Privacy policy

The Big Draw Privacy and Data Retention Policy

The Campaign for Drawing trading as The Big Draw (the “charity’”, “we”, “us”) is committed to protecting the privacy and security of personal information. This privacy notice describes how we collect and use personal information that you share, in accordance with General Data Protection Regulation (GDPR). 

1.  General Introduction: 

This document aims to be written in clear and plain language so as to be easily understood. It is to demonstrate that we comply with GDPR and outline to our users, stakeholders and customers how seriously we take this and the steps we take to ensure data is only collected when there is consent and that data when stored is protected and used only as specified.

With any new contracts with partners, we build in mandatory clauses where needed to ensure they also comply, eg. Web developers who through the nature of their work with us have sight of our data from time to time.

2.  When do we collect personal information about you? : 

  • When you give it to us directly. For example, personal information that you submit through our website by making a booking to use our facilities; or signing up for our email newsletter; or personal information that you give to us when you communicate with us by email, phone or letter. 
  • When it is available publicly. Your personal information may be available to us from external publicly available sources. For example, depending on your privacy settings for social media services, we may access information from those accounts or services (for example when you choose to interact with us via Facebook, Instagram, Twitter and Google).

3.  What type of Data and personal information do we hold and use:

The maximum amount of data we may collect, store and otherwise process consists of the following kinds of personal information:

  • Your first name and surname
  • Postal address, telephone number(s) and email address
  • Your purchasing history – if you have agreed and signed up to our Shop newsletter – we do NOT collect and store any bank or credit card details
  • Public social media handles
  • We use Google Analytics to see which pages you have visited on our websites and
  • When we are conducting an evaluation or monitoring of one or more of our projects or activities, we will not share any personal details unless you directly give us permission to do so under certain conditions e.g. A quote, endorsement, image, video, blog or other content.

4.  Why do we need to use this data and personal information?

Your personal information, however provided to us, will be used for the purposes specified in this Notice. In particular, we may use your personal information: 

  • to allow you to RSVP and book to attend one of our events 
  • to provide you with services, products or information and the best possible customer care 
  • to provide further information about our work, services or activities but only where you have provided your consent to receive such information
  • to answer your questions/ requests and communicate with you in general 
  • to fulfil the needs of a contract to which you are a party and because such processing is necessary for the successful performance of the contract to which you/your organisation has entered an agreement with 
  • to contact you with important information relating to your booking or purchase, such as confirming the arrival of your order, reminding you of an upcoming event you have booked or letting you know about circumstances that may affect your booking 
  • to allow you to apply for a job or volunteer role with us 
  • to manage relationships with our partners 
  • to audit and/ or administer our accounts 
  • giving and receive information and references about past, current and prospective people, and to provide references to potential employers of past people we have worked with 
  • where otherwise reasonably necessary for the company’s purposes, including to obtain appropriate professional advice for the charity 
  • to update you on ways of supporting us and our charitable aims 

5.  How will we receive Your Data? 

We receive your data when you decide to interact with us. We collect information in a number of ways – where you: 

  • Sign up to take part in The Big Draw Festival and consent to us using your data for direct marketing in relation to your account with us. This includes visual and media content where you have given consent for us to use these assets for the purposes of you submitting and taking part in the Festival and also for us to share this content publicly – unless you explicitly request otherwise and it is clear the content is sensitive e.g. Prisons who submit images, Schools depicting easily identifiable children. 
  • Enter The John Ruskin Prize and consent to us using your data for direct marketing for linked opportunities and information as well as the necessary day to day contact to administer and process your submission. This includes visual and media content where you have given consent for us to use these assets for the purposes of you submitting and taking part in the Festival and also for us to share this content publicly – unless you explicitly request otherwise and it is clear the content is sensitive e.g. Prisons who submit images, Schools depicting easily identifiable children. 
  • Purchase an item from our on-line shop and consent to us using this data for direct marketing. 
  • Sign-up for an event run by us where we need to provide logistical data and information to enable you to attend. With your permission we may use this data to directly market to you for future event opportunities 
  • Sign-up for one of our various segmented e-newsletters online via and/or 
  • Request a sign-up to the emailing list or directly to a member of staff’s email address. 
  • Speak word of mouth to a member of staff who adds you directly to the database then and there. 
  • Contact us through Social Media: depending on your settings or the privacy policies for social media platforms on Facebook, Instagram and Twitter, you may give us permission to access information posted on those platforms, or interact with those accounts, but we will not store information displayed there away from the platform unless you ask us to. 
  • Hand write your name and email address - for example at an event with a paper ‘sign up to the mailing list’ where you give consent or in a visitors/guests/feedback book we may have from time to time at events where you give consent for us to manually sign you up or share a quote or endorsement. 
  • Visit any ‘drop in’ events or advice surgeries we may run – we may sign you up for mailers with your consent on-site on our own hand held devices to assist you with this process. 
  • Pay us online. We use Paypal to process many payments e.g. For those wishing up sign-up to the festival

6.  How will we keep and store Your Data? 

The company keep information about you on our computer systems. Our website developers NTD Ltd provide Secure Sockets Layer (SSL) encryption and so maintain an encrypted link between our website and browser and mail server and mail client. This helps protect the security of your information (i.e. against it being accidentally lost, used or accessed in an unauthorized way). View NTD Privacy Policy.

