Privacy Policy


DACS (‘we’ or ‘us’) is registered with the Information Commissioner’s Office and is committed to protecting and respecting your privacy.

We take your privacy very seriously and we ask that you read this privacy policy (together with the DACS Terms and Conditions of Use a) carefully as it contains important information on the personal information we will collect about you, what we do with your information, and who your information might be shared with.

Design and Artists Copyright Society (“DACS”) is a company incorporated in England and Wales under company number 1780482 and its registered office is at 33 Old Bethnal Green Road, London, E2 6AA. DACS is a 'data controller' for the purposes of the applicable data protection law in the UK, which means we are responsible for, and control the processing of, any personal information we collect from you.

Information we may collect about you

Personal information provided by you

The information you give us may include personal information like your name, address, email address, telephone number, date of birth and bank details. You may give us your information by filling in forms including those on our website (www.dacs.org.uk) or by corresponding with us in writing, by telephone, email or otherwise. This includes information you provide when you correspond with us, in particular regarding our Copyright Licensing service, Artist’s Resale Right, Payback, or any of our other activities and when you report a problem with the website. Further details on the information we may collect and the purpose for its processing are below.

Information we collect through our website (use of cookies)

Our website uses cookies. Cookies are text files placed on your computer to collect Standard Internet Log information and visitor information. These cookies allow us to distinguish you from other users of the website and allow us to collect information about your visit to our website.
For more information on which cookies we use and how we use them, see DACS' Cookies Policy.

Personal information provided by third parties

We may receive personal information about you from third parties, which may include parties who provide this information in fulfilment of a legal obligation or representatives you have authorised to act on your behalf; for example, when picture agencies submit Payback claims on your behalf or when one of our international sister societies utilises our products and services on your behalf (you can see details of our network of sister societies here: List of sister societies). Any information we receive about you from these third parties will only be processed for the purposes described under ‘How will we use the information about you?’ section below.
We may obtain information about you from publicly available records for the purpose of administering Artist’s Resale Right. We use this information to identify individuals for the distribution of resale royalties that are due to them. These sources include 192.com, BT.com, Ancestry.com, Companies House and the National Archives.

How will we use the information about you?

We may process the information we collect about you:

  • for the administration of the Artist’s Resale Right, our Copyright Licensing activities, and our Payback scheme. This includes contacting you to provide you with information you have requested about these activities and notifying you of any changes in respect of these. The information we may process for these purposes includes your name, address, email address, phone number, date of birth and bank details. As outlined above, this information may be collected from you in various ways including but not limited to membership agreements, licence agreements, Payback claim forms, correspondence you send to us, telephone calls you make to us or through any website contact forms. The basis for this processing is to perform the contract with you related to these activities and services or because you have asked us to take specific steps before entering into a contract in respect to these activities and services;
  • to identify you and administer any user accounts, which may include an online Payback account. The information we may process for this purpose includes your name, address, email address, phone number, date of birth and bank details, which may be collected form you when completing the respective account registration or application form. The basis for this processing is to perform the contract that is related to these accounts and the associated activities and services;
  • to respond to any communications that you send to us. This information may be collected from any correspondence you send to us, telephone calls you make to us, or through any website contact forms. This information includes your name, address, email address and phone number, date of birth and bank details and may be processed by us for the purposes of responding to you and keeping record of those communications. This processing is necessary for the administration of our business and the provision of our services, which is necessary for the legitimate interests of our business;
  • to provide you with information about other products and services we offer that are similar to those that you have previously utilised or enquired about from us.  The information we may process for this purpose includes your name, address and email address. This processing is necessary for marketing and promotion of our products and services, which is necessary for the legitimate interests of our business.  We will only contact you for this purpose by electronic means with your consent – please see ‘Marketing’ section below;
  • to administer our website, carry out data analysis, allow you to participate in interactive features of the website, ensure content is presented in the most effective manner for you and your computer and monitoring website usage. The information we may process for these purposes may include the Internet Protocol (IP) used to connect your computer to the Internet, your user account login information, browser type and version, time-zone setting, browser plug-in types and versions, operating system and platform and information about your visit to our website. This information is collected through the cookies used on our website (please see DACS' Cookies Policy for more information). This processing is necessary for the development and improvement of our website, products and services, which is necessary for the legitimate interests of our business. You can prevent this processing at any time by modifying the settings of your web browser to reject the cookies we use or disable cookies completely. You can find more information about controlling cookies at aboutcookies.org;
  • to comply with any legal obligation or to enforce or apply DACS Terms and Conditions of Use, or any other agreements; or to protect the rights, property, or safety of DACS, its customers, or other third parties. The information we may process for this purpose may be any personal information that is referred to in this privacy policy. This processing is necessary for the protection and enforcement of our rights and the rights of third parties and the proper administration of our business, which is necessary for the legitimate interests of our business and to comply with our legal obligations; and
  • to detect and prevent fraud. The information we may process for these purposes includes your name, address, email address, telephone number, date of birth and bank details. This information may be collected from you through membership agreements, licence agreements, Payback claim forms, correspondence you send to us, telephone calls you make to us or through any website contact forms. This processing is necessary for our legitimate interests by ensuring the proper management of our business and financial risks.


