A rad wolf

Privacy Policy July 2023

1. Introduction

Collective Act’s Privacy Policy details what personal data we collect, what we do with the information you give us and your rights over that data.

We are committed to protecting the privacy and confidentiality of your personal information and we aim to ensure that all personal information in our possession is processed in accordance with the principles of the General Data Protection Regulations (GDPR) and the Information Commissioner’s Office (ICO).

Depending on which experiences and services you use, we will hold different kinds of information from or about you.

2. Our Details

Collective Act is a limited company 


Hackney Downs Studios
17 Amhurst Terrace,
Hackney, London,
United Kingdom,
E8 2BT

Company number: 13424702

ICO registration number:  ZB247323

3. Contacting us

Collective Act’s Data Manager is Executive Director Cathy Hirschmann.

Please email cathy.hirschmann@collectiveact.co.uk if you would like to:

  • update or opt out of receiving marketing communications;
  • make an enquiry about data protection or change the way we process your information;
  • make a request to access the information we hold about you; or 
  • raise a concern about how your personal information has been used. 

See below for more details on your rights to accessing, changing or deleting your data, and Collective Act’s complaints process. Alternatively, you are entitled to raise a concern to the Information Commissioner’s Office (ICO) without first referring your complaint to us.

This privacy notice explains:

  • how we collect, store, use, disclose, retain and destroy personal data; 
  • the steps we take to ensure personal data we process is protected properly; and
  • the rights individuals have when we process their personal data.

We will treat information you provide to us in confidence and we will not disclose it to third parties unless we are required to do so by law, or as explained in this privacy notice.

Data gathered via the website

We gather information about site usage to help the development and improvement of services to the public, and to protect the integrity of our systems from malicious users. We also gather information through the various functions available on the site that allow you to provide us with information (such as online forms and the live-chat function) for the purposes described later in this privacy notice. At the moment this information consists of:

  • information obtained by our content management system to examine what people are searching for, what they find, and occasions where no results are returned, and which does not identify individual users;
  • information provided by users through online forms (and live-chat functionality, which may identify individual users and other individuals depending on what information users enter (it is possible we will be able to access information you enter on an online form even if you do not submit it, because of the way the website is set up to automatically save part-complete forms periodically);
  • statistical information obtained using Google Analytics which does not identify individual users (more information about this is in the ‘How do we use cookies?’ section of this privacy notice);
  • your IP address and details of which browser you are using, which we record when you use our online forms; and
  • your IP address, used to identify your location if you use any geo-location features on this website, and which we only use to show you relevant content, and which we do not store or share with third parties.

We are operating a Cookie Bot plugin on our website that will allow you greater control over cookies and which areas you would like to provide consent for.

4. What is personal data?

Personal data is any information we handle that relates to an identified or identifiable natural person. An ‘identifiable natural person’ is anyone who can be identified, directly or indirectly from information, including by reference to a name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

5. What types of personal data do we process?

Personal information is collected directly from you when you interact with Collective Act, and this will change depending on the experiences or services you are accessing. Typically, we collect your name, contact details, address and access requirements when you:

  • Ask us for information;
  • Sign-up to our mailing list;
  • Send us an email;
  • Book a ticket for an event;
  • Complete a pre-booking form; 
  • Register for our schools programme;
  • Take an online survey;
  • Use the digital tools in an event; and/or
  • Apply for a job/volunteer opportunity.

To help us safeguard minors (under 18s) participating in our programmes, to help us provide the facilities and access equipment, and for equalities monitoring purposes, we may collect further information. Where special category data is required, express consent will be sought.

Information may be collected in person, over the phone, through our website, social media, mobile devices or from something you posted to us.

The types of personal data we process will vary depending on the purpose. We aim to process the minimum amount of personal data necessary for the relevant purpose. You should not assume that we hold personal data in all of the categories identified for every person whose personal data we process.

The categories identified may not be complete as occasionally we may gather personal data in other categories for the purposes described.

