A. Overview of Data Protection
The term “personal data” comprises all information that can be used to personally identify you. The specific data we collect and how we use them depends on the service we offer. With regard to the terms used, such as “personal data” or their “processing”, we refer to the definitions in accordance with the Data Protection Act 2018.
1. Who is responsible for the collection, processing, and use of your data?
The responsible body (i.e. Controller) for the personal data collected from users when visiting our website is:
3 Barton Yard,
Telephone: +44 (7) 533648089
All personal data is processed by QUEERCIRCLE in accordance with the provisions of data protection statutes, in particular the UK General Data Protection Regulation (referred to as GDPR for short).
Users (hereinafter also referred to as »you«) may contact us by e-mail at firstname.lastname@example.org for any questions regarding data protection practices at QUEERCIRCLE (hereinafter also referred to as »we«).
2. General information regarding data processing and legal grounds
This Data Policy governs all the pages of our website www.queercircle.org and informs you about which personal and other data is collected when visiting our website, and how the data is used and for which purpose.
This Data Policy does not apply to pages hosted by other websites or related organizations or third party sites. The QUEERCIRCLE website may be linked to the websites of such other parties but those other sites may have their own data policy which applies to them.
This Data Policy applies only to information provided to the website and communications with us through the website. It does not apply to any other information or communications that may reference QUEERCIRCLE.
The operators of this website take the protection of your personal data very seriously. Hence, we are committed to treating it responsibly and in accordance with statutory data protection regulations as well as with this Data Policy.
The personal data of the users which is processed as part of the online offer includes user data (e.g. names and addresses of users), usage data (e.g. the visited pages of our online offer, interest in our programs) and content data (e.g. information entered when registering for our newsletter).
The term “users” covers all categories of the data processing of affected persons. This includes our partners, financiers, grantees, interested parties, and other visitors to our online services.
Access to third-party links
3. Your rights with regard to personal data relating to your person
On the basis of the Data Protection Act, you may contact us at no cost if you have questions relating to the collection, processing or use of your personal information. You may do so by using the contact details provided at the top of this Data Policy.
You have the following rights towards us regarding the personal data concerning you:
Art. 44 GDPR - Right of information: You have the right to request information about the personal data we store about you at any time.
Art. 45 GDPR - Right of access: If you have an account on our website, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us.
Art. 46 GDPR - Right to Rectification: In addition,you have the right to correct incorrect data, or, alternatively, in accordance with Art. 18 GDPR, to request a restriction on the processing of the data.
Art. 47 GDPR - Right to Erasure: You have the right to delete any personal data we hold about you.
Art. 162 GDPR - Right to Appeal: Moreover, you have the right to lodge a complaint with a data protection supervising authority if you are of the opinion that the processing of the data concerning you violates data protection provisions. The right of appeal can be asserted in particular with a supervisory authority in the member state of your residence, your place of work or the place of the presumed infringement.
B. Security of collected Data
We adopt organizational, contractual and technical security measures in accordance with Art. 107 GDPR to ensure an appropriate level of security and to protect the data which is processed by us against accidental or deliberate manipulation, loss, destruction, or against access by unauthorized persons.
Our security measures include strong connection standards such as 256 bit encryption to protect the transmission of personal data between your web browser and our servers. When encryption is activated, the data you transmit to us cannot be read by third parties.
You can recognize an encrypted connection by the fact that the address line of the browser changes from "http: //" to "https: //" and by the lock symbol in your browser line.
We would like to point out that data transmission on the internet (e.g when communicating with us via email) may have security gaps and cannot be fully ensured. Full protection against third parties access of data is therefore not possible.
C. User data storage Location and duration
Where is your data stored?
All the data that we collect is stored in databases in third-party platforms: Google Drive and Artlogic. For further information on these services’ privacy policies and terms of service, we provide links below:
D. Collection of access data and log files
Server Data we collect
When you visit the website of QUEERCIRCLE, your internet browser automatically sends data to our web server. The following data is automatically collected and stored:
Name of the retrieved file
Date and time of the retrieval
Size of the retrieved file
Status code of the transmission (technical Info)
Browser type/version and operating system used
The log file information is stored for security reasons (e.g. for the clarification of acts of abuse or fraud) for the duration of a maximum of seven days. Data, the further retention of which is required for evidence purposes following an indication of suspicious activity, is to be excluded from deletion until full clarification of the respective incident.
