Privacy Policy


DACS (‘we’ or ‘us’) is registered with the Information Commissioner’s Office and is committed to protecting and respecting your privacy.

We take your privacy very seriously and we ask that you read this privacy policy (together with the DACS Terms and Conditions of Use) carefully as it contains important information on the personal information we will collect about you, what we do with your information, and who your information might be shared with.

Design and Artists Copyright Society (“DACS”) is a company incorporated in England and Wales under company number 1780482 and its registered office is at 33 Old Bethnal Green Road, London, E2 6AA. DACS is a 'data controller' for the purposes of the applicable data protection law in the UK, which means we are responsible for, and control the processing of, any personal information we collect from you.

Information we may collect about you

Personal information provided by you

The information you give us may include personal information like your name, address, email address, telephone number, date of birth and bank details. You may give us your information by filling in forms including those on our website (www.dacs.org.uk) or by corresponding with us in writing, by telephone, email or otherwise. This includes information you provide when you correspond with us, in particular regarding our Copyright Licensing service, Artist’s Resale Right, Payback, or any of our other activities and when you report a problem with the website. Further details on the information we may collect and the purpose for its processing are below.

Information we collect through our website (use of cookies)

Our website uses cookies. Cookies are text files placed on your computer to collect Standard Internet Log information and visitor information. These cookies allow us to distinguish you from other users of the website and allow us to collect information about your visit to our website.
For more information on which cookies we use and how we use them, see DACS' Cookies Policy.

Personal information provided by third parties

We may receive personal information about you from third parties, which may include parties who provide this information in fulfilment of a legal obligation, our members in relation to our Copyright Licensing activities or representatives you have authorised to act on your behalf; for example, when picture agencies submit Payback claims on your behalf or when one of our international sister societies utilises our products and services on your behalf (you can see details of our network of sister societies here: List of sister societies). Any information we receive about you from these third parties will only be processed for the purposes described under ‘How will we use the information about you?’ section below.

We may obtain information about you from publicly available records for the purpose of administering Artist’s Resale Right. We use this information to identify individuals for the distribution of resale royalties that are due to them. These sources include 192.com, BT.com, Ancestry.com, Companies House and the National Archives.

How will we use the information about you?

We may process the information we collect about you:

  • for the administration of the Artist’s Resale Right, our Copyright Licensing activities, and our Payback scheme. This includes contacting you to provide you with information you have requested about these activities and notifying you of any changes in respect of these. The information we may process for these purposes includes your name, address, email address, phone number, date of birth and bank details. As outlined above, this information may be collected from you in various ways including but not limited to membership agreements, licence agreements, Payback claim forms, correspondence you send to us, telephone calls you make to us or through any website contact forms. The basis for this processing is to perform the contract with you related to these activities and services or because you have asked us to take specific steps before entering into a contract in respect to these activities and services;

  • to identify you and administer any user accounts, which may include an online Payback account. The information we may process for this purpose includes your name, address, email address, phone number, date of birth and bank details, which may be collected form you when completing the respective account registration or application form. The basis for this processing is to perform the contract that is related to these accounts and the associated activities and services;

  • to respond to any communications that you send to us. This information may be collected from any correspondence you send to us, telephone calls you make to us, or through any website contact forms. This information includes your name, address, email address and phone number, date of birth and bank details and may be processed by us for the purposes of responding to you and keeping record of those communications. This processing is necessary for the administration of our business and the provision of our services, which is necessary for the legitimate interests of our business;

  • to provide you with information about other products and services we offer that are similar to those that you have previously utilised or enquired about. The information we may process for this purpose includes your name, address and email address. This processing is necessary for marketing and promotion of our products and services, which is for the legitimate interests of our business. Please see ‘Marketing’ section below;

  • to administer our website, carry out data analysis, allow you to participate in interactive features of the website, ensure content is presented in the most effective manner for you and your computer and monitoring website usage. The information we may process for these purposes may include the Internet Protocol (IP) used to connect your computer to the Internet, your user account login information, browser type and version, time-zone setting, browser plug-in types and versions, operating system and platform and information about your visit to our website. This information is collected through the cookies used on our website (please see DACS' Cookies Policy for more information). This processing is necessary for the development and improvement of our website, products and services, which is necessary for the legitimate interests of our business. You can prevent this processing at any time by modifying the settings of your web browser to reject the cookies we use or disable cookies completely. You can find more information about controlling cookies at aboutcookies.org;

  • in connection with our recruitment process. This information may include the information you have provided in your application form, CV or covering letter. This information may include sensitive information, including your race, ethnic origin or health. Please see the section ‘Sensitive Personal Information (Special Category Data)’ below;

