We are committed to protecting your personal information and being transparent about what information we hold about you.
Real Ideas Organisation CIC and its subsidiary companies offer a range of services, transactions and communications which requires the processing of your personal data.
Using personal information allows us to provide you with relevant and timely information about the work that we do and to develop a better understanding of our audiences. As a Membership organisation, it’s also helps us to engage with potential members and supporters.
The purpose of this Notice is to give you a clear explanation about how Real Ideas collects and processes your information.
We use your information in accordance with all applicable laws concerning the protection of personal information. This Notice explains:
What information we may collect about you
How and why, we may use that information
In what situations we may disclose your details to third parties
Information about how we keep your personal information secure, how long we maintain it and your rights to be able to access it
If you have any queries about this policy, please contact the Data Protection Officer at Real Ideas, Devonport Guildhall, Ker Street, Plymouth. Pl1 4EL or email: email@example.com.
We are passionate about finding solutions to social problems, creating, and supporting real and lasting change for individuals, communities, and organisations. We are innovators, change makers and risk takers.
We believe that by providing our people with autonomy, space to grow and develop, and the freedom to create and innovate, we will deliver the best working environment for our team, who will in turn deliver the most engaging and effective work for the people and organisations we support.
‘Real Ideas’ group of companies consists of:
Real Ideas Organisation CIC, a community interest company registered in England & Wales with no. 06076462. Registered address is Sea House, Brenton Road, Downderry, Cornwall PL11 3JA.
Real Ideas Trading Ltd, a Private Ltd Company; Company number 08970094. Registered address is Devonport Guildhall, Ker Street, Plymouth, United Kingdom, PL1 4EL
Real Ideas Assets CIC, a community interest company registered in England and Wale with no 08970069. Registered address is Devonport Guildhall, Ker Street, Plymouth, United Kingdom, PL1 4EL
For simplicity throughout this notice, ‘we’ and ‘us’ means Real Ideas, it’s companies and brands.
The law on data protection sets out a number of different reasons (lawful basis) which a company may collect and process personal data. We only need to identify one of these bases which include:
In specific situations, we can collect and process your data with your consent. For example, when you tick a box to join our mailing list or media consent.
When collecting your personal data, we’ll always make clear to you, which data is necessary in connection with a particular service.
When delivering work on behalf of public bodies such as the Department of Work and Pensions, the European Union, or the Big Lottery Fund, we may collect data to perform a specific task in the public interest set out in law.
In certain circumstances, we need your personal data to comply with our contractual obligations. For example, when providing support to you via a publicly funded programme, we’ll collect details including your location, age and employment status and share them with our funder.
If the law requires us to, we may need to collect and process your data. For example, we can pass on details of people involved in fraud or other criminal activity affecting Real Ideas to law enforcement. We may also rely on this basis for processing your data where we need to comply with our obligations in relation to safeguarding concerns or child protection issues.
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business or acting in your best interests (e.g., safeguarding or child protection issues) and which does not materially impact your rights, freedom, or interests. For example, we may use your purchase history with us to send you details of special, personalised offers.
We may also combine the demographics of many of our customers, service users and beneficiaries to identify trends and ensure we can keep up with demand or develop new products/services.
We may also use your home or business address details to send you direct marketing information by post, mailing you about products and services that we think might interest you.
Where we rely on legitimate interests as the lawful basis for processing your data, we will first complete a Legitimate Interests Assessment.
Generally, we collect your information when you decide to interact with us. This could include booking tickets online, over the phone or in person or it could be when you sign up to a programme of support or to receive emails from us. We also look at how our members and people use our website, so that we can offer the best possible experience whether you’re booking tickets or just trying to find out more about what we do and what’s on.
We collect information when you:
When you visit any of our websites
When you become a member
When you sign up to any of our programmes
When you volunteer with us
When you apply for a job with us or speculatively send us your CV
If you join our team as a Non-Executive Director or member of staff
When you purchase a product or service
When you engage with us on social media
When you contact us by any means with queries, complaints etc
When you enter prize draws or competitions
When you book any kind of appointment with us or book to attend an event, for example a co-working space, a business support webinar or workshop at Ocean Studios
When you choose to complete any surveys, we send you
When you fill in any forms. For example, if an accident happens in one of our buildings or during one of our activities, we may collect your personal data or if you submit a Complaint, we will need to follow this up with you.
