Privacy Notice

Your privacy is important to us. This Privacy Notice is where we explain to you what personal data is collected when you visit our website, how it is collected, how we may use that information, where we store it, how long we store it for and how we protect it.

Who we are

Red Note Ensemble Ltd is a Charity registered in Scotland with charity number SC045030 and a company limited by guarantee registered in Scotland with company number SC355726 (“we”, “us” or “our”)

Our Registered Office is:
Red Note Ensemble Ltd, Summerhall, 1 Summerhall Place, Artist Block, Room 136, Edinburgh EH9 1PL

Access to our website is free and anonymous. Visitors’ personal details will not be recorded unless they choose to submit their data.

We are a data controller and responsible for your personal data.

Type of data we collect and how it is collected:
Personal data or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

As part of the registration process for our e-newsletter, we collect personal data. That information may include:

  • your name, physical address, email address and phone number
  • details including job title and organisation

We also keep your details

  • when you contact us by email, phone or otherwise
  • by booking tickets via Eventbrite,
  • by attending workshops and events
  • by filling out forms and surveys
  • by entering composition and other competitions
  • by participating in social media

We may also collect, use, store and transfer the following types of data:

  • Technical Data which includes internet protocol (IP) address, your login data, browser type and version and other technology on the devices you use to access this website
  • Usage Data which includes information about how you use our website
  • Profile Data which includes your interests, preferences, feedback and survey responses
  • Marketing and Communications Data which includes your preferences in receiving marketing from us and our third parties and your communication preferences

How we use your information
We have set out below, in table format, a description of all the ways we plan to use your personal data and the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.

Purpose/ActivityType of dataLawful basis for processing including
basis of legitimate interest
To manage our relationship with
you which will include:
(a) Notifying you about changes
to our terms or privacy notice
(b) Asking you to leave a review
or take a survey
(a) Identity
(b) Contact
(c) Profile
(d) Marketing and
Communications
(a) Performance of a contract with you
(b) Necessary to comply with a legal
obligation
(c) Necessary for our legitimate interests
(to keep our records updated and to
study how customers use our
products/services)
To enable you to partake in a
prize draw, competition or
complete a survey
(a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and
Communications
(a) Performance of a contract with you
(b) Necessary for our legitimate interests
(to study how customers use our
products/services, to develop them and
grow our business)
To administer and protect our
business and this website
(including troubleshooting, data
analysis, testing, system
maintenance, support, reporting
and hosting of data)
(a) Identity
(b) Contact
(c) Technical
(a) Necessary for our legitimate interests
(for running our business, provision of
administration and IT services, network
security, to prevent fraud and in the
context of a business reorganisation or
group restructuring exercise)
(b) Necessary to comply with a legal
obligation
To deliver relevant website
content and advertisements to
you and measure or understand
the effectiveness of the
advertising we serve to you
(a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and
Communications
(f) Technical
Necessary for our legitimate interests (to
study how customers use our
products/services, to develop them, to
grow our business and to inform our
marketing strategy)
To use data analytics to improve
our website, products/services,
marketing, customer
relationships and experiences
(a) Technical
(b) Usage
Necessary for our legitimate interests (to
define types of customers for our
products and services, to keep our
website updated and relevant, to develop our business and to inform our
marketing strategy)
To make suggestions and
recommendations to you about
matters that may be of interest to
you (including, without limitation,
information about campaigns,
appeals, fundraising activities,
Mailchimp or Eventbrite
invitations to events, or ticket
offers)
(a) Identity
(b) Contact
(c) Technical
(d) Usage
(e) Profile
Necessary for our legitimate interests (to
develop our products/services and grow
our business)
To register you as a new
customer
(a) Identity
(b) Contact
Performance of a contract with you
To process and deliver your
order including:
(a) Manage payments, fees and
charges
(b) Collect and recover money
owed to us
(a) Identity
(b) Contact
(c) Financial
(d) Transaction
(e) Marketing and
Communications
(a) Performance of a contract with you
(b) Necessary for our legitimate interests
(to recover debts due to us)

However, we will not use your personal information for marketing purposes without your express consent. We don’t rent or sell your personal information to anyone under any circumstances.

Where we have your consent then you can withdraw your consent at any time by Contacting Us using the contact details set out below or clicking the unsubscribe button at the end of our emails.

