies (mainly Arts Council England as part of applications and evaluations), and for clients who pay for advertisements on our website (mainly arts organisations in the North of England). Specifically, we use Analytics to track page visits and advert click throughs, and to indicate the broad geographic location of visitors. Personal data gathered through the website is only shared with our hosting provider Stablepoint and the security platform WordFence, and pseudonymous personal data is shared with Google Analytics. Newsletter signups are shared with MailChimp.

What data is collected and why?

Personal data is also known as personal information, personally identifying information (PII), or sensitive personal information (SPI). It refers to any information that may be used to identify a person such as a name or IP address.

We collect personal data primarily on the lawful basis of legitimate interest. More specifically, we use it to ensure we are meeting our projected engagement numbers, which are essential to our ongoing sustainability as a small, not-for-profit arts organisation without regular funding. When legitimate interest does not suffice, for example in the collection of email addresses for our e-newsletter, we do so on the lawful basis of consent. The nature of the collected data, how the data is used, who the data is shared with, and how long the data is retained is outlined below.

Web Hosting & Server Logs 

Our web hosting provider is Stablepoint, with offices in the UK, Indonesia and Bulgaria. View their Privacy Policy. Our website is hosted on UK-based servers maintained by Stablepoint. As with most hosting providers, Stablepoint gathers selected personal information in server logs including device details, the IP address of the visitor, and the host name of the accessing computer. These server logs are essential for maintaining the functionality and security of our website over time.

Embedded content from other websites 

Embedded content can include videos, images, or articles. A common example is a YouTube video. Embedded content behaves in the exact same way as if you had visited the originating website. Because of this, websites associated with embedded content may collect data about you, use cookies, embed additional third-party tracking, monitor your interaction with that embedded content, and track your interaction with the embedded content if you have an account and are logged in to that website.

Newsletter 

The e-newsletter platform that we use is MailChimp located at The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. View MailChimp’s privacy policy. If you sign up to our newsletter, MailChimp will collect your email address and your permission on our behalf to contact you. You may edit your preferences or unsubscribe at any time by clicking the relevant link in one of our email newsletters. We do not enable click tracking or open tracking. For further information about MailChimp’s policies, please see their privacy policy and data processing addendum.

Security

We use Wordfence to configure a firewall, block malicious traffic, give immediate alerts in the event of malicious activity, and enforce strong passwords. These features are essential in maintaining the security of this website and in protecting personal data. Selected personal data including visitors’ IP addresses and accessed URLs is collected and sent to Wordfence so that they may accurately administer their security services. Wordfence is located at Defiant, Inc, 800 5th Ave, Suite 4100, Seattle WA 98104, USA. For further information, please see Wordfence’s GDPR policies and their Data Processing Agreement.

Analytics

We use Google Analytics as our primary analytics provider. We configured Google Analytics to anonymize IP addresses, and we deliberately disabled Data Collection for Advertising Features, Demographics and Interest Reports, User-ID, and all data-sharing settings

Cookies

Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our website, we may collect information from you automatically through cookies or similar technology. For further information, visit allaboutcookies.org.

We use cookies to better understand how visitors use our website, and what kind of content our readers are interested in. The _ga cookie is used to distinguish users from one another, and it expires two years after it is set. The _gid is also used to distinguish users and expires one day after it is set. The _gat cookieis used to throttle the request rate and expires one minute after it is set.

How long we retain your data

Personal information provided when signing up to our newsletter is retained indefinitely. If you unsubscribe, you will no longer receive newsletters from us but we will retain your contact details. If you would like your contact details to be deleted, please get in touch so that we can do this for you.

Personal information provided by registered users of the website is stored in the relevant user profile indefinitely. All users can see, edit, or delete their own personal information at any time. Users cannot change their username but are welcome to get in touch with a website administrator if they wish to do so. Website administrators may also see and edit users’ personal information.

Google Analytics data is stored for 26 months.

How we protect your data

Wherever possible, we follow WordPress’s guidance regarding security and complete all CMS and plugin updates as soon as is feasible. We also use Wordfence for more advanced security features. We avoid transmitting passwords in plain text formats such as spreadsheets, text files, or emails whenever possible.

Data breach procedures

If there is a data breach where personal data may have been compromised, we will get in touch with the affected users where possible and will post an update on this site to let past and future visitors know the nature of the breach and what data may have been involved. Where feasible, we will do so within 72 hours of becoming aware of the breach. We will also report the breach to the relevant supervisory authority where required.

What rights you have over your data

  1. The right to be informed: We inform our users about what data is being collected by displaying a link to the privacy policy clearly in our footer, and by using as little jargon as possible in our policy.
  2. The right of access: Get in touch and we will provide you with an exported file of any data we hold about you, including data you have provided to us, and we will direct you to the third-party services listed above if your data may be held by them. If you have a WordPress account on this site, you can log in and access your account data at any time.
  3. The right to rectification: If there’s any personal data about you that should be corrected by us, please let us know and we will do our best to correct it.
  4. The right to erasure, a.k.a. the “right to be forgotten”: Let us know and we will delete all your personal data that we store and will direct you to the third-party services listed above if your data may be held by them. If you have a WordPress account on this site, you can delete your account at any time. If you have commented on the site or we hold your data for any other reason, you can request that we erase any personal data we hold about you. Please note that we cannot remove or erase data that we are obliged to keep for administrative, legal, or security purposes.
  5. The right to restrict processing: If you would like to restrict or suppress the processing of any data we hold about you, get in touch and we will work with you to accommodate this.
  6. The right to data portability: We will give you an exported copy of your data that we hold so that you can provide it to another service.
  7. The right to object: You have the right to file a complaint regarding our collection and use of your data. Please tell us first so that we have a chance to address your concerns. If we fail in this, you can address any complaint to your local data protection authorities.

Attributions

This privacy policy is based primarily on guidance kindly provided by the creators of WordPress directly in the CMS, and from web developer Piper Haywood’s very excellent privacy policy

Questions & Feedback

We try to keep our privacy policy as transparent and easy to understand as possible. Please let us know if we can improve it further or if you have any other questions by emailing us.