Privacy Policy

Privacy Policy

This website is managed by The Stove Network, please read the Stove Network’s Privacy Policy below:

The Stove Network understands that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who visits our websites: thestove.org, wildgoosefestival.scot, whatwedonow.scot, eaf.scot and ournorwegianstory.com. We will only collect and use personal data in ways that are described here, and in a manner that is consistent with our obligations and your rights under the law. Links within our site to other websites are not covered by this privacy policy.

Who are we?

The Stove Network is a Dumfries-based arts organisation that is active throughout Dumfries & Galloway. Since its foundation in 2011, the group has focused on delivering arts projects for and with the community that are accessible, create opportunities and foster creative learning. We registered as a charitable company limited by guarantee Charity No: SC044947 & Company No: SC411667 on 21 November 2011 and subsequently appointed a democratically elected Board of Directors.

Who’s in control?

It is important that you understand who is responsible for keeping your personal data safe. We are the “data controller” of all the personal data collected on this website for the purposes set out in this privacy policy. This means that it is our responsibility to decide how your personal data is used and ensure that your personal data is handled in accordance with the law.

We have appointed a Data Protection Officer (DPO) who has the sole responsibility within The Stove Network for making sure your personal data is treated in accordance with this Privacy Policy and the law. Our Data Protection Officer (DPO) is Robbie Henderson and they can be contacted by emailing rob@thestove.org.

Full contact information for our Data Protection Officer (DPO) can be found on their profile page.

What data do we collect and where from?

We collect data from you when you visit the website, use the contact form, subscribe to our newsletter and/or sign up for Stove Network membership. This data may include the following:

  • Full Name;
  • Email Address;
  • Postal Address;
  • Telephone Number;
  • Gender;
  • Date of Birth;
  • Occupation;
  • Disabilities;
  • Creative Interests;
  • Social Media Shares;
  • Page Views;
  • Device Information e.g. desktop, tablet, and mobile;
  • Visit Duration;
  • Traffic Information e.g. referral address.

Third Party Software

Our website’s content management system is WordPress. WordPress has taken steps to comply with the UK General Data Protection Regulation (UK GDPR)

Our website’s contact form, membership sign-up form, and newsletter subscriptions are all processed by MailChimp. MailChimp has taken steps to comply with the UK General Data Protection Regulation (UK GDPR).

We also collect website usage data using Google Analytics. The website uses a cookie for Google Analytics. It does not capture or store personal information, but merely logs the user’s IP address which is automatically recognised by the web server. This is used to record the number of visitors to our website, volumes of usage, visit duration, device information, etc.

We also use Microsoft Clarity to see how visitors use the website, so we can improve our user experience across all our sites. Microsoft Clarity is GDPR compliant as a data controller.

Our websites have a number of embedded feeds. The embedded feeds behave in the same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

If you do not wish to accept cookies on to your machine you can disable them by adjusting the settings on your browser. However, this may affect the functionality of the our websites.

What do we use your data for?

We aim to be transparent when processing your personal data, so it is important that you understand how and why we use your personal data that we collect. This section will set out the different purposes for which we process your personal data we need for each purpose.

Managing your membership

We use your personal data that you supplied during the membership sign-up process to inform you of our business, AGMs, and various opportunities available to members (e.g. being offered commissions, working as an artist or contractor on Stove Network projects, applying to join the curatorial team, etc.).

Marketing

We use the personal data you provide during the newsletter sign-up process to provide you with occasional summaries of our activities and news about The Stove Network. It is important for you to know that you can opt-out of direct marketing at any time. This can be done by clicking the “unsubscribe link” at the bottom of our email marketing correspondence we send you. Alternatively, you can contact our Data Protection Officer who will handle your opt-out request.

Tailoring content to our audience

We use the personal data provided by Google Analytics. To gauge interest in our events, projects, workshops, etc. This data will then be used to determine the long-term viability of these projects and help us inform future funding decisions.

What is our legal basis for using your data?

We need to inform you of the legal basis that we will rely on to process your personal data for the purposes we have set out in this document. This section will inform you what the legal basis is in relation to the purposes set above.

Purpose: Managing your Stove Network Membership

Legitimate interest: To ensure that our members receive the business information, benefits, and opportunities that The Stove Network provides. This will help develop, fund, and sustain the arts & the culture of Dumfries & Galloway which is in the interest of members of The Stove Network.

Purpose: Improving our content

Legitimate interest: To make sure that we continue to provide the best and most relevant content to our website users.

How long do we keep your data?

Membership data – As members can have a long relationship with their organisation, we will retain current member data in perpetuity. We will destroy all information relating to former members one year after their departure unless there has been a safeguarding or criminal concern, whereupon the information will be kept for a period of 5 years.

Website usage data – We retain website usage data collected by Google Analytics for a period of 26 months.

What rights do you have?

You have a right to request us to send a copy of your personal data that we hold about you. A request to exercise this right is known as a “subject access request”. This can be done by contacting our Data Protection Officer (DPO) using the contact information provided. You must make a request verbally or in writing.

The right to access your personal data

We will have one month to respond to your request. We can extend the response time by a further two months, for example, if the request is complex. However, we will let you know within one month of receiving your request and explain why the extension is necessary.

We will provide you with a copy of your personal data free of charge. However, we may charge a small fee when a request is unfounded or excessive, for example, if it is repetitive. If a fee is charged it will be based on the administrative cost of providing the personal data. We will inform you promptly if we have to charge a fee.

We may ask for identification before carrying out the subject access request.

You have the right to request us to correct inaccurate data that we hold about you. This can be done by contacting our Data Protection Officer (DPO) using the contact information provided. You must make a request verbally or in writing.

The right to correct your personal data

We will have one month to respond to your request. We can extend the response time by a further two months, for example, if the request is complex. However, we will let you know within one month of receiving your request and explain why the extension is necessary.

We will correct your data free of charge. However, we may charge a small fee when a request is unfounded or excessive. If a fee is charged it will be based on the administrative cost of amending your personal data. We will inform you promptly if we have to charge a fee.

You have the right to ask us to delete your personal data in certain circumstances, for example, if we have processed your data unlawfully. This can be done by contacting our Data Protection Officer (DPO) using the contact information provided. You must make a request verbally or in writing.

The right to delete your personal data

We will have one month to respond to your request. We can extend the response time by a further two months, for example, if the request is complex. However, we will let you know within one month of receiving your request and explain why the extension is necessary.

We will erase your data free of charge. However, we may charge a small fee when a request is unfounded or excessive. If a fee is charged it will be based on the administrative cost of erasing your personal data. We will inform you promptly if we have to charge a fee.

You have the right to ask us to restrict the processing of your personal data in some circumstances, for example, if you think the personal data is inaccurate and we need to verify its accuracy, or if we no longer need the data but you require us to keep it so that you can exercise your own legal rights.

The right to request we limit our use and processing of your personal data

When you request us to restrict the use of your personal data we are permitted to store the personal data, but not use it unless you consent or we need to process the data to exercise a legal claim.

Skip to content