  • to comply with any legal obligation or to enforce or apply DACS Terms and Conditions of Use, or any other agreements; or to protect the rights, property, or safety of DACS, its customers, or other third parties. The information we may process for this purpose may be any personal information that is referred to in this privacy policy. This processing is necessary for the protection and enforcement of our rights and the rights of third parties and the proper administration of our business, which is necessary for the legitimate interests of our business and to comply with our legal obligations; and

  • to detect and prevent fraud. The information we may process for these purposes includes your name, address, email address, telephone number, date of birth and bank details. This information may be collected from you through membership agreements, licence agreements, Payback claim forms, correspondence you send to us, telephone calls you make to us or through any website contact forms. This processing is necessary for our legitimate interests by ensuring the proper management of our business and financial risks.

Sensitive Personal Information (Special Category Data)

Sensitive or ‘special category’ data is information regarding your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data, health, sex life or sexual orientation.  As a general rule, we will not ask you for this information except where:

  • it is necessary for the performance of a membership contract (for example we require to see a power of attorney for a member);

  • it is required as part of our recruitment process for the purpose of meaningful equal opportunities monitoring; or

  • it is required to ensure we can provide appropriate facilities for you, for example in relation to a disability or health condition.

We will only process sensitive or ‘special category’ data strictly for the purpose you have supplied it. If we require sensitive or ‘special category’ data for any other reason, we will always ask for your explicit consent.

Marketing

We will only send you information by email about products or services we feel may interest you. If you have previously requested information from us or utilised our products or services, we will only contact you by email with information about products and services similar to those you have previously utilised or enquired about.
You can ask us to stop sending you marketing messages at any time. If you would like to do this, please email, call or write to us (see the ‘How can you contact us?’ section below). If you would prefer to be contacted by post over email, then please let us know.

Who your information might be shared with

As far as is reasonably necessary, we may disclose your personal data to:

  • other companies within our group, which means our subsidiaries as defined in section 1159 of the Companies Act 2006, ultimate holding company and its subsidiaries, for the purposes described under ‘How will we use the information about you?’ section above;

  • our suppliers, agents and sub-contractors for the purposes described under ‘How will we use the information about you?’ section above. These parties may be engaged for the fulfilment of contracts we have with you and the provision of support services to us;

  • our business partners, including our sister societies (list of sister societies) and other closely related organisations, such as Art 360 Foundation (www.art360foundation.org.uk), where it is necessary for the performance of a contract with you or because you have asked us to take specific steps before entering into a contract with you;

  • law enforcement agencies, regulatory bodies, auditors and professional advisers to comply with any legal obligation; or for the purposes of fraud prevention; or in order to enforce any agreements; or protect the rights, property, or safety of DACS, its customers, or others; or obtain any related professional advice.

Transfers of your information out of the EEA

We may need to transfer your personal data to countries that are located outside the European Economic Area (“EEA”) for the purposes of processing by parties that work for DACS or one of its suppliers. By way of example, this may happen if any of the computer services used to host our website are located in a country outside of the EEA.

We may transfer your data to the USA to organisations such as Mailchimp for content delivery services; Microsoft Corporation and Salesforce for customer relationship management services; Twitter, Facebook, Google and SurveyMonkey for communication and marketing services in accordance with your preferences (see the ‘Marketing’ section above for more information).

We may transfer your data to any of our sister societies located outside of the EEA where it is necessary for the performance of a contract with you related to our activities and services or because you have asked us to take specific steps before entering into a contract in respect of these activities and services (you can see details of our network of sister societies here: List of sister societies).  

We will take all steps reasonably necessary to ensure your personal data is treated securely and in accordance with this privacy policy, these steps may include entering into processing agreements with these parties or ensuring the parties receiving your data are certified under an approved certification mechanism such as the Privacy Shield framework (details of which can found at www.privacyshield.gov).

Please contact us if you want any further information on transfers of your personal data out of the EEA.

Keeping your data secure

We will use technical and organisational measures to safeguard your personal data. All information you provide to us is stored securely and any access to your online user account is controlled by a password and user name that is unique to you.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Our website may include links to, or content embedded from third party web service providers.  Please note that we have no control over these third-party websites and therefore cannot accept responsibility for the protection and privacy of any information which you provide whilst visiting such third-party websites and such websites are not governed by this privacy policy. It is your responsibility to exercise caution and note the terms of privacy policies relevant to any such third-party websites.

Retention of your data

We will not retain your personal data for longer than is necessary in relation to the purposes for which the data was collected or otherwise processed. The criteria we use for determining the retention periods for your personal data will be any regulatory requirements, statutory retention periods or guidance provided by regulatory bodies such as HMRC or the Information Commissioners Office.  For example, the personal data that is collected from you to administer our Payback scheme will be deleted 6 years after the expiry of your Payback membership agreement, as this is generally the statutory limitation period for legal claims related to most contracts. 

