Privacy Policy

ROYAL SCOTTISH ACADEMY OF ART AND ARCHITECTURE PRIVACY POLICY

Who we are The Royal Scottish Academy of Art and Architecture (RSA) was established in 1826 and runs a yearround programme of exhibitions, artist opportunities and related educational talks and events which support artists at all stages of their careers. The Academy’s distinguished history is reflected in its extensive collections and archives and has been awarded Recognised Collection status by Museums Galleries Scotland on behalf of the Scottish Government for being a collection of National Significance to Scotland. The RSA is a charity registered in Scotland (No. SC004198), registered address: The RSA, The Mound, Edinburgh, EH2 2EL.

What this policy covers

This policy explains how and why we use your personal data, to make sure you stay informed and can be confident about giving us your information and demonstrate our commitment to complying with The EU General Data Protection Regulation (GDPR). This policy applies if you’re a supporter of the Royal Scottish Academy (RSA Friend, volunteer, donor, employee), an elected Academician, a participant in our artists opportunities programme, or use any of our services, visit our website, email, call or write to us. In certain circumstances we may also provide an extra privacy notice and if we do we will always refer you to this policy. The importance of your data to us We will never sell your personal data and will only share it with organisations we work with when it’s necessary and the privacy and security of your data is assured. You can change your contact preferences at any time and you can be assured that we will uphold your wishes.

What personal data do we collect?

Your personal data (any information which identifies you, or which can be identified as relating to you personally for example, name address, phone number, email address) will be collected and used by us. We will only collect the personal data that we need. We collect personal data in connection with specific activities such as RSA Friends membership requests, registering for events, subscribing to our e-newsletter, applying for our artists 2 opportunities programme, exhibiting with us, purchases, volunteering, donations, ordering an image, employment etc. Personal data provided by you

You can give us your personal data (name, telephone number and email) by filling in forms on our website to register for RSA newsletters, or to contact us with a query. Personal is also data provided by you when interacting with us in relation to specific activities, for example joining or registering, placing an order or communicating with us. For example: 

- Personal details (name, date of birth, email, address, telephone, and so on) when you join as an RSA Academician or supporter, a membership or apply for an artist opportunity.

- Information required to process a payment or donation.

- If you buy membership as a gift your details will be recorded and your association with that relationship will be recorded.

- Your debit card and credit card information. If you use your credit or debit card to donate to us, buy something or pay for a registration over the phone or online, we will ensure that this is done securely and in accordance with the Payment Industry Data Security Standard.

Personal data created by your involvement with us

Your activities and involvement with us will result in personal data being created. This could include details of how you’ve helped us by volunteering or being involved with our programme of artists’ opportunities and campaigns and activities. If you decide to donate to us we will keep records of when and how much you give and if it is for a particular purpose.

How we may use your information

We may use your information for a number of purposes including the following:

- To provide you with the services, products or information you have requested or which we feel may interest you where you have consented to being contacted

- To process donations we may receive from you

- To provide you with information about our work or our activities that you have agreed to receive

- To fulfil sales contracts you have entered into with us

- For customer service or administrative purposes (for example we may contact you regarding a donation you have made or an event you have registered or booked a ticket for) 3

- For internal record keeping, including the management of any feedback or complaints

- To target communications and messages to you and to identify similar groups

- To invite you to participate in surveys or research (although this is voluntary) o Where it is required or authorised by law

- We may assess your personal information for the purposes of credit risk reduction or fraud prevention. Fundraising, donations and legacy pledges Where we have your permission, we may invite you to support work of the RSA by making a donation or leaving a gift in your will.

- Occasionally, we may invite some supporters to attend special events to find out more about the ways in which donations and gifts in wills can make a difference to specific projects and to our cause. We’ll also send you updates on the impact that you make by supporting us in this way, unless you tell us not to. If you make a donation, we’ll use any personal information you give us to record the nature and amount of your gift, claim gift aid where you’ve told us you’re eligible and thank you for your gift. If you interact or have a conversation with us, we may note anything relevant and store this securely on our systems. If you tell us you want to fundraise to support our cause, we’ll use the personal information you give us to record your plans and contact you to support your fundraising efforts. If you’ve told us that you’re planning to, or thinking about, leaving us a gift in your will, we’ll use the information you give us to keep a record of this – including the purpose of your gift, if you let us know this. If we have a conversation or interaction with you (or with someone who contacts us in relation to your will, for example your solicitor), we’ll note these interactions throughout your relationship with us, as this helps to ensure your gift is directed as you wanted.

The Scottish Charity Regulator (OSCR) rules require us to be assured of the provenance of funds and any conditions attached to them. We follow a due diligence process which involves researching the financial soundness, credibility, reputation and ethical principles of donors who’ve made, or are likely to make, a significant donation to the RSA. As part of this process we may carry out research using publicly available information. If this applies to you, we’ll remind you about the process when you make your donation.

Management of volunteers

We need to use your personal data to manage your volunteering, from the moment you enquire to the time you decide to stop volunteering with us. This could include: contacting you about a role you’ve applied for or we think you might be interested in, expense claims you’ve made, shifts you’ve booked and to recognise your contribution. It could also include information from local property teams about things happening where you volunteer and about your volunteering, including asking for your opinions on your volunteering experience. We may also share this with funders to help them monitor how their funding is making a difference.