We will set out those categories and reasons for using your personal data before asking for your express consent on a case by case basis.

6. When do we share your personal data?

We commit to making all reasonable efforts to keep your details secure and will only share them with partners, suppliers or professional agents working on our behalf, for example when an event is run in partnership with them.  Any personal information you provide to us will be shared with these partners and their subcontractors for the purpose of providing a service you have requested or signed-up for. We will only share information with them if we are confident that they will protect it, and we have a contract in place with them that assures this.

  • We will only disclose your information to companies who act as a ‘data processor’ on our behalf, some of whom may be outside the UK/EEA.
  • We will only share your details for marketing purposes if you have given explicit consent to do this. We will never sell your personal information to any third party organisation.
  • We may need to disclose your details if required to police, regulatory bodies or legal advisors.
  • We will only ever share your data in other circumstances if we have your explicit and informed consent.

Certain third party organisations collect information on our behalf as well as for their own use. We may receive your personal details from other organisations for our marketing or monitoring purposes where you have consented for this information to be shared. These organisations have their own data protection and privacy policies and your consent must be considered in reference to both policies. 

We may also use other companies to provide experiences or services and process your personal information on our behalf, including delivering postal mail, making telephone calls, sending emails, sending SMS messages, processing card payments and analysing our supporter information as outlined above, to help us offer you communications that are most appropriate to you and your interests. In some cases, our suppliers may use software which analyses publicly available information to build up a picture about you based on the factors set out in the ‘Targeting our communications and researching our supporters’ section’.

7. More about our direct marketing

You may indicate your preference for receiving direct marketing from us. You will be given the opportunity to indicate that you no longer wish to receive our direct marketing material each time we contact you. Once properly notified by you, we will take steps to stop using your information in this way.

8. How do we use your information?

We use your information, both personal and anonymised, in these ways:

  • Provide an experience or service you have requested;
  • Communicate with you;
  • To manage your booking or purchase with us. 
  • To know if you have completed a pre-booking form before participating in some of our events; 
  • Sharing marketing materials with you;
  • Build an understanding of audiences, improve existing experiences or create new ones;
  • Raise awareness of our work and ways you can support it;
  • Measure the effectiveness of our digital marketing; and/or
  • Inform scientific research. 

8.1 Provide an experience you have booked for

We offer a range of experiences and services where you will have provided information to us. 

We will also use information to manage your attendance on a project or event.

If you have told us about an access requirement – such as a requirement for a wheelchair space – we will collect the required information from you in order to make sure you have the best experience possible. We will share information in an identifiable form only with those people internally and with our event partners who need to know. We will anonymise your information and process it further in order to improve our access provisions. 

8.2 Communicating with you

There are a number of ways that we may communicate with you. We use information you have provided to:

  • communicate with you by telephone, text, email and/or post about our activities, promotions and events in accordance with any preferences you have set;
  • deliver service emails such as confirmation emails and show/event/project time changes or cancellations;
  • contact you and ask you to respond to surveys such as post event, creative programme evaluations and surveys;
  • inform you about events or projects we think you may be interested in, if you have opted to receive such notifications;
  • respond to a question, comment, compliment or complaint that you have sent to us. In this situation we will also keep a record of this correspondence and any associated documents so that we have the information available in the event of a follow-up, dispute or investigation;
  • inform you if we make significant changes to our policies which may affect you;
  • support you in participating in or attending an event/project that we have organised, this may require us to ask you to provide information to make sure we can manage the event/project safely and efficiently. We may also ask you for details of any accessibility need which you have, so that we ensure it  is inclusive, in line with the provisions of the Equality Act 2010;
  • invite you to become involved with us in new ways; and/or
  • update you on a programme you have registered for. 