We will also use your personal data where:

  • it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
  • we need to comply with a legal or regulatory obligation

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

Social Media
We use social media to broadcast messages and updates about events and news. On occasion we may reply to comments or questions you make to us on social media platforms. You may also see advertisements from us on social media.

Depending on your settings or the privacy policies of social media and messaging services including Facebook, Instagram or Twitter, you might give third parties (like us) permission to access information from those accounts or services.

Third Parties
We do share your personal data (email address and name) with Eventbrite for ticketed events. We also share your personal data (email address and name) with Mailchimp for invitations to our events and distribution of our e-newsletter.

We gather statistics around ticket sales and subscription to our newsletter through the third parties mentioned above. For more information, please see Eventbrite’s and Mailchimp’s Privacy Notices. We may share anonymised personal information with other organisations, particularly Creative Scotland, who use this to analyse our audience development programmes, ticket sales and self-generated funding to understand the impact of the public investment made in us.

We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.

Cookies
This section contains a link to our Cookies Policy

Legitimate Interests
“Legitimate Interests” means our interests in conducting and managing our business to enable us to give you the best service/products and the best and most secure experience. For example, we have an interest in making sure our marketing is relevant for you, so we may process your information to send you marketing that is tailored to your interests. It can also apply to processing that is in your interests as well. For example, we may process your information to protect you against fraud when transacting on our website, and to ensure our websites and systems are secure.

When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

If you have any concerns you have the right to object to processing that is based on our legitimate interests.

Linked Websites
Hyperlinks may be posted on our website that link to other websites (the “Linked Sites”). We are not responsible for the privacy practices of any Linked Sites or of any organisations that we do not own or control. Linked Sites may collect information in addition to that which we collect on the website. We do not endorse any of these Linked Sites, the services or products described or offered on such Linked Sites, or any of the content contained on the Linked Sites. We encourage you to seek out and read the privacy notice of each Linked Site that you visit, in order to understand how the information that is collected about you is used and protected.

How we store your data
The personal information that we collect from you will be stored within the United Kingdom and the European Economic Area (EEA). Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted from our website and any transmission is at your own risk. Once we have received your personal information, we will use strict procedures and security features to try to prevent unauthorised access.

We use a third-party service to help maintain the security and performance of our website. SUCURI delivers an extremely effective website monitoring and malware removal service in the event that our website has been hacked.

We will also monitor any emails sent to us, including file attachments, for viruses or malicious software.Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

Personal data that is stored or handled outside of the EEA shall not be transferred to a country or
territory outside the EEA unless that country or territory ensures an adequate level of protection under the GDPR guidelines.

How long will we hold onto your personal information
Depending on how you engage with us it may be necessary for us to store your personal information for
shorter or longer periods of time. Either way, we will only store your personal information for a legitimate and lawful reason.

We will only retain your personal data for as long as necessary to fulfil the purposes which we collected it from you including for the purpose of satisfying any legal, accounting or reporting requirements. You can find details on how long we may hold onto your personal information on our Retention Policy which can be found [HERE].

Access to your data
Under certain circumstances, you have rights under data protection laws in relation to your personal
data as follows:

  • The right to request access to your personal data If we do hold information about you, we will:
    • give you a description of it;
    • tell you why we are holding it;
    • tell you who it could be disclosed to; and
    • let you have a copy of the information in an intelligible form.

    If you agree, we will try to deal with your request informally, for example by providing you with
    the specific information you need over the telephone.

  • The right to request that inaccuracies be corrected
  • The right to request us to object to processing your personal data
  • The right to request erasure of your personal data
  • The right to request restriction of processing your personal data
  • The right to request a transfer of your personal data
  • The right to withdraw consent

You do not need to pay a fee to access your personal data (or to exercise any of the other rights). However, we will charge you a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Make a complaint
If you think your data has been misused or that we have not kept your data secure, you should contact us and tell us.

If you’re unhappy with our response or if you need any advice you should contact the Information Commissioner’s Office (ICO):

ICO helpline

Telephone: 0303 123 1113
The ICO can investigate your claim and take action against anyone who’s misused personal data. You can also visit their website for information on how to make a data protection complaint.

Changes to our Privacy Notice
We review our privacy notice yearly and each time new guidelines are put into place.

Contact Us
Please contact us if you have any questions about our privacy notice or information we hold about you:

  • Email us: data@rednoteensemble.com
  • Or write to us at: Red Note Ensemble Ltd, Data Protection, Summerhall, 1 Summerhall Place, Artist Block, Room 136, Edinburgh EH9 1PL