Sensitive Personal Information (Special Category Data)

We generally do not ask you to provide us with information regarding your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data, health, sex life or sexual orientation.  However, if is necessary to obtain this information from you in relation to our business activities or to perform a contract with you, we will only collect and process the information with your explicit consent and only for the purpose specified by you when giving your consent.  

Marketing

We will only send you information by email about products or services we feel may interest you if you have consented to receive this. If you are an existing customer or have previously requested information from us, we will only contact you by email with information about products and services similar to those you have previously utilised or enquired about.

If you have consented to receive such marketing, you can opt out at any time. If you would like to do this, please email, call or write to us (see the ‘How can you contact us?’ section below). If you would prefer to be contacted by post over email, then please let us know.

Who your information might be shared with

As far as is reasonably necessary, we may disclose your personal data to:
  • other companies within our group, which means our subsidiaries as defined in section 1159 of the Companies Act 2006, ultimate holding company and its subsidiaries, for the purposes described under ‘How will we use the information about you?’ section above; 
  • our business partners, suppliers, agents and sub-contractors for the purposes described under ‘How will we use the information about you?’ section above. These parties may be engaged for the fulfilment of contracts we have with you and the provision of support services to us; and
  • law enforcement agencies, regulatory bodies, auditors and professional advisers to comply with any legal obligation; or for the purposes of fraud prevention; or in order to enforce any agreements; or protect the rights, property, or safety of DACS, its customers, or others; or obtain any related professional advice.

Transfers of your information out of the EEA

We may need to transfer your personal data to countries that are located outside the European Economic Area (“EEA”) for the purposes of processing by parties that work for DACS or one of its suppliers. By way of example, this may happen if any of the computer services used to host the website are located in a country outside of the EEA.

We may transfer your data to the USA to organisations such as Mailchimp for content delivery services; Microsoft Corporation and Salesforce for customer relationship management services; Twitter, Facebook, Google and SurveyMonkey for communication and marketing services in accordance with your preferences (see the ‘Marketing’ section above for more information). 
 
We will take all steps reasonably necessary to ensure your personal data is treated securely and in accordance with this privacy policy, these steps may include entering into processing agreements with these parties or ensuring the parties receiving your data are certified under an approved certification mechanism such as the Privacy Shield framework (details of which can found at www.privacyshield.gov).

If you are a Copyright Licensing Member, then we may transfer your personal data to any of our sister societies located outside of the EEA for the purposes of performing our copyright licensing activities, which you agreed to when signing the Copyright Licensing Membership Agreement (you can see details of our network of sister societies here: List of sister societies).  

Keeping your data secure

We will use technical and organisational measures to safeguard your personal data. All information you provide to us is stored securely and any access to your online user account is controlled by a password and user name that is unique to you.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Our website may include links to, or content embedded from third party web service providers.  Please note that we have no control over these third-party websites and therefore cannot accept responsibility for the protection and privacy of any information which you provide whilst visiting such third-party websites and such websites are not governed by this privacy policy. It is your responsibility to exercise caution and note the terms of privacy policies relevant to any such third-party websites.

Retention of your data

We will not retain your personal data for longer than is necessary in relation to the purposes for which the data was collected or otherwise processed. The criteria we use for determining the retention periods for your personal data will be any regulatory requirements, statutory retention periods or guidance provided by regulatory bodies such as HMRC or the Information Commissioners Office.  For example, the personal data that is collected from you to administer our Payback scheme will be deleted 6 years after the expiry of your Payback membership agreement, as this is generally the statutory limitation period for legal claims related to most contracts. 

What rights do you have?