Job Applicants

If you apply to work at the RSA we will only use the information you give us to process your application and to monitor recruitment statistics. If we want to disclose to someone outside the RSA, for example, if we need a reference, we will make sure to tell you beforehand, unless we are required to disclose this information by law. If you are unsuccessful in your job application, we may hold your personal information for up to 12 months after we’ve finished recruiting for the post you applied for. After this date we will destroy or delete your information. We keep de-personalised statistical information about applicants to develop our recruitment processes, however no individual applicant would be identifiable from this information. If you commence employment with us your data will be processed in accordance with your employment contract and other applicable policies.

Cookies and links to third party websites

The Academicians' Gallery website uses cookies to help our website work well and to track information about how people are using it. More information on cookies and how to control the cookies we use can be found on the cookies policy page on our website.

Links to other websites

Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. For applications to our open exhibition programme we use following website: https://theolist.oess.uk/, for event bookings we use the following website https://www.eventbrite.co.uk/ and for applications to our artists opportunities programme we use the following website: https://submittable.com.

If you follow a link from our website to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites. This privacy policy applies only to the personal data collected by the RSA.

Marketing Purposes

We may contact you for marketing purposes by email if you have agreed to be contacted in this manner for marketing purposes and do not opt out of receiving further marketing information. We may also send you service communications via email, for example where you placed an order for goods or services on our website. If you have provided us with your postal address or telephone number we may send you direct mail or telephone you about our work, unless you have told us that you would prefer not to receive such information or are registered with the telephone preference service. It is your choice as to whether you want to receive information about our work and the ways you can get involved. You may opt out of marketing emails at any time by clicking the ‘unsubscribe’ link in our marketing emails. You can also change any of your marketing preferences at any time (including telling us that you don’t want us to contact you for marketing purposes by telephone or send you direct marketing by post) by contacting us at info@royalscottishacademy.org or 0131 624 6110. We will not use your information for marketing purposes if you have indicated that you do not wish to be contacted for such purposes. However, we will retain your details on a suppression list to help ensure that we do not continue to contact you. You do however have the ‘right to be forgotten’ and if you request that your data be completely deleted we will do so. How can I change my contact preferences? We’ll always act upon your choice of how you want to receive communications (for example, by email, post or phone). However, there are some communications that we need to send. These are essential to fulfil our promises to you as a member, volunteer, donor or buyer of goods or services from the RSA. Examples are:

- Transaction messaging, such as Direct Debit schedules and purchase confirmations

- Membership-related mailings such as renewal reminders, RSA Friends newsletters and invitations to events To change your contact preferences at any time contact us on info@royalscottishacademy.org or 0131 624 6110. 6 Information sharing and disclosure

The RSA may share your personal information with the other RSA entities, trading subsidiaries, suppliers or service providers to provide the products or services you’ve requested from us, for example, we may use a separate company to deliver goods to you. We may disclose your personal information to third parties if we are under a duty to disclose your personal data in order to comply with any legal obligation (for example to government bodies and law enforcement agencies), or in order to enforce or apply our rights (including in relation to our website or other applicable terms and conditions) or to protect the RSA, for example in cases of suspected fraud or defamation. Keeping your records We keep records for as long as required to operate the service in accordance with legal requirements and tax accounting rules. Where your information is no longer required, we will ensure it is disposed of in a secure manner.

How we keep your data secure

The RSA operations are based in the UK and we store all of our data within the European Union (EU). Information systems and data security is imperative to us to ensure that we are keeping our customers, donors, members, volunteers, employees and contractors safe. We operate a robust and thorough process for assessing, managing and protecting new and existing systems which ensures they are up to date and secure. Your data protection rights Where the RSA is using your personal data on the basis of consent, you have the right to withdraw that consent at any time. You also have the right to ask the RSA to stop using your personal data for direct marketing purposes. Access to your information If you would like to exercise your rights please write to the The Director, Royal Scottish Academy, The Mound, Edinburgh, EH2 2EL or email info @royalscottishacademy.org. You will be asked to provide the following details:

- The personal information you want to access

- Where it is likely to be held

- The date range of the information you wish to access

We will also need you to provide information that will help us confirm your identity. If we hold personal information about you, we will give you a copy of the information in an understandable format together with an explanation of why we hold and use it. Once we have all the information necessary to respond to your request we’ll provide your information to you within one month. This timeframe may be extended up to two months if your request is particularly complex. What to do if you are not happy In the first instance, please talk to us directly so that we can resolve any problem or query. You also have the right to contact the Information Commissioner’s Office (ICO) and the Scottish Charity Regulator (OSCR) if you have any questions about Data Protection. You can contact them using their helpline 0303 123 113/ www.ico.org.uk and 01382 220446 / www.oscr.org.uk.

Changes to this privacy policy

We’ll amend this privacy policy from time to time to ensure it remains up to date and reflects how and why we use your personal data and new legal requirements. Please visit our website to keep up to date with any changes. The current version will always be posted on our website. This privacy policy was last updated on 24 May 2018.