Privacy

Indigo-Ltd is committed to protecting the privacy of our customers, suppliers, contractors and staff in accordance with the General Data Protection Regulation 2018 and the Privacy and Electronic Communications Regulations 2003.

Who We Are

Indigo Cultural Consulting Ltd is a company limited by guarantee (registration number 6248802) and registered address 83 Springfield Road, Kings Heath, Birmingham B14 7DU.

We are a specialist Cultural Consulting firm specialising in giving advice on Marketing, Fundraising, Communications and Visitor/Audience Development. We work solely as a business-to-business consultancy and have no direct relationship with consumers.

Our Privacy and Data Principles

· To provide clear, honest and open information about how we use any personal data in our business

· To use personal data appropriately and in a way that would be reasonably expected by our clients and their customers

· To only process personal data where it is absolutely necessary and when our client organisations have specifically asked us to, or where we need to do so in order to fulfil our contract with a client.

· To be accountable and responsible: to take active steps to protect personal data from harm, and to ensure that data is deleted once the reason for processing it has passed.

· To ensure our staff and partners (suppliers and contractors) understand these principles and their responsibilities in delivering them

What information we collect

Contact and business information

We will hold contact details of our clients on our systems in order to operate our business effectively. This includes contact details for members of staff involved in the project, and finance teams for invoicing.

Email, Web Activity and Social Media

We keep a record of the emails we send and receive from clients in order to track progress of a project, or to keep a record of the work we have undertaken with them.

Like most websites, we receive and store certain details whenever you use the Indigo-Ltd.com website. We use “cookies” to help us make our site better, including gathering usage data via Google Analytics.

We use social media to broadcast messages and updates about our work, and to signpost industry colleagues to useful content. We never buy paid advertising on social media.

From Third Parties

Occasionally we are asked to process personal data relating to donors, visitors or customers as part of our work with a client. Our principles in doing this are:

- We only ever do so at the request of, or with the explicit permission of the client

- Where possible, we aim to interrogate the data on the client’s own systems, with a member of staff from the client organisation present

- On the unusual occasion that data is passed across to us for independent processing, we take care to ensure that the data is adequately protected, with passwords etc., and that it deleted at the earliest opportunity after the need for processing has ceased.

Survey data

We operate a number of audience research projects and surveys on behalf of our client organisations. We use SurveyMonkey and Qualtrics software in order to gather these responses. Our principles around this are:

- To only capture non-personal data wherever possible (ie.anonymised answers to survey questions, with no contact data or individual identifier)

- Where an organisation has asked to include data capture, such as a prize draw or similar, the client organisation is encouraged to capture this on their own website, via a link at the end of the survey (so that the personal data is not held by Indigo)

- Where an organisation asks Indigo to capture personal data, we inform them of the need to include notification of this in their own privacy policy, ensure that the data has a clear deadline for collection, and delete the data once the prize draw has successfully been completed.

Sensitive data

Any data regarding children, disability or medical need, religion, political affiliation, sexuality or ethnicity is regarded as sensitive. We very rarely have the need to process any data of this kind, but when we do, we take steps to ensure that any such information is only collected where necessary, is subject to enhanced security measures, used only for the purposes agreed, and erased when no longer necessary.

What we do with your data

Data administration

The personal data we hold is used to perform the contract of work we have with our clients. This includes project updates and reports, billing and payment enquiries, and sharing information we believe to be of use or interest.

Sharing your data with Third Parties

We will not share any personal data with any other third parties unless required to by law.

How we keep your data safe

Our clients’ data will be held and processed on Indigo-Ltd’s systems. We maintain secure systems to hold contact details and a record of your interactions with us.

All information received by us is retrieved using secure technology. In order to provide a safe and secure environment for your personal information we use up to date technology with a view to protecting that information against loss, misuse or unauthorised alteration.

Data is held by us for as long as is legally or practically necessary for our business. Once that necessity is past we have a regular programme of data suppression and deletion.

Contact Us

Please contact Sarah Gee, Managing Partner, if you have any queries regarding how we process personal data

v2 updated April 2020