The Association of Illustrators Limited
Your privacy is important to us. We are committed to protecting your personal data.
• provides information about the personal data we collect, and how and why we collect, store, use and share your personal data; and
• tells you about your rights in relation to your personal data and how to contact us or supervisory authorities if you have a complaint.
‘Personal data’ is any information that can directly or indirectly identify an individual (‘a data subject’).
The Association of Illustrators Limited, a company incorporated in England and Wales with company number 01237440 and registered office at Somerset House, Strand, London WC2R 1LA (we, us, our) is the data controller. This means that we determine the purposes for which, and the way in which personal data are processed. As a data controller we will comply with all applicable data protection laws.
Should you have concerns about the way we process your data or would like us to stop processing your data please contact Rachel Hill on firstname.lastname@example.org.
You can also download the AOI Data Protection Policy revised June 2021
1. WHAT PERSONAL INFORMATION DO WE COLLECT ABOUT YOU?
We may collect and process the following personal data about you:
1.1 Information you give us about you or your business, such as
1.1.1 Identity Data: your name, artist name, user name, or similar identifier, title, date of birth;
1.1.2 Contact Data: billing address, delivery address, e-mail address and telephone numbers;
1.1.3 Financial Data such as bank account and payment card details;
1.1.4 Profile Data: username and password, AOI membership number, student identification number, place of study, details of your agency, images including your own photograph, purchases or orders made by you;
1.1.5 Transaction Data: details about payments to and from you and other details of products and services you have purchased from us;
1.1.6 and any other information about you that you provide to us.
1.2 We may occasionally request and process “sensitive personal data” about you such as details about your race, ethniticy, religious beliefs, political affiliation and sexual orientation. You have no obligation to provide this information. We will only process such personal data when we have explained the purpose of the processing and have obtained your explicit consent. However, you have no obligation to provide this information and we will only process it in accordance with the Data Protection Act 1998, for example, where we have explained the purpose of the processing and have obtained your explicit consent. The term “sensitive personal data” is defined more fully in section 2 of the Data Protection Act 1998, which you can read here.
2. HOW WE COLLECT PERSONAL DATA
2.1 We collect most of this information from you directly, for example, Identity Data, Contact Data, Financial Data and Transaction Data when you fill in forms, correspond with us by e-mail, phone, post or otherwise when you:
2.1.1 register for an account or membership with us and log into your membership account;
2.1.2 participate in a competition, promotion or survey;
2.1.3 act as a judge for a competition or award;
2.1.4 upload material to the portfolio section;
2.1.5 purchase anything from us or from a third party through our online shop including event tickets, client directories, publications, membership or portfolio access;
2.1.6 subscribe to receive our newsletter;
2.1.7 respond to our marketing communications;
2.1.8 apply for a job with us;
2.2 We automatically collect technical data each time you visit our website:
2.2.1 including the internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
2.2.2 information about your visit to our website, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time); products or services you viewed or searched for; location data and other communications data; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
2.3 We may also collect information from:
2.3.1 automated technologies, such as cookies which collect technical data about your equipment and browsing activities;
2.3.2 advertising networks for example Facebook;
2.3.3 providers of technical, payment and delivery services, for example Royal Mail;
2.3.4 analytics and search engine providers [such as Google, based outside the EU];
2.3.5 a third party with your specific consent (e.g. your bank or our business partners);
2.3.6 Information we lawfully receive from other sources, such as business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers and search information providers.
3. HOW WE PROCESS YOUR PERSONAL INFORMATION
3.1 We use your personal data:
3.1.1 to administer any account, membership or registration you have with us;
3.1.2 to provide the products and services you order from us and to carry out our obligations and exercise our rights arising from those orders;
3.1.3 to provide information to you that you request from us;
3.1.4 to administer your participation in any competitions or awards that we run including in any online or offline publicity in relation to winners, where you have consented to such use;
3.1.5 for publication on our website where you have provided it to us for that purpose (for example, in connection with your entry as a participant or as a judge in a competition);
3.1.6 to provide subscribers with our regular newsletter;
3.1.7 for internal operations, e.g. to administer our website, troubleshooting, data analysis, testing, research, statistical and survey purposes;
3.1.8 to communicate with you about any comments, queries or feedback you might have about us or our website;
3.1.9 to inform you of any changes to our website and/or our products and services;
3.1.10 to enable you to participate in interactive features of our website, when you choose to do so;
3.1.11 to ensure that content from our website is presented in the most effective manner for you and your computer;
3.1.12 to provide you with news and information about us and the products and services we offer by post, telephone, email and/or SMS. We will send that information by electronic mail only if:
(a) you have consented to this, for example, by opting in at the time you create a membership/portfolio account or by placing an order on our website; or
(b) the information is about products and services that are similar to those which you have previously bought from us or about which we entered sales negotiations with you and you have not opted out of receiving such marketing messages; or
(c) where we are permitted to do so by law without your specific consent, for example, if we e-mail or call you in your capacity as an employee of a company. In this case, we will make it easy for you to opt-out of such communication.
If you do not want us to use your personal data for marketing purposes please e-mail us at email@example.com. We will not share your personal information with any third party for the purpose of marketing unless you have provided your specific consent for us to do so.
3.2 We use personal data that we collect automatically:
3.2.1 to administer our website and for internal operations, including troubleshooting, data analysis, testing, researching, statistical and survey purposes;
3.2.2 to improve our website to ensure that content is presented in the most effective manner for you and your computer;
3.2.3 to allow you to participate in interactive features on the website, if you choose to do so; and
3.2.4 to measure or understand the effectiveness of any advertising we aim at you and others and to deliver relevant advertising to you.
