Privacy Policy
DACS (‘we’ or ‘us’) is registered with the Information Commissioner’s Office and is committed to protecting and respecting your privacy.
We take your privacy very seriously and we ask that you read this privacy policy (together with the DACS Terms and Conditions of Use) carefully as it contains important information on the personal information we will collect about you, what we do with your information, and who your information might be shared with.
Design and Artists Copyright Society (“DACS”) is a company incorporated in England and Wales under company number 1780482 and its registered office is at 33 Old Bethnal Green Road, London, E2 6AA. DACS is a 'data controller' for the purposes of the applicable data protection law in the UK, which means we are responsible for, and control the processing of, any personal information we collect from you.
Information we may collect about you
Personal information provided by you
The information you give us may include personal information like your name, address, email address, telephone number, date of birth and bank details. You may give us your information by filling in forms including those on our website (www.dacs.org.uk) or by corresponding with us in writing, by telephone, email or otherwise. This includes information you provide when you correspond with us, in particular regarding our copyright licensing services, Artist’s Resale Right, Payback, or any of our other activities and when you report a problem with the website. Further details on the information we may collect and the purpose for its processing are below.
Information we collect through our website (including use of cookies)
Our website uses cookies. Cookies are text files placed on your computer to collect Standard Internet Log information and visitor information. These cookies allow us to distinguish you from other users of the website and allow us to collect information about your visit to our website. For more information on which cookies we use and how we use them, see DACS' Cookies Policy.
DACS uses third party applications for additional website functionality or to improve your user journey and experience on our website. This includes HotJar for visitor analytics. DACS may receive anonymised information about your use of the website from HotJar – this information will not identify you personally.
Personal information provided by third parties
We may receive personal information about you from third parties, which may include parties who provide this information in fulfilment of a legal obligation, our members in relation to our copyright licensing activities or representatives you have authorised to act on your behalf; for example, when picture agencies submit Payback claims on your behalf or when one of our international sister societies utilises our products and services on your behalf (you can see details of our network of sister societies here: List of sister societies). Any information we receive about you from these third parties will only be processed for the purposes described under ‘How will we use the information about you?’ section below.
We may obtain information about you from publicly available records for the purpose of administering Artist’s Resale Right. We use this information to identify individuals for the distribution of resale royalties that are due to them. These sources include 192.com, BT.com, Ancestry.com, Companies House and the National Archives.
How will we use the information about you?
We may process the information we collect about you:
- for the administration of the Artist’s Resale Right, our copyright licensing activities, and our Payback scheme. This includes contacting you to provide you with information you have requested about these activities and notifying you of any changes in respect of these. The information we may process for these purposes includes your name, address, email address, phone number, date of birth and bank details. As outlined above, this information may be collected from you in various ways including but not limited to membership agreements, licence agreements, Payback claim forms, correspondence you send to us, telephone calls you make to us or through any website contact forms. The basis for this processing is to perform the contract with you related to these activities and services or because you have asked us to take specific steps before entering into a contract in respect to these activities and services;
- to identify you and administer any user accounts, which may include an online Payback account. The information we may process for this purpose includes your name, address, email address, phone number, date of birth and bank details, which may be collected from you when completing the respective account registration or application form. The basis for this processing is to perform the contract that is related to these accounts and the associated activities and services;
- to respond to any communications that you send to us. This information may be collected from any correspondence you send to us, telephone calls you make to us, or through any website contact forms. This information includes your name, address, email address and phone number, date of birth and bank details and may be processed by us for the purposes of responding to you and keeping record of those communications. This processing is necessary for the administration of our business and the provision of our services, which is necessary for the legitimate interests of our business;
- to provide you with information about other products and services we offer that are similar to those that you have previously utilised or enquired about. The information we may process for this purpose includes your name, address and email address. This processing is necessary for marketing and promotion of our products and services, which is for the legitimate interests of our business. Please see ‘Marketing’ section below;
- to administer our website, carry out data analysis, allow you to participate in interactive features of the website, ensure content is presented in the most effective manner for you and your computer and monitoring website usage. The information we may process for these purposes may include the Internet Protocol (IP) used to connect your computer to the Internet, your user account login information, browser type and version, time-zone setting, browser plug-in types and versions, operating system and platform and information about your visit to our website. This information is collected through the cookies used on our website (please see DACS' Cookies Policy for more information). This processing is necessary for the development and improvement of our website, products and services, which is necessary for the legitimate interests of our business. You can prevent this processing at any time by modifying the settings of your web browser to reject the cookies we use or disable cookies completely. You can find more information about controlling cookies at aboutcookies.org;
- in connection with our recruitment process. This information may include the information you have provided in your application form, CV or covering letter. This information may include sensitive information, including your race, ethnic origin or health. Please see the section ‘Sensitive Personal Information (Special Category Data)’ below;
- to comply with any legal obligation or to enforce or apply DACS Terms and Conditions of Use, or any other agreements; or to protect the rights, property, or safety of DACS, its customers, or other third parties. The information we may process for this purpose may be any personal information that is referred to in this privacy policy. This processing is necessary for the protection and enforcement of our rights and the rights of third parties and the proper administration of our business, which is necessary for the legitimate interests of our business and to comply with our legal obligations; and
- to detect and prevent fraud. The information we may process for these purposes includes your name, address, email address, telephone number, date of birth and bank details. This information may be collected from you through membership agreements, licence agreements, Payback claim forms, correspondence you send to us, telephone calls you make to us or through any website contact forms. This processing is necessary for our legitimate interests by ensuring the proper management of our business and financial risks.