8.3 To manage your booking or purchase with us. 

We will use your personal information to:

  • fulfil ticket, merchandise and donation requests (on the basis of performing our contract with you);
  • process payments (on the basis of performing our contract with you). Please note that Collective Act does not store any payment card information once the transaction has been completed;
  • provide good customer service at the venue, by phone, or by email (on the basis of performing our contract with you or on the basis of our legitimate interests to provide you with customer service); and
  • contact you with important information relating to your booking or purchase, such as confirming your order, reminding you of an upcoming performance you’ve booked for or letting you know about changes, safety procedures, travel disruption or changes to event times that may affect your visit (on the basis of performing our contract with you or on the basis of our legitimate interests to provide you with service information).

8.4 To know if you have completed a pre-booking form before participating in some of our events 

In order to attend the High Sensory Dreamachine experience you must complete a pre-booking form. The form contains information about medical conditions or sensitivities that may be relevant to your participation.

For attendance at the Dreamachine, we collect personal data (name, email address and date of birth) from the webform to record if you have successfully completed the form or not. No health data will be retained or shared. 

We will share your name, email address and date of birth along with confirmation that you have completed this form with box office partners and event staff for Dreamachine to support your booking. 

8.5 Sharing marketing materials with you

Marketing materials that we might share with you include information about our activities, our news, events and other ways you can become involved with us.

Where you have provided your postal address or telephone number we may send information to you by post or by calling your telephone if you have consented to this. We may also email you this information or send by SMS if you have agreed for us to do so.

You can let us know at any time if you’d prefer to change how we share this information with you or stop it altogether. Simply use the details in the our contact details section to let us know your preferences. If you receive our e-newsletters, you can also use the unsubscribe link in the emails we send.

We will keep your personal information for no longer than is necessary for the purposes for which it is processed which will be reviewed every 4 years. If you ask us not to contact you, we will keep some basic information about you on our suppression list in order to avoid sending you unwanted materials in the future or delete your information completely if requested.

8.6 Building an understanding of audiences, improve existing experiences or create new ones.

We undertake various research and analysis of our audiences such as event attendees and project participants. We do this because it allows us to understand our audience members and the people who support us, and helps us to send appropriate communications and make appropriate requests to those who may be able and interested in attending or giving more than they already do.

We also perform analysis on the experiences, services and projects we offer. We do this so we can understand how well we are performing and to help create a better experience for you.

8.7 Targeting our communication and researching our supporters

We want to send the most effective messages we can in the most efficient way possible. In order to work out who to contact, what to say and when to get in touch, we carry out the following activities:

  • Analysing how emails are opened and read – we track emails which we have sent to you to see which messages have the highest response rates and whether there are messages that resonate with particular groups of people. We do this by logging whether emails we send have been opened, deleted and  interacted with (for example, by clicking on links within the emails); and
  • Segmentation – this is where we analyse information such as postcodes, and whether you interact with us on a regular basis. This helps us to tailor appropriate communications to you.

8.8 Inform Scientific Research

There are two points at which we collect data that may be used for research purposes: The Perception Census and the Sensory Tool. Any personal data provided to us as part of The Perception Census will be used solely for communication purposes and you may unsubscribe from this at any time. Any further information you provide will be provided directly to the University of Sussex for the use of scientific research. 

Any personal data you provide to us as part of the Sensory Tool will be used solely for communication purposes to receive your sensory profile. You may choose to opt-in for your information to be cross-referenced with your Perception Census results. Any information you provide will be anonymised for the use of scientific research and processed on the basis of public interest.

9. How long do we retain your personal data?

We keep your personal data for as long as necessary for the particular purpose or purposes for which we hold it.

Your data is always held securely. 

We maintain Customer Relationship Management systems Ticket Tailor, Mailchimp, Vercel, Mailgun, JISC and Retool and access is strictly controlled to people who need it to do their job. 

Certain data, for example sensitive data or data pertaining to a minor has additional controls and is only made visible to members of staff who have a reason to work with it. In addition, we protect your personal information in a range of ways including secure servers, firewalls and SSL encryption.

Right to Data Portability: You have the right to obtain and reuse your personal information for your own purposes, transferring it from one environment to another. This right only applies to personal data provided by an individual, where the processing is based on their consent or for the performance of a contract and when that processing is carried out by automated means. If you wish to discuss this right, you can do so using the contact details in this privacy notice.

