Indigo-Ltd is committed to protecting the privacy of our customers, suppliers, contractors and staff in accordance with the General Data Protection Regulation 2018 and the Privacy and Electronic Communications Regulations 2003.

Who We Are

Indigo Cultural Consulting Ltd is a company limited by guarantee (registration number 6248802) and registered address 8 Mill Hill, Shoreham By Sea, West Sussex, BN43 5TH and registered (and up to date) with the Information Commissioners Office (ICO registration Z1125739.

We are a specialist Cultural Consulting, Research and Insight firm working solely as a business-to-business consultancy and have no direct relationship with consumers.

Our Privacy and Data Principles

- To provide clear, honest and open information about how we use any personal data in our business

- To use personal data appropriately and in a way that would be reasonably expected by our clients and their customers

- To only process personal data where it is absolutely necessary and when our client organisations have specifically asked us to, or where we need to do so in order to fulfil our contract with a client.

- To be accountable and responsible: to take active steps to protect personal data from harm, and to ensure that data is deleted once the reason for processing it has passed.

- To ensure our staff and partners (suppliers and contractors) understand these principles and their responsibilities in delivering them

- To ensure that all data is processed in accordance with the rights of the data subjects under the UK DPA

What information we collect

Contact and business information

We will hold contact details of our clients on our systems in order to operate our business effectively. This includes contact details for members of staff involved in a project, and finance teams for invoicing. We also collect contact details for individuals who register to attend our online events, join our research projects, or sign up to our mailing list.

Audience research contacts

We will hold contact details of individuals who have consented to take part in further audience research.

Email, Web Activity and Social Media

We keep a record of the emails we send and receive from clients in order to track progress of a project, or to keep a record of the work we have undertaken with them.

Like most websites, we receive and store certain details whenever you use the website. We use “cookies” to help us make our site better, including gathering usage data via Google Analytics.

We use social media to broadcast messages and updates about our work, and to signpost industry colleagues to useful content. We never buy paid advertising on social media.

From Third Parties

Occasionally we are asked to process personal data relating to donors, visitors or customers as part of our work with a client. Our principles in doing this are:

- We only ever do so at the request of, or with the explicit permission of the client

- We act as data processors, not data controllers

- Where possible, we aim to interrogate the data on the client’s own systems, with a member of staff from the client organisation present

- Where logins are given to us these are purely for analysis purposes; we do not need to see or access personally identifiable data; nor will we undertake any activities that will communicate directly with your customers.

- On the unusual occasion that data is passed across to us for independent processing, we take care to ensure that the data is adequately protected, with passwords etc., and that it deleted at the earliest opportunity after the need for processing has ceased.

Survey data

We operate a number of audience research projects and surveys on behalf of our client organisations. We use SurveyMonkey and Qualtrics software in order to gather these responses. Our principles around this are:

- To only capture non-personal data wherever possible (ie. anonymised answers to survey questions, with no contact data or individual identifier)

- Where an organisation has asked to include data capture, such as a prize draw or similar, the client organisation is encouraged to capture this on their own website, via a link at the end of the survey (so that the personal data is not held by Indigo)

- Where an organisation asks Indigo to capture personal data, we inform them of the need to include notification of this in their own privacy policy, ensure that the data has a clear deadline for collection, and delete the data once the prize draw has successfully been completed.

- Indigo will occasionally run surveys where there is a need to recruit participants for further research. Respondents will always be asked for their consent, and data will only be analysed at an aggregate level, rather than linked to individual responses. Any data collected by Indigo for these purposes will then be stored by Indigo (as the data controller)

Sensitive data

Any data regarding children, disability or medical need, religion, political affiliation, sexuality or ethnicity is regarded as sensitive. We very rarely have the need to process any data of this kind, but when we do, we take steps to ensure that any such information is only collected where necessary, is subject to enhanced security measures, used only for the purposes agreed, and erased when no longer necessary.

What we do with your data

Data administration

The personal data we hold is used to perform the contract of work we have with our clients, to contact individuals about taking part in research, or to keep our contacts informed of opportunities to take part in future projects, or read our latest findings. This includes project updates and reports, billing and payment enquiries, sharing information we believe to be of use or interest, or to collect responses to surveys, either initiated by Indigo, or on behalf of clients.

Email Communications

We send regular e-communications (using our legitimate business interests) to individuals who have engaged with us as clients, research participants and webinar attenders, or who have signed up (consent) to join our mailing list. Recipients are given the opportunity to unsubscribe from such emails in every communication, or they can contact us directly to be removed from these lists.

Sharing your data with Third Parties

We will not share any personal data with any other third parties unless required to by law.

How we keep your data safe

Our clients’ data will be held and processed on Indigo-Ltd’s systems. We maintain secure systems to hold contact details and a record of your interactions with us.

All information received by us is retrieved using secure technology. In order to provide a safe and secure environment for your personal information we use up to date technology with a view to protecting that information against loss, misuse or unauthorised alteration.

Data is held by us for as long as is legally or practically necessary for our business. Once that necessity is past we have a regular programme of data suppression and deletion.

Contact Us

Please contact Katy Raines, CEO, if you have any queries regarding how we process personal data.

Mar 2024