We do not use this information to develop a personal profile of you. Data will almost always be anonymised and aggregated before reporting back to us.
3.3 We use the information about you that we collect from other sources in combination with the information you give to us and the information about you that we collect automatically. We will only use such information for the purposes set out above.
4. COOKIES AND ANALYTICS
5. DATA ABOUT CHILDREN
We do not knowingly collect information from individuals who are under the age of 16. If you are under 16, please do not register an account with our website or provide any information about yourself to us. If you have already done so, please contact us at firstname.lastname@example.org.
6. HOW WE STORE YOUR PERSONAL DATA
All information you provide to us is stored on our secure servers based in the EU. We have in place a level of security appropriate to the nature of the information stored and the harm that might result from a breach of security.
The sending of information via the internet is not totally secure and on occasion such information can be intercepted. We cannot guarantee the security of data that you choose to send to us electronically and therefore sending such information is entirely at your own risk.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of the website, you are responsible for keeping this password confidential and you must not share it with anyone. If you have reason to believe that your password or any other aspect of your account has become compromised, you must inform us immediately at email@example.com
7. HOW LONG WE RETAIN YOUR PERSONAL DATA
8. PROCESSING OF PAYMENTS
All payments on our website are processed by GoCardless Ltd (“GoCardless”), GPUK LLP, trading as Global Iris (“Global Iris”), and Payment Solutions Ltd, trading as SmartDebit (“SmartDebit”). When you make a payment on our website, you are providing financial data to the relevant third-party payment processor, and not to us. We do not receive and therefore do not store any of your financial data when you make an online payment, although we do recive transaction data. GoCardless, Global Iris and SmartDebit process your financial data for the purpose of your payment for our products and services.
These third party payment processors have their own respective privacy policies, which we would advise you to read:
9. HOW WE DISCLOSE YOUR INFORMATION TO THIRD PARTIES
We may share your personal information with selected third parties including:
9.1 Our partners listed here and our sub-contractors and other suppliers and service providers who we engage to assist with our administrative or business functions and to deal with any other matters in connection with our website, our products and services and any agreements we enter into with you;
9.2 In particular, we share data with the Directory of Illustration (DoI), which is based in the USA for the purpose of providing the service when you enter the awards. As the DoI is based in the USA your data will be processed outside of the EEA and does not fall within the jurisdiction of the EU GDPR. We cannot guarantee that your data will be processed and protected to the same standard as under the EU GDPR.
9.3 Advertisers and advertising networks that require anonymised data to select and serve relevant adverts to you and others. We may provide them with aggregate information about our users (for example, we may inform them that 150 women aged 35-45 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, men in a particular location). We may make use of the information we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience;
9.4 analytics and search engine providers that assist us in the improvement and optimisation of the website; and
9.5 credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you.
9.6 We work with a range of data processors to conduct our core business. These include Mailchimp, Sage Accounting, HSBC amongst others.
9.7 We may disclose your personal information to third parties:
9.7.1 in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
9.7.2 if The Association of Illustrators Limited or substantially all of the company’s assets are acquired by a third party, in which case personal data held by the company about our customers will be one of the transferred assets; and
9.7.3 if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our various terms, policies and other agreements; or to protect the rights, property, or safety of The Association of Illustrators Limited, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
9.7.4 If we refer any dispute between us to the Online Dispute Resolution Platform and/or we agree to engage in any alternative dispute resolution (ADR) procedure with you through the Platform, then to the extent that your personal data is relevant to the dispute we may disclose it to the European Commission, as operator of the ODR Platform, and to any ADR provider appointed to deal with the dispute. For more information please email firstname.lastname@example.org.
10. THIRD PARTY LINKS
11. OPTING OUT OF MARKETING
You have the right to ask us not to process your personal data for marketing purposes. If you would like to do so, just let us know at [insert e-mail address]. If you exercise your right to opt-out of receiving marketing messages from us, please be aware that you may continue to receive certain non-marketing communications from us. For example, we may still need to contact you about important changes to our products, services or website that affect you or about any agreements we may have entered into with you.
12. ACCESS TO INFORMATION AND YOUR RIGHTS
12.1 You have the following rights over the way we process personal data relating to you. We aim to respond as soon as practicable but within one month at the latest.
12.1.1 to ask for a copy of data we are processing about you and have inaccuracies corrected;
12.1.2 to ask us to restrict, stop processing, or to delete your personal data; to request a machine-readable copy of your personal data, which you can use with another service provider;
12.1.3 To make a request in relation to any of your rights, please email us at email@example.com
12.2 We do not charge a fee to respond to reasonable requests. If the request is excessive or unfounded the AOI may choose to refuse or charge for the request.
12.3 If the AOI refuses a request the individual will be told why and that they have the right to complain to the ICO and seek a judicial remedy. This will be communicated as soon as possible or within 30 days from receiving your request.
13. DATA BREACHES
13.1 The AOI has robust procedures in place to minimise the risk of a data breach. Where a data breach occurs, and it is deemed likely to result in risk to people’s rights and freedoms, the AOI will inform the ICO within 72 hours of becoming aware of the breach (even if the full details are not known) where feasible.
13.2 If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, those individuals will be informed without undue delay.
14. CONTACTING US AND COMPLAINTS
We hope that we can resolve any query or concern you may raise about our use of your information. You have the right to make a complaint at any time to the Information Commissioner’s Officer (ICO), the UK Supervisory Authority for data protection issues.