Right to Object: You have the right to object to:

  • processing based on legitimate interests or performance of a task in the public interest and or exercise of official authority;
  • processing of your information for scientific and historical research and statistics; and
  • direct marketing.

Any objection must be on grounds relating to your particular situation. If you want to exercise your right to object you can do so using the contact details in this privacy notice.

10. If you are applying for a job with Collective Act

Your application, C.V, cover letter and Equality Opportunities Monitoring Form for any position with Collective Act will be used during the recruitment process to short-list suitable candidates who will be invited to proceed to the interview stage, and to select the final candidate that the role will be offered to.

If we choose to use third-party job application platforms, for example recruitment agencies, to publish and receive applications for roles through these portals the organisation’s privacy information will be available to you. We will only work alongside other organisations in this way if we are satisfied that they will keep your information safely and use it only in the same legal ways that we would.

During the recruitment process, we will perform some checks on your identity, your right to work in the UK, your eligibility to work with young people (where required in the role) and your past employment references.

If you are appointed to the position, your information will form part of your personnel file and will be stored securely.  This data is retained for the duration of your employment and destroyed 7 years after you leave our employment.

We delete the personal information of unsuccessful applications 6 months after the application process ends in case there are follow-up queries about the process, unless a candidate requests that we keep their details for longer. Statistical information including but not exclusive to ethnicity, sexuality and disability is kept to ensure that our recruitment processes are inclusive and not discriminatory, but this is completely anonymised.

If we are required by law to share your information, (for example; in response to a warrant or court order), we will do so.

11. Use of Photography and film

Collective Act, its commissioners or funders may wish to record a project or event for the purpose of archiving work, and/or sharing in marketing, publicity and other materials and communications in any medium.  Where the use of photography and film is used in a public domain, signs will be visible to notify the public there are recordings being made. Where photography and filming is being used in a closed event (e.g workshop setting) explicit consent will be sought from participants with a clear explanation on the purpose of the photography and filming – and where it will be used. 

12. Our legal basis for contacting you and using your personal information

When you sign up to a newsletter or opt-in to our communications using our forms (e.g email subscription) or in person/over the phone, then you are giving your consent to send you marketing materials by the methods you have chosen (e.g  email or phone call). We will never send you information by email or SMS without your consent, and you can withdraw your consent at any time.

If you have provided us with your postal or telephone contact details, but haven’t specifically opted-in to receive our communications (for example, event marketing or making a donation by post), then we will carry out an assessment of whether it would be fair and reasonable to use them to send marketing information to you without your explicit consent. This is called a ‘legitimate interests assessment’. You can opt out of our marketing communications at any time if you don’t want to receive them.

We will ensure we have a legal basis to use your personal information for the other purposes mentioned in this policy (usually with your consent, further to a legitimate interests assessment or because the use of your data is necessary to comply with a legal obligation).

13. CCTV

CCTV is in use to view and record audience members in and around the Dreamachine experience in order to maintain a safe environment for staff and audiences, to help respond to health issues, to capture images for research purposes, and to assist in the effective resolution of any disputes. Collective Act recognises that the images of individuals recorded by CCTV cameras are personal data which must be processed in accordance with data protection legislation and has registered its use of CCTV with the Information Commissioner.

Camera locations are chosen to minimise viewing of spaces not relevant to the participation in the project.

CCTV systems will not be used to record sound.

Images are monitored by authorised personnel and contractors, who have been given appropriate training to ensure they understand and observe the legal requirements related to the processing of relevant data. We will provide signage at the venue to remind you that CCTV is in operation.

We will ensure that data gathered from CCTV cameras is stored in a way that maintains its integrity and security. This may include encrypting the data, where it is possible to do so.

Given the large amount of data generated by CCTV systems, we may store video footage using a cloud computing system. We will take all reasonable steps to ensure that any cloud service provider maintains the security of our information, in accordance with industry standards.

