Support Us

Privacy Policy

Privacy Policy

The Stove Network understands that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who visits our websites: thestove.org, wildgoosefestival.scot, whatwedonow.scot, eaf.scot and ournorwegianstory.com. We will only collect and use personal data in ways that are described here, and in a manner that is consistent with our obligations and your rights under the law. Links within our site to other websites are not covered by this privacy policy.

Who are we?

The Stove Network is a Dumfries-based arts organisation that is active throughout Dumfries & Galloway. Since its foundation in 2011, the group are focused on delivering arts projects for and with the community that are accessible, that create opportunities and that foster creative learning. We registered as a charitable company limited by guarantee Charity No: SC044947 & Company No: SC411667 on 21 November 2011 and subsequently appointed a democratically elected Board of Directors.

Who’s in control?

It is important that you understand who is responsible for keeping your personal data safe. We are the “data controller” of all the personal data collected on this website for the purposes set out in this privacy policy. This means that it is our responsibility for deciding how your personal data is used and ensuring that your personal data is handled in accordance with the law.

We have appointed a Data Protection Officer (DPO) who has the sole responsibility within The Stove Network for making sure your personal data is treated in accordance with this Privacy Policy and the law. Our Data Protection Officer (DPO) is Robbie Henderson and they can be contacted by emailing rob<at>thestove.org.

Full contact information for our Data Protection Officer (DPO) can be found in Contact Information Section.

What data do we collect and where from?

We collect data from you when you visit the website, use the contact form, subscribe to our newsletter and/or sign up for Stove Network membership. This data may include the following:

  • Full Name;
  • Email Address;
  • Postal Address;
  • Telephone Number;
  • Gender;
  • Date of Birth;
  • Occupation;
  • Disabilities;
  • Creative Interests;
  • Social Media Shares;
  • Page Views;
  • Device Information e.g. desktop, tablet, and mobile;
  • Visit Duration;
  • Traffic Information e.g. referral address.

Third Party Software

Our website’s content management system is WordPress. WordPress has taken steps to comply with the UK General Data Protection Regulation (UK GDPR)

Our website’s contact form, membership sign-up form, and newsletter subscriptions are all processed by MailChimp. MailChimp has taken steps to comply with the UK General Data Protection Regulation (UK GDPR).

We also collect website usage data using Google Analytics. The website uses a cookie for Google Analytics. It does not capture or store personal information, but merely logs the user’s IP address which is automatically recognised by the web server. This is used to record the number of visitors to our website, volumes of usage, visit duration, device information, etc.

We also use Microsoft Clarity to see how visitors use the website, so we can improve our user experience across all our sites. Microsoft Clarity is GDPR compliant as a data controller.

Our websites have a number of embedded feeds. The embedded feeds behave in the same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

If you do not wish to accept cookies on to your machine you can disable them by adjusting the settings on your browser. However, this may affect the functionality of the our websites.

What do we use your data for?

We aim to be transparent when processing your personal data, so it is important that you understand how and why we use your personal data that we collect. This section will set out the different purposes for which we process your personal data we need for each purpose.

Managing your membership

We use your personal data that you supplied during the membership sign-up process to inform you of our business, AGMs, and various opportunities available to members (e.g. being offered commissions, working as an artist or contractor on Stove Network projects, applying to join the curatorial team, etc.).

Marketing

We use the personal data you provide during the newsletter sign-up process to provide you with occasional summaries of our activities and news about The Stove Network. It is important for you to know that you can opt-out of direct marketing at any time. This can be done by clicking the “unsubscribe link” at the bottom of our email marketing correspondence we send you. Alternatively, you can contact our Data Protection Officer who will handle your opt-out request.

Tailoring content to our audience

We use the personal data provided by Google Analytics. To gauge interest in our events, projects, workshops, etc. This data will then be used to determine the long-term viability of these projects and help us inform future funding decisions.

What is our legal basis for using your data?

We need to inform you of the legal basis that we will rely on to process your personal data for the purposes we have set out in this document. This section will inform you what the legal basis is in relation to the purposes set above.

Purpose: Managing your Stove Network Membership

Legitimate interest: To ensure that our members receive the business information, benefits, and opportunities that The Stove Network provides. This will help develop, fund, and sustain the arts & the culture of Dumfries & Galloway which is in the interest of members of The Stove Network.

Purpose: Improving our content

Legitimate interest: To make sure that we continue to provide the best and most relevant content to our website users.

How long do we keep your data?

Membership data – As members can have a long relationship with their organisation, we will retain current member data in perpetuity. We will destroy all information relating to former members one year after their departure unless there has been a safeguarding or criminal concern, whereupon the information will be kept for a period of 5 years.

