Privacy Policy As It Is Arts CIC Last updated: 27/11/2025 1. Introduction As It Is Arts CIC (“we”, “us”, “our”) is committed to protecting your privacy and handling your personal data in a transparent, secure and lawful way. This Privacy Policy explains how we collect, use, store, share and safeguard your personal information when you interact with us, including when you visit our website: https://asitisarts.com By using our website, attending our activities, or engaging with our services, you agree to the practices described in this Privacy Policy. 2. Who We Are As It Is Arts CIC Registered as a Community Interest Company in the United Kingdom. Website: https://asitisarts.com

Email: asitisarts@proton.me

We are the “data controller” for personal information processed via our website and activities. 3. What Personal Data We Collect We may collect and process the following categories of personal data: 3.1 Information you provide directly

Name

Email address

Postal address

Phone number

Event/workshop registrations

Payment/donation details (processed securely via third-party providers)

Newsletter sign-up information

Correspondence sent to us via forms or email

3.2 Information collected automatically When you visit our website, we may collect:

IP address

Browser type and version

Device information

Pages viewed and time spent on site

Cookies and tracking data (see Section 8)

3.3 Participation-related information If you take part in our programmes, we may collect:

Attendance records

Access requirements

Emergency contact information

Consent forms (e.g., for photography/video)

3.4 Special category data (only if necessary) Occasionally we may collect information such as:

Health or accessibility information

Demographic information provided voluntarily (e.g., for funding reporting)

We will only collect such data with your explicit consent or where it is strictly necessary. 4. How We Collect Personal Data We collect personal information through:

Forms on our website

Newsletter sign-up forms

Event registrations

Donation/payment pages

Emails or messages sent to us

Cookies and analytics tools

Voluntary submissions during participation in our programmes

Third-party platforms (where you have consented)

5. How We Use Your Data We process personal data for the following lawful purposes: 5.1 To provide our services

Registering you for events or workshops

Communicating information about programmes and activities

Managing donations or payments

Responding to enquiries

5.2 To manage our organisation

Keeping accurate internal records

Reporting to funders (anonymised wherever possible)

Evaluating and improving our programmes

5.3 For marketing and communications

Sending newsletters (only with your consent)

Informing you of events, opportunities or updates

You may withdraw consent for marketing at any time. 5.4 To comply with legal obligations

Financial record-keeping

Gift Aid processing

Responding to legal requests

6. Legal Bases for Processing We rely on the following UK GDPR legal bases:

Consent – for newsletters, photos/videos, special category data

Contract – when you register for an event or service

Legitimate Interests – to run and improve our organisation

Legal Obligation – accounting, reporting, safeguarding

7. Sharing Your Information We do not sell your personal information. We may share your data with:

Service providers such as:

Website hosting (e.g., Wix)

Email newsletter services

Payment processors (e.g., Stripe, PayPal)

Event platforms (e.g., Eventbrite)

Project partners when delivering joint programmes

Regulators or authorities where legally required

All third-party processors are required to handle data securely and lawfully. 8. Cookies & Website Analytics Our website may use cookies and similar technologies to:

Improve website functionality

Analyse visitor behaviour

Store preferences

If analytics tools are used (e.g., Google Analytics), we will:

Request cookie consent upon first visit

Provide a way to reject non-essential cookies

You can disable cookies via your browser settings at any time. 9. Data Retention We only keep personal data for as long as necessary for the purpose it was collected. Examples:

Event registration data: kept until the event and follow-up are completed

Mailing list data: retained until you unsubscribe

Financial records: retained for 7 years (legal requirement)

When data is no longer required, it will be securely deleted or anonymised. 10. Data Security We take the following measures to protect your data:

Secure encrypted hosting

Password-protected systems

Restricted access to staff/volunteers

Encrypted payment processing through third parties

Regular review of practices and policies

While no system is completely secure, we take all reasonable steps to prevent unauthorised access, loss or misuse. 11. Your Rights Under UK GDPR You have the following rights:

Right to access your data

Right to rectification (correction of inaccuracies)

Right to erasure (“right to be forgotten”)

Right to restrict processing

Right to object to certain uses

Right to data portability

Right to withdraw consent at any time

Right to lodge a complaint with the ICO (Information Commissioner's Office)

To exercise any rights, contact us at: [Insert email] ICO website: https://ico.org.uk 12. Children’s Privacy We do not knowingly collect personal information from children under 16 without:

Parental consent

Guardian consent

If you believe a child has provided us with data without consent, please contact us immediately. 13. Links to Other Websites Our website may contain links to external sites. We are not responsible for the privacy practices of these sites. Please review their privacy policies individually. 14. Changes to This Policy We may update this Privacy Policy periodically. The updated version will always be posted on our website with the “Last updated” date. 15. Contact Us If you have any questions, requests or concerns regarding this Privacy Policy, please contact: As It Is Arts CIC Email: asitisarts@proton.me