Privacy Policy
Privacy Policy
Privacy Policy
1. Introduction
Crazy Peach Art Foundation ("we", "us", "our") is committed to protecting the privacy and personal data of our artists, volunteers, participants, and visitors. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This policy applies to all personal data we process, whether collected directly from you or obtained from third parties.
2. Data Controller
The data controller responsible for your personal data is:
Crazy Peach Art Foundation Email: crazypeach@crazypeach.org
For any questions or concerns regarding this policy or our data processing practices, please contact us at the email address above.
3. Categories of Personal Data We Collect
We may collect and process the following categories of personal data:
Identity Data: name, photographs
Contact Data: postal address, email address, telephone numbers
Professional Data: artist biography, portfolio, CV, artistic medium, previous exhibitions or projects
Financial Data: bank account details (for artist payments or reimbursements)
Technical Data: IP address, browser type, and usage data when visiting our website
Communication Data: correspondence and feedback you send to us
Special Category Data: accessibility requirements, health information (only where necessary for event participation and with your explicit consent)
4. Purposes and Legal Basis for Processing
We process your personal data for the following purposes and rely on the corresponding legal bases under Article 6 of the UK GDPR:
4.1 Contract Performance
To manage artist agreements, commissions, and project participation; to process payments and reimbursements.
4.2 Legitimate Interests
To promote our activities, exhibitions, and events; to maintain records of artists and their work; to improve our services and communications; to ensure the security of our premises and events.
4.3 Consent
To send marketing communications and newsletters; to publish photographs or videos featuring you; to process any special category data such as accessibility needs.
4.4 Legal Obligation
To comply with legal and regulatory requirements, such as tax and accounting obligations.
5. How We Collect Your Data
We collect personal data through:
Direct interactions: when you apply to participate in projects, register for events, contact us, or complete forms
Automated technologies: cookies and similar technologies when you visit our website
Third parties: referrals from other arts organisations, publicly available sources, or social media platforms
6. Data Storage and Sharing
6.1 Data Storage
Your personal data is stored securely using Google Drive, a cloud storage service provided by Google LLC. Google Drive is used to store artist records, project documentation, and other organisational files containing personal data.
6.2 Data Sharing
We may share your personal data with:
Google LLC: as our cloud storage provider (Google Drive) for secure data storage and file management
Partner organisations for collaborative projects and exhibitions
Service providers who assist with our operations (e.g., IT support, payment processors)
Funders and grant-giving bodies where required for reporting purposes
Legal and regulatory authorities when required by law
We require all third parties to respect the security of your data and to treat it in accordance with the law. We do not sell your personal data to any third parties.
7. International Transfers
We primarily store and process your data within the United Kingdom and European Economic Area. However, as we use Google Drive for data storage, your data may be transferred to and stored on servers located outside the UK/EEA, including in the United States.
Where such transfers occur, we rely on appropriate safeguards including:
Google's compliance with approved data transfer mechanisms
Standard Contractual Clauses approved by the UK Information Commissioner's Office
Google's Data Processing Agreement and security certifications
For more information on how Google handles data, please see Google's Privacy Policy at policies.google.com/privacy.
8. Data Retention
We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements.
Artist records and project documentation: 7 years after the end of the project or relationship
Financial records: 7 years for tax and accounting purposes
Marketing consent records: until you withdraw consent or unsubscribe
Event registration data: 2 years after the event
After the retention period expires, your data will be securely deleted from our systems, including Google Drive.
9. Your Rights
Under the UK GDPR, you have the following rights regarding your personal data:
Right of Access: You can request a copy of the personal data we hold about you.
Right to Rectification: You can request correction of inaccurate or incomplete data.
Right to Erasure: You can request deletion of your data in certain circumstances.
Right to Restrict Processing: You can request limitation of processing of your data.
Right to Data Portability: You can request transfer of your data in a machine-readable format.
Right to Object: You can object to processing based on legitimate interests or for direct marketing.
Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.
To exercise any of these rights, please contact us at crazypeach@crazypeach.org. We will respond to your request within one month.
10. Data Security
We have implemented appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:
Secure cloud storage via Google Drive with access controls and encryption
Limited access permissions to authorised personnel only
Regular security reviews and access audits
Strong password policies and two-factor authentication where available
11. Complaints
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:
Information Commissioner's Office Website: www.ico.org.uk Telephone: 0303 123 1113
12. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on our website with an updated effective date. We encourage you to review this policy periodically.
13. Policy Review
This Privacy Policy will be reviewed annually to ensure it remains accurate and up to date with legal requirements and our data processing activities.