When you’ve given a third-party permission to share with us the information, they hold about you
When you use our buildings, which have CCTV systems operated for the security of both customers, clients, staff, and tenants. When in operation these systems may record your image during your visit
When you meet to discuss potential support, you may give.
When you subscribe to any of our mailing lists.
When you use the interactive membership sections of our Sites.
The personal data we collect about you varies depending on the service you request from us.
If you sign up to one of our programmes we may collect:
date of birth,
email and telephone number.
emergency contact details
Copies of documents you provide to prove your age or identity where the law or programme funder requires this (including your passport and driver’s license and National Insurance number).
This could include details of your full name, address, date of birth and facial image. If you provide a passport, the data will also include your place of birth, gender, and nationality.
We also keep details of support provided by our staff in their interactions with you which may include:
notes from conversations and copies of emails as well as how and when we contact you, and how and when you contact us.
These records may form the basis of “Safeguarding Reports (Cause for Concern)” if we need to complete these to comply with our legal obligation to safeguard you or to act in accordance with relevant child protection procedures.
If you become a member, across all levels:
postal address and
Other data include:
business name where applicable.
If we identify that we could provide additional support as part of our coaching / business support / mentoring via an eligibility search – this would be in extension to the membership benefits we will notify you and, in this instance, may request some more detailed information as specified by our funders.
Across our campus of buildings, we will use minimum credentials to onboard you to our door access systems – more details of this and our ability to revoke access can be found in the membership Terms and Conditions.
On cancellation of a paid-for membership you will automatically be downgraded to our Free membership level ‘Join Us’ however you still have the Right to be Forgotten as part of our general privacy GDPR policy. (see also the section on What Are Your Rights over Your Personal Data)
Job applications and speculative CVs are processed in accordance with Real Ideas’s safer recruitment procedures and Resourcing Policy. This includes processing:
personal contact details,
employment and education history,
skills and referees.
Information provided regarding any relevant spent convictions in accordance with the Rehabilitation of Offenders Act 1974 is processed in the strictest confidence and will only be considered in relation to the job applied for.
Special category data is also collected anonymously using Real Ideas Inclusion form
If you enquire about, or book to use one of our venues or participate in one of our courses or workshops we may collect:
Contact phone numbers
Age / date of birth
Payment card details. (Please note, we will not hold payment information for any longer than it takes to process your transaction. All debit and credit card information are processed securely, and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS))
Names of other attendees
Details of any complaints you raise in person, online or by telephone.
Details of your visits to our websites or apps, and which site you came from to ours.
Information gathered by cookies in your web browser.
Your image may be recorded on CCTV when you visit a venue run by us.
Your social media username, if you interact with us through those channels, to help us respond to your comments, questions, or feedback.
To deliver the best possible web experience, we may also collect technical information about:
your internet connection,
device type and browser
as well as the country and area where your computer is located,
the web pages viewed during your visit on our site and any search terms you entered.
When you make a café table booking, or complete a comment card we may collect:
Contact phone number
Information obtained through cookies*, when you use our website, or engage with our emails:
Web browser type and version
Type of device
Web address you arrived at our site from
Length of visit
We want to give you the best possible customer experience. One way to achieve that is to get the richest picture we can of who you are by combining the data we have about you.
We then use this to send you information on the programmes we run which may be of interest to you and also offer you promotions, products, and services.
The data privacy law allows this as part of our legitimate interest in understanding our customers and providing the highest levels of service.
Of course, if you wish to change how we use your data, you’ll find details in the ‘What are my rights?’ section below.
Remember, if you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you’ve asked or applied for.
For example, if you’ve asked us to let you know when we are advertising new jobs, partnering or supply opportunities, we can’t do that if you’ve withdrawn the right consent to hear from us.
We use information in a number of ways, the main ways being:
because it is necessary to administer the services you have requested from us and to fulfil our obligations to you in providing these services; or
to inform you by email or other means of similar events or services run by us which we think may interest you; or
Specifically, we use your information in the following ways:
To carry out our business and to provide a service or carry out a contract with you:
To fulfil ticketing and/or donation requests (including confirmation of your booking or donation by email and/or letter)
Process payments (Please note we do not store any Credit Card or other payment information once the transaction has been completed).