What rights do you have?

Right to request a copy of your information

You can request a copy of your information which we hold (this is known as a subject access request).

Should you wish to access the personal data we may hold about you then you can request this from us in writing. Upon written request, we will provide you with a readable copy of the personal data which we keep about you. We will respond to you within the time frame specified within the applicable data protection law, which is generally within one month of receipt of the written request. We will provide the information without charge, but we may charge a reasonable fee for the administrative cost of providing the information where the request for information is unfounded, repetitive or excessive. To request a copy of your personal data we hold about you please inform us in writing, addressing your request to the Data Department using the contact details under the ‘How can you contact us?’ section below.      

Right to correct any mistakes in your information

You can require us to correct any mistakes in your personal data which we hold about you.

Should you require us to rectify any inaccuracies to the personal data we hold about you, please send a written request to the Data Department using the contact details under the ‘How can you contact us?’ section below. We will respond to you within the time frame specified within the applicable data protection law, which is generally within one month of receipt of the request. If we have disclosed your personal data to any third parties, we will also inform those third parties of any correction to your personal data where possible.

Right to ask us to stop contacting you with direct marketing

You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please email, call or write to us (see the ‘How can you contact us?’ section below). If you would prefer to be contacted by post over email, then please let us know.  

Right to erasure

 
You can require us to erase personal information we hold about you without undue delay in the following circumstances:

  • the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;

  • you withdraw consent on which the processing is based and there is no other legal ground for the processing of the data;

  • you object to the processing and there is no overriding legitimate interest for us to continue the processing of the data;

  • your personal data was unlawfully processed; or

  • your personal data must be erased in order to comply with a legal obligation.

 
We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
 

Right to restrict processing of your personal data

You have the right to restrict the processing of your personal data in the following circumstances:

  • you contest the accuracy of the personal data;

  • you have objected to our processing of your data, and we are considering your objection because we have said the processing is necessary for the purpose of our legitimate interests;

  • the processing is unlawful and you do not wish for the data to be erased but require restricted processing of the data instead; or

  • we no longer require your personal data but you require the data to establish, exercise or defend a legal claim.

 
When processing of your data has been restricted, we will be permitted to store your data but will not perform any other processing of it, unless you consent to further processing or processing is necessary for the establishment of a legal claim; for the protection of rights of another person; or for reasons of important public interest.
 

Right to object to processing of your personal data

You have the right to object to us processing your personal data where our legal basis for processing the data is:

  • for the purposes of our legitimate interests or for the performance of a task carried out in the public interest or any official authority held by us.  Should you object to our processing of your personal data on these legal bases, your objection must be based on grounds relating to your particular situation. If you make such an objection, we will stop processing the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the exercise or defence of legal claims;

  • direct marketing (including profiling). Should you object to our processing of your personal data for direct marketing purposes (including profiling), we will stop processing your personal data for this purpose; and

  • for scientific or historical research purposes or statistical purposes, unless the processing is necessary for the performance of a task carried out for reasons of public interest.  Should you object to our processing of your personal data on this legal basis, your objection must be based on grounds relating to your particular situation.    

Right to withdraw consent

Where we have relied on your consent for the processing of your personal data, you have the right to withdraw that consent at any time. If you wish to withdraw you consent please, email, call or write to us using the contact details under ‘How to contact us’ below.

How to contact us

Please contact us if you have any questions about this privacy policy or the information we hold about you, including making requests to exercise any of your rights in relation to your personal data.

If you wish to contact us, please send an email to the Data Department at info@dacs.org.uk or write to us at DACS, 33 Old Bethnal Green Road, London, E2 6AA or call us on 020 7336 8811.

Complaints

We take your privacy very seriously and try to adhere to the highest standards when collecting and processing your data.  However, if you think there is a problem with the way we are processing your personal data, then we encourage you to contact us directly to see if your concerns can be addressed.  Please see our Code of Conduct for further details on our complaints process.
 
If you are not satisfied with the outcome of our internal complaints procedure, or if you consider that your complaint has not been handled correctly, you may lodge a complaint with the Information Commissioner's Office. You can contact the Information Commissioner's Office helpline on 0303 123 1133 or by email to casework@ico.org.uk.

Changes to the privacy policy

We may change this privacy policy from time to time. Any changes we make to this privacy policy will be posted on this page and, where appropriate, notified to you by post or email. Please check back frequently to see any updates or changes to this privacy policy.
 
Updated 24 May 2018