Right to request a copy of your information

You can request a copy of your information which we hold (this is known as a subject access request).

Should you wish to access the personal data we may hold about you then you can request this from us in writing. Upon written request, we will provide you with a readable copy of the personal data which we keep about you. We will respond to you within the time frame specified within the applicable data protection law, which is generally within one month of receipt of the written request. We will provide the information without charge, but we may charge a reasonable fee for the administrative cost of providing the information where the request for information is excessive. To request a copy of your personal data we hold about you please inform us in writing, addressing your request to the Data Department using the contact details under the ‘How can you contact us?’ section below.      

Right to correct any mistakes in your information

You can require us to correct any mistakes in your personal data which we hold about you.
Should you require us to rectify any inaccuracies to the personal data we hold about you, please send a written request to the Data Department using the contact details under the ‘How can you contact us?’ section below. We will respond to you within the time frame specified within the applicable data protection law, which is generally within one month of receipt of the request. If we have disclosed your personal data to any third parties, we will also inform those third parties of any correction to your personal data where possible.

Right to ask us to stop contacting you with direct marketing

You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please email, call or write to us (see the ‘How can you contact us?’ section below). If you would prefer to be contacted by post over email, then please let us know.

In addition to the above, you will also have the following rights that are applicable to the way we use your data when the General Data Protection Regulation comes into force on 25 May 2018:

Right to erasure

 
You can require us to erase personal information we hold about you without undue delay in the following circumstances:
  • the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
  • you withdraw consent on which the processing is based and there is no other legal ground for the processing of the data;
  • you object to the processing and there is no overriding legitimate interest for us to continue the processing of the data;
  • your personal data was unlawfully processed; or
  • your personal data must be erased in order to comply with a legal obligation.

Right to restrict processing of your personal data

 
You have the right to restrict the processing of your personal data in the following circumstances:
  • you contest the accuracy of the personal data;
  • you have objected to our processing of your data, and we are considering your objection because we have said the processing is necessary for the purpose of our legitimate interests;
  • the processing is unlawful and you do not wish for the data to be erased but require restricted processing of the data instead; or
  • we no longer require your personal data but you require the data to establish, exercise or defend a legal claim.
 
When processing of your data has been restricted, we will be permitted to store your data but will not perform any other processing of it, unless you consent to further processing or processing is necessary for the establishment of a legal claim; for the protection of rights of another person; or for reasons of important public interest.

Right to object to processing of your personal data

 
  • You have the right to object to us processing your personal data where our legal basis for processing the data is:
  • for the purposes of our legitimate interests or for the performance of a task carried out in the public interest or any official authority held by us.  Should you object to our processing of your personal data on these legal bases, your objection must be based on grounds relating to your particular situation. If you make such an objection, we will stop processing the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the exercise or defence of legal claims.
  • direct marketing (including profiling). Should you object to our processing of your personal data for direct marketing purposes (including profiling), we will stop processing your personal data for this purpose.
  • for scientific or historical research purposes or statistical purposes, unless the processing is necessary for the performance of a task carried out for reasons of public interest.  Should you object to our processing of your personal data on this legal basis, your objection must be based on grounds relating to your particular situation.    

 
Right to withdraw consent

 
Where we have relied on your consent for the processing of your personal data, you have the right to withdraw that consent at any time. If you wish to withdraw you consent please, email, call or write to us using the contact details under ‘How to contact us’ below.

How to contact us

Please contact us if you have any questions about this privacy policy or the information we hold about you, including making requests to exercise any of your rights in relation to your personal data.
If you wish to contact us, please send an email to the Data Department at info@dacs.org.uk or write to us at DACS, 33 Old Bethnal Green Road, London, E2 6AA or call us on 020 7336 8811.

Complaints

We take your privacy very seriously and try to adhere to the highest standards when collecting and processing your data.  However, if you think there is a problem with the way we are processing your personal data, then we encourage you to contact us directly to see if your concerns can be addressed.  Please see our Code of Conduct for further details on our complaints process.
 
If you are not satisfied with the outcome of our internal complaints procedure, or if you consider that your complaint has not been handled correctly, you may lodge a complaint with the Information Commissioners Office.

Changes to the privacy policy

We may change this privacy policy from time to time. Any changes we make to this privacy policy will be posted on this page and, where appropriate, notified to you by post or email. Please check back frequently to see any updates or changes to this privacy policy.
 
Updated 12 January 2018