Provide the best possible customer services and to help us with our internal administration.
Contact you with important information relating to your booking, such as confirming your order, reminding you of an upcoming event you’ve booked for or letting you know about updates to event details.
Where we have your consent:
Send you updates via email about what’s on, news or about supporting us.
Email you about a specific area you’ve requested to hear more about such as our accessible programme or other projects.
Where we have justifiable reason (including legal obligation and legitimate interest):
To process requests for support through one of our programmes. If we don’t collect your personal data, we can’t prove you are eligible for free funded support and comply with our contractual obligations with the programme.
We process CVs and job applications in accordance with Real Ideas’ Safer Recruitment procedures (Safeguarding Children & Vulnerable Adults Policy) and Resourcing Policy.
To respond to your queries, requests, and complaints. We may also keep a record of these to inform any future communication with us and to demonstrate how we communicated with you throughout. We do this on the basis of our contractual obligations to you, our legal obligations, and our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience.
To protect our customers, premises, assets, and Partners from crime, we operate CCTV systems in some of our buildings which record images for security. We do this on the basis of our legitimate business interests.
To process payments and to prevent fraudulent transactions. We do this on the basis of our legitimate business interests. This also helps to protect our customers from fraud.
If we discover any criminal activity or alleged criminal activity through our use of CCTV, fraud monitoring and suspicious transaction monitoring, we will process this data for the purposes of preventing or detecting unlawful acts. Our aim is to protect the individuals we interact with from criminal activities.
With your consent, we will use your personal data, preferences, and details of your transactions with us to keep you informed by email, web, text and telephone about relevant products and services including tailored special offers, discounts, promotions, events, competitions and so on. You are free to opt out of hearing from us by any of these channels at any time.
To send you relevant, personalised communications by post in relation to updates, offers, services and products. We’ll do this on the basis of our legitimate business interest. You are free to opt out of hearing from us by post at any time.
To send you communications required by law or which are necessary to inform you about our changes to the services we provide you. For example, updates to this Privacy Notice or legally required information relating to the services we provide you. These communications will never contain marketing information.
To administer any of our prize draws or competitions which you enter, based on your consent given at the time of entering.
To develop, test and improve the systems, services, and products we provide to you. We’ll do this on the basis of our legitimate business interests.
To comply with our contractual or legal obligations to share data with law enforcement or other statutory or relevant authorities. For example, when a court order is submitted to share data with law enforcement agencies or a court of law, or where we are required to hold or share data to comply with our safeguarding obligations and child protection procedures, including in relation to the preparation and sharing of Safeguarding Reports (Cause for Concern).
To send you survey and feedback requests to help improve our services. These messages will not include any promotional content and do not require prior consent when sent by email or text message. We have a legitimate interest to do so as this helps make our products or services more relevant to you.
Analyse your booking history in order to learn about your interests and preferences to help us target our marketing communications so that they’re more relevant to you.
Send you occasional mail informing you of important news and Membership updates
For classifying our audience into groups or segments, using booking and publicly available information. These segments help us to understand our audience better and ensure we’re sending relevant messages to each group.
Measure and understand how our audiences respond to a variety of marketing activity so we can ensure our activity is well targeted, relevant, and effective.
To contact you to ask you to participate in audience research. You are under no obligation to participate in research and, should you provide any further information, Real Ideas will inform you how any further information will be used. All information gathered for research purposes is anonymised and aggregated for analysis.
Analyse and continually improve the services we offer including our programme, our website, and our ticketing service.
To keep our database accurate and relevant, for example, using National Change of Address.
To inform you of any changes related to your booking
The use of CCTV recording equipment in and around our premises for monitoring and security purposes.
Undertake due diligence to detect and reduce fraud and credit risk.
To analyse the way in which our website is used and the content and links that you interact with, in order to improve our website services
To store saved online ticketing orders as you navigate around the website
To analyse the way in which our emails to you are received by you, and the content and links that you interact with, in order to improve our communications with you.
To help diagnose and manage the website, to audit the geographical make-up of users, and to establish how you have arrived at the website (this is through your public IP address which is a unique number which allows a computer, group of computers or another internet connected device to browse the internet. The log file records the time and date of your visit, the pages that were requested, the referring website (if provided) and your internet browser version)
Combining your data for combined marketing
We want to share offers and information with you that is most relevant to your interests at particular times. To help us form a better, overall understanding of you as a customer, we might combine your personal data gathered across Real Ideas as described above, for example your relationship and purchase history at Real Ideas, Devonport Guildhall, Ocean Studios and Column Bakehouse, as well as the campaigns you engage in and which events of ours you attend.
