Privacy

Indigo-Ltd is committed to protecting the privacy of our customers, suppliers, contractors and staff in accordance with the UK General Data Protection Regulation 2021, the DPA 2018 and the Privacy and Electronic Communications Regulations 2003.

Who We Are

Indigo Cultural Consulting Ltd is a company limited by guarantee (registration number 6248802) and registered address 8 Mill Hill, Shoreham By Sea, West Sussex, BN43 5TH and registered (and up to date) with the Information Commissioner's Office (ICO registration Z1125739).

We are a specialist Cultural Consulting, Research and Insight firm working solely as a business-to-business consultancy and have no direct relationship with consumers.

Our Privacy and Data Principles

  • To provide clear, honest and open information about how we use any personal data in our business
  • To use personal data appropriately and in a way that would be reasonably expected by our clients and their customers
  • To only process personal data where it is absolutely necessary and when our client organisations have specifically asked us to, or where we need to do so in order to fulfil our contract with a client.
  • To be accountable and responsible: to take active steps to protect personal data from harm, and to ensure that data is deleted once the reason for processing it has passed.
  • To ensure our staff and partners (suppliers and contractors) understand these principles and their responsibilities in delivering them
  • To ensure that all data is processed in accordance with the rights of the data subjects under the UK DPA

What information we collect

Contact and business information

We will hold contact details of our clients on our systems in order to operate our business effectively. This includes contact details for members of staff involved in a project, and finance teams for invoicing. We also collect contact details for individuals who register to attend our online events, join our research projects, or sign up to our mailing list.

Audience research contacts

We will hold contact details of individuals who have consented to take part in further audience research. 

Email, Web Activity and Social Media

We keep a record of the emails we send and receive from clients in order to track progress of a project, or to keep a record of the work we have undertaken with them.

Like most websites, we receive and store certain details whenever you use the Indigo-Ltd.com website.  We use “cookies” to help us make our site better, including gathering usage data via Google Analytics.

We use social media to broadcast messages and updates about our work, and to signpost industry colleagues to useful content. We never buy paid advertising on social media.

From Third Parties

Occasionally we are asked to process personal data relating to visitors or customers as part of our work with a client. Our principles in doing this are:

  • We only ever do so at the request of, or with the explicit permission of the client
  • We act as data processors, not data controllers
  • Where possible, we aim to interrogate the data on the client’s own systems, with a member of staff from the client organisation present
  • Where logins are given to us these are purely for analysis purposes; we do not need to see or access personally identifiable data; nor will we undertake any activities that will communicate directly with your customers.
  • On the unusual occasion that data is passed across to us for independent processing, we take care to ensure that the data is adequately protected, with passwords etc., and that it is deleted at the earliest opportunity after the need for processing has ceased.

Survey data

We operate a number of audience research projects and surveys on behalf of our client organisations. Our principles around this are:

  • To only capture non-personal data wherever possible (ie. anonymised answers to survey questions, with no contact data or individual identifier, such as IP address).
  • Where we are capturing personal data for a prize draw, we provide respondents with information on Indigo’s privacy policy, and delete the data when the draw has been completed.
  • Indigo also runs surveys where participants are offered the opportunity to opt in for further Indigo research. Respondents will always be asked for their consent, and data will only be analysed at an aggregate level, rather than linked to individual responses. Any data collected by Indigo for these purposes will then be stored by Indigo (as the data controller).
  • Indigo will occasionally work with organisations who want to record survey responses against customer profiles in a box office system. In these cases, respondents will always be asked for their consent and will be told the specific questions which will be linked to their box office record. 

Online communities

We occasionally run ‘online communities’ for research and insight purposes, on behalf of our clients. Our principles around this are:

  • To act as data processors, and make it clear to the participants that we are interacting with them on behalf of the client.
  • Any resulting evidence, data and insight gathered through the online community will remain the property of the client.
  • Any personal data collected in order to facilitate the online community, such as name, age, ethnicity, location, will be held for the duration of the project and then deleted.

Sensitive data

Any data regarding children, disability or medical need, religion, political affiliation, sexuality or ethnicity is regarded as sensitive. We take steps to ensure that any such information is only collected where necessary, is subject to enhanced security measures, used only for the purposes agreed, and erased when no longer necessary. We will never record sensitive data collected via surveys against personal contact information unless explicit consent is given by the respondent.

What we do with your data

Data administration

The personal data we hold is used to perform the contract of work we have with our clients, to contact individuals about taking part in research, or to keep our contacts informed of opportunities to take part in future projects, or read our latest findings. This includes project updates and reports, billing and payment enquiries, sharing information we believe to be of use or interest, or to collect responses to surveys, either initiated by Indigo, or on behalf of clients.

Email communications

We send regular e-communications (using our legitimate business interests) to individuals who have engaged with us as clients, research participants and webinar attenders, or who have signed up (consent) to join our mailing list. Recipients are given the opportunity to unsubscribe from such emails in every communication, or they can contact us directly to be removed from these lists.

Sharing your data with Third Parties

We will not share any personal data with any other third parties unless required to by law.

How we keep your data safe

Our clients’ data will be held and processed on Indigo-Ltd’s systems. We maintain secure systems to hold contact details and a record of your interactions with us. 

All information received by us is retrieved using secure technology. In order to provide a safe and secure environment for your personal information we use up to date technology with a view to protecting that information against loss, misuse or unauthorised alteration. We hold Cyber Essentials accreditation, which is updated annually.

Data is held by us for as long as is legally or practically necessary for our business. Once that necessity is past we have a regular programme of data suppression and deletion. 

Contact Us

Please contact Katy Raines, CEO, if you have any queries regarding how we process personal data.

Or write to us at: Indigo-Ltd, 59 Chantry Road, Moseley, Birmingham B13 8DN

Last updated: Oct 2024