Website usage data – We retain website usage data collected by Google Analytics for a period of 26 months.

What rights do you have?

You have a right to request us to send a copy of your personal data that we hold about you. A request to exercise this right is known as a “subject access request”. This can be done by contacting our Data Protection Officer (DPO) using the contact information provided. You must make a request verbally or in writing.

The right to access your personal data

We will have one month to respond to your request. We can extend the response time by a further two months, for example, if the request is complex. However, we will let you know within one month of receiving your request and explain why the extension is necessary.

We will provide you with a copy of your personal data free of charge. However, we may charge a small fee when a request is unfounded or excessive, for example, if it is repetitive. If a fee is charged it will be based on the administrative cost of providing the personal data. We will inform you promptly if we have to charge a fee.
We may ask for identification before carrying out the subject access request.

You have the right to request us to correct inaccurate data that we hold about you. This can be done by contacting our Data Protection Officer (DPO) using the contact information provided. You must make a request verbally or in writing.

The right to correct your personal data

We will have one month to respond to your request. We can extend the response time by a further two months, for example, if the request is complex. However, we will let you know within one month of receiving your request and explain why the extension is necessary.

We will correct your data free of charge. However, we may charge a small fee when a request is unfounded or excessive. If a fee is charged it will be based on the administrative cost of amending your personal data. We will inform you promptly if we have to charge a fee.

You have the right to ask us to delete your personal data in certain circumstances, for example, if we have processed your data unlawfully. This can be done by contacting our Data Protection Officer (DPO) using the contact information provided. You must make a request verbally or in writing.

The right to delete your personal data

We will have one month to respond to your request. We can extend the response time by a further two months, for example, if the request is complex. However, we will let you know within one month of receiving your request and explain why the extension is necessary.

We will erase your data free of charge. However, we may charge a small fee when a request is unfounded or excessive. If a fee is charged it will be based on the administrative cost of erasing your personal data. We will inform you promptly if we have to charge a fee.

You have the right to ask us to restrict processing of your personal data in some circumstances, for example, if you think the personal data is inaccurate and we need to verify its accuracy, or if we no longer need the data but you require us to keep it so that you can exercise your own legal rights.

The right to request we limit our use and processing of your personal data

When you request us to restrict the use of your personal data we are permitted to store the personal data, but not use it unless you consent or we need to process the data to exercise a legal claim.

You have a right to object to us processing any personal data that we process where we are relying on legitimate interests as the legal basis of our processing. This includes all of your personal data that we process for all of the purposes set out in this Privacy Policy. This can be done by contacting our Data Protection Officer (DPO) using the contact information provided. You must make an objection verbally or in writing.

The right to object processing your personal data

You have the right to ask us to stop sending you direct marketing e.g. newsletters. You can opt-out of email marketing by clicking the “unsubscribe” option in any of our email correspondence. Alternatively, you can contact our Data Protection Officer and they will remove you from our email marketing list.

We will process your objection free of charge. However, we may charge a small fee when an objection is unfounded or excessive. If a fee is charged it will be based on the administrative cost of the request. We will inform you promptly if we have to charge a fee.

We will have one month to respond to your request. We can extend the response time by a further two months, for example, if the request is complex. However, we will let you know within one month of receiving your request and explain why the extension is necessary.

We may ask for identification before carrying out the objection request.

What to do if you are under 13 years old?

If you’re under 13 years old, you will be required to seek the consent of your parent/guardian before providing any personal data to The Stove Network, as without their consent you are not permitted to provide us with your personal data. We may ask for your parent/guardian contact details to seek their consent to process your personal data. This will be done verbally or in writing.

Contact Information

Postal Address:
FAO: Robbie Henderson, Data Protection Officer
The Stove Network Ltd
100 High Street
Dumfries DG1 2BJ
Telephone: 01387 252435
Email: rob<at>thestove.org

Complaints

If you have any reasons to complain about our use of your personal data, please contact us using the details provided and we will do our best to solve the problem for you. If we are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office (ICO). For further information about your rights, please contact the Information Commissioner’s Office (ICO) or your local Citizens Advice Bureau (CAB).

Change

Our privacy policy may change in the future. Any changes we make to our privacy policy in the future will be posted on this website. Also, we may notify you by email to give you a chance to ask us not to use your data in that way, if you so wish.

  • Change log
    • 11 June 2021: Removed www.creativefuturesll.com & www.blueprint100.co.uk from our list of websites.
    • 06 September 2022: Added whatwedonow.scot & wildgoosefestival.scot to our list of websites.
    • 08 December 2022: Added Microsoft Clarity to our third party software list.
    • 14 December 2022: Remove references to the EU GDPR and added UK GDPR.
Skip to content