We may engage data processors to process data on our behalf. We will ensure reasonable contractual safeguards are in place to protect the security and integrity of the data.

We may share data with our research organisations, in accordance with written data sharing agreements. 

Data from CCTV cameras will not be retained indefinitely but will be permanently deleted once there is no reason to retain the recorded information. Exactly how long images will be retained for will vary according to the purpose for which they are being recorded. For example, where images are being recorded for the monitoring of participant’s health, data will be kept long enough only for incidents to come to light. Any CCTV recordings may be retained for research purposes for the full period of the research project. In all other cases, recorded images will be kept for no longer than 30 days. We will maintain a comprehensive log of when data is deleted.

At the end of their useful life, all images stored in whatever format will be erased permanently and securely. Any physical matter such as tapes or discs will be disposed of as confidential waste. Any still photographs and hard copy prints will be disposed of as confidential waste.

In other appropriate circumstances, we may allow law enforcement agencies to view or remove CCTV footage where this is required in the detection or prosecution of crime.

No images from CCTV will ever be posted online or disclosed to the media.

Data subjects may make a request for disclosure of their personal information and this may include CCTV images (data subject access request). A data subject access request is subject to the statutory conditions from time to time in place and should be made in writing.

In order for us to locate relevant footage, any requests for copies of recorded CCTV images must include the date and time of the recording, the location where the footage was captured and, if necessary, information identifying the individual.

We reserve the right to obscure images of third parties when disclosing CCTV data as part of a subject access request, where we consider it necessary to do so.

14. What are your rights over your personal data we process, and how can you exercise them?

Under the Act you have a number of rights that you can exercise in relation to personal data we process about you. You do not have to pay to exercise your rights (other than a reasonable fee if a request for access is clearly unfounded or excessive but we agree to fulfil it anyway).

We sometimes need to request specific information from you to help us confirm your identity and ensure your authority to exercise the rights.

Right of Access: You can request access to the personal data we hold about you free of charge. Normally we will provide it within one month of receipt of your request unless an exemption applies. You can request access to the personal data we hold about you using the contact details in this privacy notice.

Right to be Informed: You are entitled to be told how we obtain your personal information and how we use, retain, and store it, and who we share it with. This privacy notice gives you that information, as well as telling you what your rights are under the relevant laws.

Right to Rectification: If we hold personal data about you that is inaccurate or incomplete you have the right to ask us to correct it. You can ask us to correct your personal data using the contact details in this privacy notice. We will reply to you within one month unless the request is complex.

Right to Request Erasure: Under certain circumstances you have the right to ask us to delete your personal data to prevent its continued processing where there is no justification for us to retain it. The circumstances most likely to apply are:

  • where holding your personal data is no longer necessary in relation to the purpose for which we originally collected and processed it; and
  • where you withdraw your consent to us holding your personal data if we are relying on your consent to hold it.

Right to Restrict Processing: Under certain circumstances you have the right to ask us to restrict the processing of your personal data. This may be in cases where:

  • you are contesting the accuracy your personal data while we are verifying the accuracy;
  • your information has been unlawfully processed and you oppose its erasure and have requested a restriction instead; or
  • where we no longer require your personal data but you need it to establish, exercise or defend a legal claim and do not want us to delete it.

You can ask us to restrict processing of your personal data using the contact details in this privacy notice.

15. Further information

You can find out more about your data protection rights on the Information Commissioner’s Office (ICO) here.

You can find out about data protection law here.

Data Protection Act here.

General Data Protection Regulation  here.

16. How you can complain

The Information Commissioner’s Office (ICO) regulates the processing of personal data. You can complain to the ICO if you are unhappy with how we have processed your personal data.

The Information Commissioner’s Office
Wycliffe House
Water Lane

Helpline number: 0303 123 1113

Information Commissioner’s Office website

17. Date of last update and changes

We last reviewed this privacy notice in March 2022. We keep this privacy policy under regular review and update it if any of the information in it changes.

This site is registered on wpml.org as a development site.