The data cannot be assigned to your specific person and will not be merged with other personal data you may have provided. In anonymised form, the data shall also be evaluated by us for statistical purposes, and subsequently deleted.
The data is not subject to another use or passed on to third parties except in the cases expressly mentioned here.
1. Communication with us
We offer you on our website the opportunity to contact us by filling out a form. In such an event, the personal data transmitted in this way will of course exclusively be used for the purpose for which you made the data available by contacting us. We will not pass on this data without your consent nor will we match this information to any other information collected by other components of our website.
2. Subscription to our Newsletter
If you have applied for a newsletter subscription on our website, you will periodically receive a newsletter from us, informing you of opportunities, events, programs and other announcements pertinent to QUEERCIRCLE’s activities.
a) Subscription Data:
In order to process your application for a newsletter subscription, we ask you to enter mandatory information such as your full name and email address. We will process the data you provided to us only for the purpose of sending you the corresponding newsletter and do not pass it on to third parties.
b) Logging of Registration Process:
The registration for the newsletter is logged in order to be able to prove that the registration process took place in accordance with the legal requirements. This includes storing the time of registration as well as the IP address.
c) Subscription Cancellation:
You may withdraw your consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. by clicking on the "unsubscribe" link in the newsletter or by sending us your request to email@example.com.
Once you withdraw your consent, you will no longer receive our newsletter in the future.
We rely on the services of Artlogic to design, send and manage our newsletter to our subscribers. The data we collect when you register for the newsletter is sent to Artlogic’s server. The company is domiciled in the United Kingdom and contractually commits to transfer and process all of its users’ Swiss, EU, and UK data in compliance with the Standard Contractual Clauses.
Cookies are information transferred from our web server or the web servers of third parties to the web browser of the users and stored there for later access. Cookies can be small files or other types of information storage.
We use “session cookies“ that are only stored for the duration of the current visit to our website (e.g. in order to store your login status and, therefore, enable the use of our online offer).
In a Session Cookie, a unique, randomly generated identification number is stored, known as a Session ID. Furthermore, a Cookie contains information about its origin and the storage period. These cookies are not able to store any other data. Session cookies are deleted once you leave QUEERCIRCLE’s website.
If they wish, users can prevent cookies from being installed on their computer by adjusting the browser’s privacy settings. You should be aware, however, that blocking cookies can lead to functional limitations of the online offer.
Information on how to control cookies on most common browsers can be found below:
F. Use of Google Analytics for Statistical Purposes
We use, on the basis of our legitimate interests (which means interest in the analysis, optimization and handling of our online services), the web analytics service Google Analytics for the statistical analysis of user access.
The place of processing for UK Publishers using Google Analytics is: Google Ireland Limited, incorporated and operating under the laws of Ireland (Registered Number: 368047), and located at Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses “cookies”, which are text files that are stored on your computer and enable us to perform an analysis of the website use. In order to do this, information generated by the Cookie about the use of this website is stored on Google servers. The IP address is anonymized before storage.
The information generated by the Cookie about the use of this website will not be passed on to third parties. You can prevent the storage of cookies via a corresponding browser setting; however, we would like to point out to you that in this case, it is possible that you will not be able to use all functions of our website in full.
If you do not agree to the storage and use of your data, you can prevent the storage and use by installing the Google Analytics Opt-Out Browser Add-on, which is downloadable here.
The add-on is compatible with Chrome, Internet Explorer 11, Safari, Firefox, and Opera. In order to function, the opt-out add-on must be able to load and execute properly on your browser. For Internet Explorer, 3rd-party cookies must be enabled. You can learn more about the opt-out browser add-on here.
We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our website. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.
We use reCAPTCHA to check whether the data provided to us when subscribing to the newsletter has been entered by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. The reCAPTCHA analysis is visible and takes place as part of a user’s registration to our newsletter where a user may have to take action and confirm that he is not a robot.
The website operator has a legitimate interest in protecting its site from abusive automated crawling and spam.
G. Distribution of data to third parties and third-party providers
Distribution of data to third parties only takes place on the basis of legal regulations. We shall only pass on the data of the users to third parties:
- if the users have given their consent to the distribution
- if it is required for contractual purposes
- for compliance with legal obligations
- in order to protect the vital interests of the users
- or on the basis of legitimate interests in order to assure effective operations of our organizational activities.
If we use subcontractors in order to provide our services, we shall take suitable legal measures and corresponding technical and organizational measures in order to ensure the protection of the personal data in accordance with relevant statutory regulations.
Use of Third-Party Tools
Our website incorporates external links to allow you to view content hosted on external platforms directly from the pages of this website and interact with them. This type of service might still collect web traffic data for the pages where the service is installed, even when Users do not use it.
Integration of YouTube and Vimeo Videos
Embedded YouTube videos
Our website uses plugins from the YouTube website. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in the extended data protection mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. However, data transfer to YouTube partners is not necessarily excluded by the extended data protection mode. This is how YouTube connects to the Google DoubleClick network regardless of whether you are watching a video.
As soon as you start a YouTube video on our website, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, YouTube can save various cookies on your device after starting a video. With the help of these cookies, YouTube can receive information about visitors to our website. This information is used, among other things, to collect video statistics, improve user-friendliness and prevent attempted fraud. The cookies remain on your device until you delete them.
If necessary, further data processing operations can be triggered after the start of a YouTube video, over which we have no influence.
YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit.f GDPR.
You can find more information about data protection at YouTube in their data protection declaration here.
Embedded Vimeo videos
We embed Vimeo videos on some of our Website pages. Vimeo is operated by Vimeo, LLC with headquarters in 555 West 18th Street, New York, New York 10011, USA.
When you visit a website with a Vimeo plug-in, a connection to the Vimeo server is established and the plug-in is displayed. Through this, the Vimeo server receives information on which of our websites you have visited. If you are logged in as a member of Vimeo, Vimeo links this information to your personal user account. When using the plug-in, for example by clicking the start button of a video, this information is also linked to your user account. You can prevent this information from being linked by signing out of your Vimeo user account before using our website and deleting the corresponding Vimeo cookies. You can find more information about the data processing and data protection of Vimeo at:
Vimeo complies to the EU-US Privacy Shield
H. Artlogic Security and Firewall Settings
Artlogic has many built-in features to ensure that you stay in control of who can access your data and contingency against data loss or inaccuracy. They have taken key steps to control the risks from the internet, from inside your organisation and by having the best possible procedures in Artlogic.
Securing data connections and transit
You can completely protect all your data in transit by choosing to connect to the database via https, using 256 bit encryption, providing similar levels of security to online banking.
Protecting your data
Artlogic performs local back-ups of all our clients' databases everyday and back up all client data to another server in a different facility on a different network in a different ISP every night via an encrypted, firewalled connection. Artlogic stores the backups for 90 days.
In order to make applications perform faster and be more resilient against the failure of an individual hard drive or machine, Artlogic uses robust, global infrastructure from Google Cloud Platform and Amazon Web Services to deliver most of their services. In this case, data is always replicated across multiple servers. Artlogic also makes use of Content Delivery Networks to deliver assets across the world from datacenters which might be nearer to our clients than the UK.
Designated client administrators can choose to make a full export of your data at any time for extra peace of mind with spreadsheets of key human readable information.
Artlogic never uses Microsoft software for serving or mainstream CMS platforms as these are too vulnerable to attacks. They take great precautions to prevent the possibility of a hacker gaining access to any of their systems or causing any damage with any form of exploit. Full server access is only available to the most senior staff. Artlogic pays security consultants to check that there is nothing they have overlooked.
QUEERCIRCLE is an LGBTQ led charity working at the intersection of arts, culture and social action. Our community focused programme of exhibition commissions, participatory residencies and learning and participation activities are delivered to strengthen links between arts, culture, health and wellbeing.