Site logo

Privacy Policy

Salt Arts CIC is committed to protecting the privacy of our customers, suppliers, contractors and staff in accordance with the General Data Protection Regulation 2018 and the Privacy and Electronic Communications Regulations 2003.

Salt Arts CIC is a Community Interest Company (CIC) and our registered address is 17 Lower Port View, Saltash, PL12 4BY. We are registered with the Information Commissioners Office.

This Privacy Policy outlines how your personal information is collected, used and treated. Salt Arts CIC may at any time change this policy by publishing a new version on our website.


Purpose of Policy

We are committed to protecting your personal information and being transparent about what information we hold about you.

Using personal information allows us to develop a better understanding of our customers and participants and in turn to provide you with relevant and timely information about the work that we do. As a CIC, it also helps us to engage with potential donors and report to our funders.

The purpose of this policy is to give you a clear explanation about how we collect and use the information we collect from you directly and from third parties.

We use your information in accordance with all applicable laws concerning the protection of personal information.

If you have any queries about this policy, please contact


How is your personal data collected

We use different methods to collect data from and about you including through:

  • Direct interactions. You may give us your Identity, Contact, Profile, Sensitive and Financial Data by filling in forms or by corresponding with us by post, phone, messaging service, email or otherwise. This includes personal data you provide when you:
  • apply for our services;
  • create an account on our website;
  • subscribe to our service;
  • request marketing to be sent to you;
  • enter a promotion or survey; or
  • give us feedback or contact us.
  • Automated technologies or interactions. As you interact with our website, we will with your consent collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see further information below.
  • Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:
  • Technical Data from analytics providers; advertising networks; and search information providers.
  • Contact, Financial and Transaction Data from providers of technical, booking or payment services.
  • Identity and Contact Data from data brokers or aggregators, including trade organisations or exhibition organisers.Identity and Contact Data from publicly available sources such as Companies House.


The lawful basis for processing

We only process your data where we have identified a valid lawful basis to do so. These are as follows:

  • Contract obligations
    When you make a purchase from us, procure any services from us, or make a donation to us, you are entering into a contract with us. In order to perform this contract we need to process and store your data. For example, we may need to contact you by email or telephone in the event of a cancellation of a show, or in the case of problems with your payment.
  • Legitimate organisational interests
    In certain situations we collect and process your personal data for purposes that are in our legitimate organisational interests. However we only do this if there is no overriding prejudice to you by using your personal information in this way. We describe below all situations where we may use this basis for processing.
  • With your explicit consent
    For any situations where the two bases above are not appropriate, we will instead ask for your explicit consent before using your personal information in that specific situation.
  • Legal obligation
    On occasion it may be necessary for us to process data in order to comply with a legal obligation, for example as a result of a court order.


How your data will be used

We use information held about you to:

  • to process card payments and to set up Direct Debits
  • to claim Gift Aid
  • to fulfil sales and purchases
  • for service administration purposes where we may contact you in regards to the fulfilment or completion of a purchase, donation, workshop fee, or membership.
  • for internal record keeping
  • to invite you to participate in surveys or research, with your permission
  • to provide you with information about our activities or online content you have agreed to receive
  • for marketing purposes where you have specifically consented to receive marketing communications from us
  • to develop anonymised, aggregated data for analysis and reporting to funders and our own organisations insights.
  • to analyse and improve the activities and content offered


Marketing Communication

We aim to communicate with you about the work that we do in ways that you find relevant, timely and respectful. To do this we use data that we have stored about you, such as what events you have booked for in the past, as well as any preferences you may have told us about.

We request your explicit consent for communications by post and email. In the case of postal mailings, you may object to receiving these at any time using the contact details at the end of this policy. In the case of email, we will give you an opportunity to opt in to receive our marketing email during your first purchase with us or participation at any event. We will provide you with an option to unsubscribe in every email that we subsequently send you, or you can alternatively use the contact details at the end of this policy.

We may also contact you about our work by telephone however we will always get explicit consent from you before doing this. Please bear in mind that this does not apply to telephone calls that we may need to make to you related to your purchases (as above).

In all of the above cases we will always keep your rights and interests at the forefront to ensure they are not overridden by your own interests or fundamental rights and freedoms. You have the right to object to any of this processing at any time. If you wish to do this, please use the contact details at the end of this policy. Please bear in mind that if you object this may affect our ability to carry out tasks above that are for your benefit.


Third Parties

We will not sell, rent or trade your personal information to any other organisations or companies for marketing purposes without your consent.

There are certain circumstances under which we may disclose your personal information to third parties. These are as follows:

  • To our own service providers who process data on our behalf and on our instructions (for example our ticketing system software provider and marketing email platform). In these cases we require that these third parties comply strictly with our instructions and with data protection laws, for example around the security of personal data.
  • We have integrated components of Twitter, Facebook and Instagram into this website so you can share our web pages directly to these sites. If you are logged into these social media sites when you using this website, these enterprises will have access to your browsing data.
  • We may share anonymised personal information with other organisations, particularly Arts Council England, who use this to analyse our audience development programmes, ticket sales and self-generated funding to understand the impact of the public investment made in Salt Arts CIC.
  • Where we are under a duty to disclose your personal information in order to comply with any legal obligation (for example government bodies and law enforcement agencies). We may process your personal data without your knowledge or consent where this is required or permitted by law.
  • To specific named visiting companies whose performances you have attended. In these cases we will always ask for your explicit consent before doing so.


Website Cookies
The intoBodmin website pages use cookies. Cookies are text files that are stored in a computer system via an Internet browser.

Website collection of general data and information
The intoBodmin website collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.

When using these general data and information, intoBodmin does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, intoBodmin analyses anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

Google Analytics
When someone visits we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make and do not allow Google to make, any attempt to find out the identities of those visiting our website.


Data retention

We hold your data as long as you remain active with intoBodmin, so that for any subsequent purchases you make we are able to link them back to a single unique record that we hold for you on our system. After a period of 6 years of inactivity, we permanently erase all your personal data.

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

In some circumstances you can ask us to delete your data (see below for further information).

We may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely.

We regularly review the data we hold to ensure it is held in line with consent of the person who shared it with us.


Security of your personal information

We will put in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your personal information as secure as possible. We will ensure that any third parties we use for processing your personal information do the same.

The Internet works as a global environment. This means that using it to collect and process personal data often involves the international transmission of data, and on occasions processing of personal data by third parties (including social media companies) outside the European Economic Area.

Although this may happen, you can be reassured that the data will always be held securely and in line with the requirements of UK data protection legislation. However, we want you to be aware that by communicating electronically with us, you understand and agree to our processing of personal data in this way.


Access to your personal information

Under the General Data Protection Regulation, you have the right to request and be sent:

  • confirmation that your data is being processed;
  • access to your personal data; and
  • other supplementary information that we hold about you.

You can make a request by emailing by post using our contact information. We will take steps to confirm your identity before releasing any information to you. We will not charge you for providing the information that you request. We will respond to your request within one calendar month of the request, unless there are exceptional circumstances.


Contacting Us

Please get in touch with us if you have any questions about any aspect of this privacy policy, and in particular if you would like to object to any processing of your personal information that we carry out for our legitimate organisation interests.