View formal document
View formal document
1. Introduction
Crazy Peach Art Foundation ("we", "us", "our") is committed to protecting the privacy and personal data of our artists, volunteers, participants, and visitors. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This policy applies to all personal data we process, whether collected directly from you or obtained from third parties.
2. Data Controller
The data controller responsible for your personal data is:
Crazy Peach Art Foundation Email: crazypeach@crazypeach.org
For any questions or concerns regarding this policy or our data processing practices, please contact us at the email address above.
3. Categories of Personal Data We Collect
We may collect and process the following categories of personal data:
Identity Data: name, photographs
Contact Data: postal address, email address, telephone numbers
Professional Data: artist biography, portfolio, CV, artistic medium, previous exhibitions or projects
Financial Data: bank account details (for artist payments or reimbursements)
Technical Data: IP address, browser type, and usage data when visiting our website
Communication Data: correspondence and feedback you send to us
Special Category Data: accessibility requirements, health information (only where necessary for event participation and with your explicit consent)
4. Purposes and Legal Basis for Processing
We process your personal data for the following purposes and rely on the corresponding legal bases under Article 6 of the UK GDPR:
4.1 Contract Performance
To manage artist agreements, commissions, and project participation; to process payments and reimbursements.
4.2 Legitimate Interests
To promote our activities, exhibitions, and events; to maintain records of artists and their work; to improve our services and communications; to ensure the security of our premises and events.
4.3 Consent
To send marketing communications and newsletters; to publish photographs or videos featuring you; to process any special category data such as accessibility needs.
4.4 Legal Obligation
To comply with legal and regulatory requirements, such as tax and accounting obligations.
5. How We Collect Your Data
We collect personal data through:
Direct interactions: when you apply to participate in projects, register for events, contact us, or complete forms
Automated technologies: cookies and similar technologies when you visit our website
Third parties: referrals from other arts organisations, publicly available sources, or social media platforms
6. Data Storage and Sharing
6.1 Data Storage
Your personal data is stored securely using Google Drive, a cloud storage service provided by Google LLC. Google Drive is used to store artist records, project documentation, and other organisational files containing personal data.
6.2 Data Sharing
We may share your personal data with:
Google LLC: as our cloud storage provider (Google Drive) for secure data storage and file management
Partner organisations for collaborative projects and exhibitions
Service providers who assist with our operations (e.g., IT support, payment processors)
Funders and grant-giving bodies where required for reporting purposes
Legal and regulatory authorities when required by law
We require all third parties to respect the security of your data and to treat it in accordance with the law. We do not sell your personal data to any third parties.
7. International Transfers
We primarily store and process your data within the United Kingdom and European Economic Area. However, as we use Google Drive for data storage, your data may be transferred to and stored on servers located outside the UK/EEA, including in the United States.
Where such transfers occur, we rely on appropriate safeguards including:
Google's compliance with approved data transfer mechanisms
Standard Contractual Clauses approved by the UK Information Commissioner's Office
Google's Data Processing Agreement and security certifications
For more information on how Google handles data, please see Google's Privacy Policy at policies.google.com/privacy.
8. Data Retention
We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements.
Artist records and project documentation: 7 years after the end of the project or relationship
Financial records: 7 years for tax and accounting purposes
Marketing consent records: until you withdraw consent or unsubscribe
Event registration data: 2 years after the event
After the retention period expires, your data will be securely deleted from our systems, including Google Drive.
9. Your Rights
Under the UK GDPR, you have the following rights regarding your personal data:
Right of Access: You can request a copy of the personal data we hold about you.
Right to Rectification: You can request correction of inaccurate or incomplete data.
Right to Erasure: You can request deletion of your data in certain circumstances.
Right to Restrict Processing: You can request limitation of processing of your data.
Right to Data Portability: You can request transfer of your data in a machine-readable format.
Right to Object: You can object to processing based on legitimate interests or for direct marketing.
Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.
To exercise any of these rights, please contact us at crazypeach@crazypeach.org. We will respond to your request within one month.
10. Data Security
We have implemented appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:
Secure cloud storage via Google Drive with access controls and encryption
Limited access permissions to authorised personnel only
Regular security reviews and access audits
Strong password policies and two-factor authentication where available
11. Complaints
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:
Information Commissioner's Office Website: www.ico.org.uk Telephone: 0303 123 1113
12. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on our website with an updated effective date. We encourage you to review this policy periodically.
13. Policy Review
This Privacy Policy will be reviewed annually to ensure it remains accurate and up to date with legal requirements and our data processing activities.
View our official
privacy policy document