We will keep your data securely and treat it with respect. We do not share, sell or rent your personal information to third parties for marketing purposes. The company is committed to keeping your personal information safe and secure and we have appropriate policies and organisational and technical measures in place to help protect your information.

Your personal information is only accessible by appropriate staff and stored on secure servers.

We don’t share your data with third parties and we never sell it on.

We import your email address and your name into Mailchimp in order to send you e-newsletters, once you have given consent that you are happy to receive these emails. You can unsubscribe from Mailchimp and have your data removed from our database at any point. 

7.  How long do we keep your data?

We will keep your information only for as long as is reasonably necessary for the purposes set out in this privacy notice and to fulfil our legal obligations. We will not keep more information than we need or for longer than we need. We will completely remove your data from our database at any time if you request it.

8.  Lawful bases

The GDPR requires us to rely on one or more lawful bases to use your personal information. We consider the grounds listed below to be relevant: 

  • Where you have provided your consent for us to use your personal information in a certain way (for example, we may ask for your consent to use your personal information to send you email newsletters, or to collect special categories of your personal information for monitoring purposes. 
  • Where there is a legitimate interest in us doing so. The GDPR allows us to collect and process your personal information if it is reasonably necessary to achieve our legitimate interests as long as that processing is fair, balanced and does not unduly impact your rights as an individual. 

In broad terms, our “legitimate interests” means the interests of running the charity in accordance with statutory guidelines, best practice and ensuring the best possible service and offer in relation to our services and activities. 

When we process your personal information to achieve such legitimate interests, we consider and balance any potential impact on you (both positive and negative), and on your rights under data protection laws. We will not use your personal information for activities where our interests are overridden by the impact on you, for example where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law). 

9.  Communications for marketing/promotional purposes 

  • We may use your contact details to provide you with information about our work, events, services and/or activities which we consider may be of interest to you (for example, about services you previously used, or events and facilities). 
  • Where we do this via email or telephone we will not do so without your prior consent. 
  • You can opt out of receiving emails from the company at any time by clicking the “unsubscribe” link at the bottom of our emails. 
  • To keep you informed (where we have a Legitimate Interest in processing your data to promote our business and improve our services to you which outweighs your interest in your data not being processed by us): 
  • Learn about your interests and preferences so that we can contact you with information that is relevant to you. 
  • Target our marketing communications and adverts so that they are more relevant to you. 
  • Use your pseudonymised details to show you events, exhibitions, artwork and The Big Draw related news on such Social Media platforms as Facebook, Instagram and Twitter. 
  • Measure and understand how our audiences respond to a variety of marketing activity so we can ensure such activity is well targeted, relevant and effective. 
  • To keep our database accurate and relevant.

10.  Exercising your Rights:

You should find it easy to amend the personal information that we hold on you, or request that we stop contacting you. It is your data and we want to make sure you feel in control of it. Every email we send to you will include details on how to change your communications preferences or how to unsubscribe from future communications. The unsubscribe link will always be found at the very bottom of the email in the smaller print. You can also contact us by phone, email, or by writing to us using the contact details below.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the Execuutive Director of the Big Draw, Jane Barnes. Please send a description of the information you would like to see, together with proof of your identity to

We will delete the proof of identity from this email address after we have dealt with your request and it will not be kept on file. We will respond to your request within 30 days.

To reiterate, you have the right to withdraw your consent regarding any of your data we hold on you and to have information held by us about you corrected. If you have any concerns about the accuracy of your personal data, please let us know using the contact details below. You have the right to access the data we hold on you. We will respond to requests to exercise these rights within a month of receiving your request. Should we not honour these rights, you have the right to lodge a complaint with the supervisory authority, The Information Commissioner’s Office:

For all of the above, please contact us here:

The Big Draw HQ

Studio 36, Riverside Building

Trinity Buoy Wharf,

64 Orchard Place,


E14 0JW

Reporting a Breach of Your Data to the Information Commissioner’s Office [ICO]:

In the extremely unlikely event that we accidently send your personal contact details to the wrong recipient, and if this breach of your data is deemed to be a severe risk to your rights and freedoms as a data subject, you will be informed and your case will be reported to the ICO, who have measures in place to take the case further. Please be reassured that given the limited amount of data we hold on you, that an incident of this severity is very unlikely to occur, but we have measures in place as part of our compliance with GDPR.

11. Updates or Changes to the Privacy Policy and Further Information:

This notice was last updated in May 2018. It may be updated again to take into account changes needed to reflect changes to regulation or legislation

12.  Contact 

If you would like to discuss anything within this privacy notice or have a concern about the way we are collecting or using your personal data, we request that you raise your concern with The Big Draw Executive Director in the first instance: 

Executive Director: Jane Barnes

Data Controller Email: