Fair Processing and Privacy Notice
Last Updated: October 2025
Data Controller – AccessArt
Contact Details regarding Data Protection Enquiries:
Alison Sharkey
Email: info@accessart.org.uk
AccessArt is committed to protecting your privacy. This policy explains how we collect, use, store and protect your personal information.
1. Who We Are
AccessArt is a UK registered charity supporting teachers, schools and individuals through art resources and training. We act as the data controller for personal data we collect.
We are a charity registered in England and Wales under registration number 1105049 and Our registered address is 6 West Street, Comberton, Cambridge CB23 7DS.
We have notified the Information Commissioner’s Office and are registered on the Data Protection Register under registration number Z3274864.
2. The Data We Collect
We only collect the data necessary for our activities, which may include:
-
Memberships: name, email address, school/organisation, payment details. For multi-user (school) memberships, we only hold the lead teacher’s contact and teacher email addresses to provide access.
-
Payments: invoice details, records of transactions processed through our accounting software, and bank details if supplied for refunds.
-
Events/workshops: name, email, and (if attending online) Zoom username. Chat messages and participant names may be visible to others.
-
Images and recordings: only where you have given consent, or where we rely on legitimate interests (e.g. documenting events).
-
Donors: name, contact details, donation records, Gift Aid information.
-
Recruitment: application details, CVs, references, interview notes.
3. How We Use Your Data
We use personal data to:
-
Provide membership services.
-
Process payments and maintain financial records.
-
Deliver events and online workshops.
-
Send communications about membership and services (only with your consent or where legally permitted).
-
Record donations and manage Gift Aid claims.
-
Assess and manage job applications.
We will never sell your data.
4. Lawful Bases For Processing
We process data under one or more of the following:
-
Consent – e.g. for marketing emails, images.
-
Contract – e.g. to provide membership or event services.
-
Legal obligation – e.g. to keep financial records, process Gift Aid.
-
Legitimate interest – e.g. internal management, archiving project materials, providing secure access to membership resources.
(A detailed table is included below in Section 11.)
5. Third-party Services
We use trusted third-party platforms for payment processing, email, event hosting, and IT support.
A full list of these processors is available on request. Each has its own privacy and security measures.
6. Data Storage & Security
-
Electronic data is stored on secure, password-protected systems.
-
Access is limited to authorised staff and contractors.
-
Where data is transferred outside the UK, we rely on adequacy decisions or standard contractual clauses.
7. Data Sharing
We may share information with:
-
HMRC (for Gift Aid).
-
Our professional advisors (e.g. accountants, auditors).
-
Trusted third-party processors who provide services on our behalf.
We do not share your information with other organisations for marketing.
8. Retention
We keep personal data only as long as necessary (see Section 10).
9. Your rights
You have the right to:
-
Access your data.
-
Correct inaccurate data.
-
Request deletion (where lawful).
-
Withdraw consent at any time.
-
Object to processing.
-
Request restriction or portability of data.