About this Policy
Riwayat aims to
change the perceptions about Pakistan
through the excellent presentation of
Pakistan’s arts and its culture. We give a f
oothold for artists and designers to showcase
their craft in the west and to grow their businesses.
When doing this, we process personal data about people who are interested to attend our events. We are committed to protecting your privacy and take this responsibility very seriously. We therefore take care to safeguard it.
This notice outlines what data we collect, how we may use it, how we protect your data and your rights, and how you can exercise those rights. If you have any questions about this policy please contact us.
Our promise to you
You are important to us and we value every contribution. In whichever way you choose to support us, we want you to have choice and control over the information we have about you.
We therefore commit:
Why we collect your data
We collect personal data to provide you with services, communicate with you, send you information that you have requested and to administer donations.
Depending on how you interact with us, we may process data for the following reasons:
Information we collect
We may record the following personal information:
For those who model with us we also collect personal data about you including your measurements and age. We only record this data where we have your explicit consent unless we are permitted to do so in other circumstances under GDPR laws.
We would love to keep you up to date with news of our events. We use a range of marketing channels to contact supporters including our website, post and email.
We use an online provider, Mailchimp, to process our supporter communications and Eventbrite to administer our ticket sales. Every email we send has an opt-out facility included. We will also send you marketing by ‘point of sale’, on the basis of it being within our legitimate interests to do so, unless you opt out.
We send the following marketing materials:
If you tell us you do not wish to receive marketing communications, you may still receive transactional and service-based communications confirming and servicing other relationships you have with us.
Occasional we check for out of date data by checking it against publicly available records such as deceased records to help us minimise wasted expenditure.
In addition to the marketing communications that you receive from us we may also communicate with you by post, telephone, and email in relation to administrative and transactional matters. There may also be other occasions where we need to contact you about a payment and occasionally after you have opted out of hearing from us.
Research and analysis
We may choose to carry out checks on sponsors or partners to comply with our duties in respect of anti-money laundering legislation and the prevention of fraud.
Depending on your settings or the privacy policies for social media messaging services like Facebook, Twitter, and Instagram, you may receive targeted advertisements through our use of social media audience tools. We do not share your data with these social media sites that could stop you receiving these advertisements.
If you receive an email, open it, don’t open it, select a link and/or browse our website, MailChimp collects this information to ensure that the information we send to people is received and relevant.
We collect data about professional contacts and partners with whom we work, or to whom we provide professional services. Personal data collected in this way will be processed in accordance with this policy.
We may send our professional partners information and updates about our work. Such contacts can opt out of receiving this information at any time.
Our legal basis for processing personal data
The law allows for six ways to process personal data. When we use your personal information, we will always consider if it is fair and within your reasonable expectations to do so and that it is not unduly intrusive.
Disclosure of your personal data
We will not share any of your personal data to any third party – except where:
Security of your personal data
We use appropriate precautions to protect your personal data.
Use of data processors
We occasionally may use a third-party supplier to manage mailings, conduct research surveys or storage of your personal information on our behalf in accordance with GDPR.
Transfers of data outside of the European Economic Area
We use DropBox, which is a multi-tenant cloud service, for our internal office use. This means that internal documents and information generated by us are stored in cloud services hosted within the European Economic Area (EEA).
However, in limited cases, we may use data processors that process and/or store data outside of the EEA, for example, payment processors such as paypal. In these cases, we will take reasonable steps to ensure that your data is protected.
Retention of your data
The length of time that data will be kept may depend on the reasons for which we are processing the data and on the law or regulations that the information falls under. Typically donor and service user’s data would be retained for seven years and recruitment data for 12 months
If you request to receive no further contact from us, we will keep some basic information about you on our suppression list to avoid sending you unwanted materials in the future.
You have many rights under GDPR. These include:
If you have any complaints about the way in which we have used your data, please get in touch with us and we would be happy to help and discuss your concerns. In addition, you are also entitled to make a complaint to the Information Commissioner’s Office.
If you have any questions about this policy, would like more information, or want to exercise any of the rights set out above, you can get in touch with us by email on firstname.lastname@example.org.