Privacy Policy

Privacy Policy and Data Protection Statement

Last updated: 20.04.26

 

  1. Who we are

The Tin Music and Arts (‘we’, ‘us’ or ‘our’) is a music and arts charity that works within the grassroots community to help develop emerging artists and programme a diverse range of cultural events (Registered Charity No: 1152636).

The Tin Music and Arts is the data controller for the personal information you provide to us. We are committed to protecting your personal data and handling it in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations (PECR), and where applicable, the Data (Use and Access) Act 2025 (DUAA).

The Tin Music and Arts is committed to protecting your privacy. This policy explains how we collect and use the personal information you provide to us whether online or via phone, mobile, e-mail, letter or other correspondence.

By using our website, any of our services, or providing us with any personal information we will assume you are agreeing to your information being used and disclosed in the ways described in this policy.

  1. Where we collect information from

We collect information in the following ways:

  • Information you share with us: We may obtain personal information from you when, for example, you buy tickets for one of our events, fill in an application form, apply to become a volunteer, take part in an event, make a donation, or join our mailing list.
  • Information from Third Parties: Sometimes, we receive information about you from independent third parties, but only where you’ve given them permission to share it with us. For example, fundraising sites like Local Giving or event organisers might pass along your information. You should check their privacy notice when you provide your information to understand how they handle your information. Once we get it, it will be covered by our privacy notice as well as by the originating third party.
  • Information we get from your use of our website and services: We collect information about the services you use and how you use them, like when you visit our websites, or view and interact with our ads and content.
  • Information in the public domain: We may obtain some information from publicly available sources such as Companies House, newspaper articles or open postings on social media such as Facebook and LinkedIn. This is not an exhaustive list of the public sources.

Information we collect

Depending on how you interact with us, we may collect and process personal data including:

  • Name
  • Postal address
  • Email address
  • Telephone number
  • Donation history
  • Event bookings and attendance information
  • Volunteer or participant information
  • Communications preferences
  • Correspondence you send us
  • Website usage information (including cookies and analytics)

We only collect personal data that is necessary for our charitable purposes and activities.

Where appropriate, we may also ask your interests and motivation for supporting The Tin Music and Arts, although we will never make this question mandatory, and only want to know the answer if you are comfortable providing us with that information.

  1. What we do with your information

We may use your personal data to:

  • Deliver our charitable activities, programmes and services
  • Process donations and Gift Aid (where applicable)
  • Manage event registrations, bookings and participation
  • Communicate about our activities, opportunities and services
  • Send supporter updates, newsletters and fundraising communications
  • Respond to enquiries
  • Improve our website and services
  • Meet legal, regulatory and safeguarding obligations
  • Prevent fraud and protect our organisation
  1. Legal basis for processing your information

Under UK GDPR, we rely on one or more of the following lawful bases:

Consent

Where you have given us clear permission, such as subscribing to a newsletter.

Legitimate Interests

Where processing is necessary for our legitimate interests as a charity, including supporter communications, administering relationships, and promoting our charitable purposes, provided those interests do not override your rights.

Contract

Where processing is necessary to fulfil a contract with you, such as processing event bookings.

Legal Obligation

Where we are required to process data to comply with legal or regulatory duties.

  1. Direct Marketing and Charity Soft Opt-In

We may send you information by email or text about:

  • Events
  • Programmes
  • Fundraising campaigns
  • Opportunities to support our work
  • News related to our charitable purposes

We do this either:

  • with your consent; or
  • where permitted under PECR, including the charitable soft opt-in provisions introduced under the Data (Use and Access) Act 2025.

Where we rely on charitable soft opt-in:

  • you must have supported us or expressed interest in our charitable purposes (including purchase of event/gig tickets);
  • we must have collected your contact details in that context;
  • you must have been given the opportunity to opt out when your data was collected; and
  • every marketing message we send will include a simple way to unsubscribe.

You can opt out of direct marketing at any time by:

  • using the unsubscribe link in our emails; or
  • contacting us using the details below.

Important note: Existing legacy contacts may continue to be assessed separately to ensure compliance before relying on charitable soft opt-in.

  1. Email Communications – GoDaddy and ticketing providers

If you subscribe to our mailing list, we may use GoDaddy or a ticketing provider as a data processor to manage email communications on our behalf.

GoDaddy/ticketing providers processes personal data under contract with us and only in accordance with our instructions.

Where personal data is transferred internationally through service providers, we take appropriate safeguards to protect your information, including use of lawful transfer mechanisms where required.

 

  1. Who we share information with

We do not sell or trade your personal data.

We may share personal data with trusted service providers acting as data processors, including providers that support:

  • Website hosting
  • Email communications
  • Analytics
  • Payment processing
  • Event administration
  • IT and security services

We may also disclose personal data where required:

  • by law
  • to regulators or public authorities
  • to protect rights, safety or prevent fraud

Appropriate contracts and safeguards are maintained with processors.

  1. International Transfers

Some service providers may process personal data outside the UK.

Where international transfers occur, we use appropriate safeguards, which may include:

  • UK International Data Transfer Agreement (IDTA)
  • UK Addendum to Standard Contractual Clauses
  • Adequacy regulations where applicable
  1. Data Retention

We only keep personal data for as long as necessary.

Typical retention periods may include:

  • Mailing list records: until unsubscribed or inactive for up to 6 years
  • Donor records: up to 6 years after last donation (or longer where legally required)
  • Volunteer records: up to 6 years after relationship ends
  • Event registration records: up to 2 years
  • Safeguarding records: in accordance with safeguarding retention requirements

Retention periods may vary where law requires longer retention.

 

  1. The accuracy of your information

We aim to ensure that all information we hold about you is accurate and, where necessary, kept up to date. If any of the information we hold about you is inaccurate and either you advise us or we become otherwise aware, we will ensure it is amended and updated as soon as possible.

  1. Website Analytics and Cookies

Our website may use cookies and analytics technologies, including Google Analytics, to help us understand how visitors use our website and improve functionality.

Cookies may include:

  • Strictly necessary cookies
  • Analytics cookies
  • Functionality cookies
  • Social media cookies (where applicable)

You can manage cookie preferences through your browser settings and any cookie controls available on our website.

Where required by law, we seek consent before placing non-essential cookies.

  1. Data Security

We use appropriate technical and organisational measures to protect personal data against:

  • unauthorised access
  • loss
  • misuse
  • alteration
  • disclosure

No internet transmission can be guaranteed completely secure, but we take reasonable steps to protect personal data.

  1. Data breaches


In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, the Charity shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the ICO (more information on the ICO website). https://ico.org.uk/fororganisations/guide-to-the-general-data-protection-regulation- gdpr/personal-databreaches/

  1. Your Rights

Under UK GDPR, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request erasure
  • Restrict processing
  • Object to processing, including direct marketing
  • Data portability (where applicable)
  • Withdraw consent where consent is relied upon

To exercise your rights, contact us using the details below

The Tin Music and Arts
Units 1-4, Canal Basin,
St Nicholas Street,
Coventry
CV1 4LY

  1. Privacy Queries

If you have concerns about how we use your personal data, please contact us first.

We aim to:

  • acknowledge privacy complaints within 30 days; and
  • address complaints without undue delay.

You also have the right to complain to the:

Information Commissioner’s Office (ICO)
Website: https://www.ico.org.uk

  1. Third-Party Links

Our website may contain links to third-party websites or embedded content.

We are not responsible for the privacy practices of those third parties and encourage you to review their privacy policies.

 

  1. Changes to the policy


This policy replaces all previous versions and is correct as of the date at the end of this web page. We will regularly review and update this Privacy and Data Protection Statement and will update, modify, add or remove sections at our discretion. Any changes will be notified to you through on this page. Your continued use of our website, any of our services and/or the continued provision of personal information after we have posted the changes to these terms will be taken to mean you are in agreement with those changes.