Sensitive Personal Information (Special Category Data)
Sensitive or ‘special category’ data is information regarding your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data, health, sex life or sexual orientation. As a general rule, we will not ask you for this information except where:
- it is necessary for the performance of a membership contract (for example we require to see a power of attorney for a member);
- it is required as part of our recruitment process for the purpose of meaningful equal opportunities monitoring; or
- it is required to ensure we can provide appropriate facilities for you, for example in relation to a disability or health condition.
We will only process sensitive or ‘special category’ data strictly for the purpose you have supplied it. If we require sensitive or ‘special category’ data for any other reason, we will always ask for your explicit consent.
Marketing
We will only send you information by email about products or services we feel may interest you. If you have previously requested information from us or utilised our products or services, we will only contact you by email with information about products and services similar to those you have previously utilised or enquired about.
You can ask us to stop sending you marketing messages at any time. If you would like to do this, please email, call or write to us (see the ‘How can you contact us?’ section below). If you would prefer to be contacted by post over email, then please let us know.
Who your information might be shared with
As far as is reasonably necessary, we may disclose your personal data to:
- other companies within our group, which means our subsidiaries as defined in section 1159 of the Companies Act 2006, ultimate holding company and its subsidiaries, for the purposes described under ‘How will we use the information about you?’ section above;
- our suppliers, agents and sub-contractors for the purposes described under ‘How will we use the information about you?’ section above. These parties may be engaged for the fulfilment of contracts we have with you and the provision of support services to us;
- our business partners, including our sister societies (list of sister societies) where it is necessary for the performance of a contract with you or because you have asked us to take specific steps before entering into a contract with you;
- law enforcement agencies, regulatory bodies, auditors and professional advisers to comply with any legal obligation; or for the purposes of fraud prevention; or in order to enforce any agreements; or protect the rights, property, or safety of DACS, its customers, or others; or obtain any related professional advice.
Transfers of your information out of the UK
We may need to transfer your personal data to countries that are located outside the UK for the purposes of processing by parties that work for DACS or one of its suppliers. By way of example, this may happen if any of the computer services used to host our website are located in a country outside of the UK.
We may transfer your data to any of our sister societies where it is necessary for the performance of a contract with you related to our activities and services or because you have asked us to take specific steps before entering into a contract in respect of these activities and services (you can see details of our network of sister societies here: List of sister societies).
We will take all steps reasonably necessary to ensure your personal data is treated securely and in accordance with this privacy policy, these steps may include a variety of legal safeguards, including entering into data processing or transfer agreements; ensuring the recipients of your personal data operate in countries that have been deemed by the UK to provide an adequate level of protection for personal data or they are certified under an approved certification mechanism, such as the "UK extension of the EU-US Data Privacy Framework" (details of which can found at https://www.dataprivacyframewo...).
Keeping your data secure
We will use technical and organisational measures to safeguard your personal data. All information you provide to us is stored securely and any access to your online user account is controlled by a password and user name that is unique to you.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Our website may include links to, or content embedded from third party web service providers. Please note that we have no control over these third-party websites and therefore cannot accept responsibility for the protection and privacy of any information which you provide whilst visiting such third-party websites and such websites are not governed by this privacy policy. It is your responsibility to exercise caution and note the terms of privacy policies relevant to any such third-party websites.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Retention of your data
We will not retain your personal data for longer than is necessary in relation to the purposes for which the data was collected or otherwise processed. The criteria we use for determining the retention periods for your personal data will be any regulatory requirements, statutory retention periods or guidance provided by regulatory bodies such as HMRC or the Information Commissioners Office. For example, the personal data that is collected from you to administer our Payback scheme will be deleted 6 years after the expiry of your Payback membership agreement, as this is generally the statutory limitation period for legal claims related to most contracts.
What rights do you have?
Right to request a copy of your information
You can request a copy of your personal data (commonly known as a “subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Right to correct any mistakes in your information
You can request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Right to ask us to stop contacting you with direct marketing
You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please email, call or write to us (see the ‘How can you contact us?’ section below). If you would prefer to be contacted by post over email, then please let us know.
Right to erasure
You can request erasure of your personal data in certain circumstances. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Right to restrict processing of your personal data
You have the right to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in one of the following scenarios:
- If you want us to establish the data’s accuracy
- Where our use of the data is unlawful but you do not want us to erase it;
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- You have objected to our use of your date, but we need to verify whether we have overriding legitimate grounds to use it
Right to object to processing of your personal data
You have the right to object to us processing your personal data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.
Right to withdraw consent
Where we have relied on your consent for the processing of your personal data, you have the right to withdraw that consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you wish to withdraw your consent please, email, call or write to us using the contact details under ‘How to contact us’ below.
Exercising your rights
If you wish to access your personal data (or exercise any of the other rights), then please contact us using the details under ‘How to contact us’ below.
You will not have to pay a fee to exercise your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
How to contact us
Please contact us if you have any questions about this privacy policy or the information we hold about you, including making requests to exercise any of your rights in relation to your personal data.
If you wish to contact us, please send an email to the Head of Legal at info@dacs.org.uk or write to us at DACS, 33 Old Bethnal Green Road, London, E2 6AA or call us on 020 7336 8811.
Complaints
We take your privacy very seriously and try to adhere to the highest standards when collecting and processing your data. However, if you think there is a problem with the way we are processing your personal data, then we encourage you to contact us directly to see if your concerns can be addressed. Please see our Code of Conduct for further details on our complaints process.
If you are not satisfied with the outcome of our internal complaints procedure, or if you consider that your complaint has not been handled correctly, you may lodge a complaint with the Information Commissioner's Office. You can contact the Information Commissioner's Office helpline on 0303 123 1133 or by email to casework@ico.org.uk.
Changes to the privacy policy
We may change this privacy policy from time to time. Any changes we make to this privacy policy will be posted on this page and, where appropriate, notified to you by post or email. Please check back frequently to see any updates or changes to this privacy policy.
Updated 15 August 2024