Data Protection Policy

Art History Link-Up Data Protection Policy

At Art History Link-Up, we are committed to safeguarding the privacy and security of personal data. We understand the importance of data protection and adhere to the principles set out by the General Data Protection Regulation (GDPR). This policy outlines how we collect, use, store, and protect personal information to ensure compliance with data protection laws.

1. Purpose andScope

This policy applies to all personal data processed by ArtHistory Link-Up, including data related to students, staff, partners, and any other individuals with whom we interact. Our aim is to ensure that personal information is handled responsibly and in line with GDPR regulations.

2. Key Principles of GDPR

We follow the six key principles of GDPR in all of our data processing activities:

• Lawfulness, Fairness, and Transparency: We process personal data lawfully and fairly, ensuring transparency with individuals about how their data is used.
• Purpose Limitation: We only collect personal data for specified, legitimate purposes and do not process it in ways incompatible with those purposes.
• Data Minimization: We collect only the personal data that is necessary for our operations and purposes.
• Accuracy: We take reasonable steps to ensure that personal data is accurate and kept up-to-date.
• Storage Limitation: We retain personal data only for as long as is necessary to fulfill the purposes for which it was collected.
• Integrity and Confidentiality: We protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage using appropriate technical and organizational measures.

3. Types of Data Collected

We may collect and process the following types of personal data:

• Contact information (e.g., names, email addresses, phone numbers)
• Educational history and qualifications (e.g., students applying for courses)
• Employment information (for staff and partners)
• Financial information (e.g., payment details for course fees or donations)

4. Data Collection and Consent

Where required by law, we will seek explicit consent from individuals before collecting and processing their personal data. Individuals have the right to withdraw consent at any time, and we will ensure that withdrawing consent is as easy as giving it.

5. Data Use and Processing

We will use personal data only for the purposes for which it was collected, such as:

• Managing student applications and enrolments
• Communicating with individuals regarding our programs and services
• Processing donations and financial transactions
• Fulfilling legal obligations and organizational requirements

6. Data Sharing

We will not share personal data with third parties without explicit consent, unless required by law or where it is necessary to fulfill our services. Where data is shared, we ensure that third parties comply with GDPR and have appropriate security measures in place.

7. Data Storage and Security

We are committed to ensuring that personal data is securely stored and protected against unauthorized access, loss, or damage. We employ a variety of technical measures, including encryption and access controls, and organizational measures, such as staff training and policies, to maintain data security.

8. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected or to meet legal requirements. Once personal data is no longer needed, we will securely delete or anonymize it.

9. Individuals’ Rights

Under GDPR, individuals have the following rights regarding their personal data:

• Right to Access: Individuals can request a copy of the personal data we hold about them.
• Right to Rectification: Individuals can request corrections to inaccurate or incomplete data.
• Right to Erasure: Individuals can request the deletion of their data under certain conditions (e.g., where data is no longer necessary for the original purpose).
• Right to Restrict Processing: Individuals can request to limit how their data is processed.
• Right to Data Portability: Individuals can request to receive their data in a structured, machine-readable format.
• Right to Object: Individuals can object to certain types of data processing, such as direct marketing.

10. BreachNotification

In the event of a data breach, Art History Link-Up will promptly assess the severity and notify the relevant supervisory authority (the Information Commissioner’s Office, ICO) within 72 hours if required. Affected individuals will be informed where the breach poses a high risk to their rights and freedoms.

11. Review and Updates

We will regularly review and update this policy to ensure compliance with GDPR and other applicable data protection laws. Any changes will be communicated to relevant stakeholders.

---

Contact Us

For any questions or concerns about this policy or how we handle personal data, please contact us at:

info@arthistorylinkup.org

‍