For a small number of our audience, where we want to better understand people’s engagement with Real Ideas and their potential interest in supporting us further:
Before contacting a small number of individuals, we may seek additional information including Real Ideas booking and connections, business network information and publicly available information relating to residential location, wealth, and assets, family*, career, donations to other organisations (including political parties where they are made public by the individual) and hobbies and interests to create a profile of their interests and preferences. This helps us understand the background of the people who may choose to become members. We may also use publicly sourced images to help identify individuals who attend our special events.
* This does not include information about children unless given personally by the individual concerned.
We use a number of different sources to aid us in our activities, including newspaper websites and archives, housing and job market websites and the electoral roll as well as official websites of companies, charities, and other arts organisations. In addition to general use of the internet we also make use of company, director, and shareholder information from publicly available information providers.
In most circumstances Real Ideas is the Data Controller and Data Processor. There are certain circumstances though when Real Ideas will also act as a joint Data Controller, or as Data Processor for a different Data Controller, for example with a funder when delivering a programme of support to beneficiaries. When this is the case, we will make it clear to you who is the Data Controller and Data Processor when we ask for your data.
We collect personal information through a number of different ways when you choose to interact with us, all of which are subject to strict data security processes to ensure your personal information is kept safe at all times.
In addition, we use the following data processors to enable us to collect, process and securely store the data we obtain.
We use Ticketsolve to process all ticket bookings and purchases.
We use HubSpot to manage our Membership data base and membership email communications
We use Lamplight to manage young people’s data
We use Xero to process all payments including Direct Debits
Any data processed on behalf of Real Ideas is processed only to the extent required by them to perform the services that Real Ideas requests. Any use for other purposes is strictly prohibited within a data sharing agreement between us and the provider. Furthermore, any data that is processed by third parties must be processed within the terms of this policy and in accordance with the United Kingdom Data Protection Act 2018 and General Data Protection Regulation 2018.
We know how much data security matters to all our Members, staff, and customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.
We store and process your personal data securely using suitable physical, electronic, and operational procedures to safeguard and secure all personal information. We will ensure that any third parties we use for processing your personal data do the same. We limit internal access to your personal data to only those who require it and provide all our staff with Data Protection and Information Security training. We ensure that high standards of security and protection are met by abiding by our Data Protection Policies and Procedures
Access to your personal data is password-protected, we regularly monitor our system for possible vulnerabilities and attacks, and we carry out appropriate testing to identify ways to further strengthen security.
Real Ideas may transfer your data to USA based organisations depending on the nature of your engagement with us). The USA has weaker data protection laws than that of the EEA and we will ensure that we only use organisations who are a part of the EU privacy shield initiative to handle your personal information, therefore ensuring your data rights are maintained. More details on this certification can be found at www.privacyshield.gov/welcome
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.
At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
We keep your personal information:
For as long as we need to for the purposes for which it was collected or,
(if longer) for any period for which we are required to keep personal information to comply with our legal and regulatory requirements or,
until you ask us to delete your personal data, in accordance with your rights below.
We will not keep more information than we need. The retention period will vary according to the purpose:
Some examples of data retention periods:
Support via Real Ideas programmes
When you receive support from us from a funded programme, we will keep the personal data you give us in accordance with the rules of the funder, for EU funded programmes this could be up to 10 years so we can comply with Public Interest and our legal and contractual obligations.
Unsuccessful applicant details will be kept on file for 6 months, in accordance with statutory regulations, unless applicants specifically request that this should not be the case.
Bookings at our venues
When you book to hire one of our venues or participate in an event or workshop with us, we will hold your data for up to 5 years from the date of the transaction. We do this on the basis of our legitimate business interests.
Buying products or services from us
When you pay us for a product or service – whether that is a Members or a cup of coffee – we will keep records of our financial transaction with you for 7 years. We do this on the basis of our legal and contractual obligations.
For further information about how long we will keep your information, please contact the Data Controller using the contact details outlined in this policy.
We will assess the personal data that we hold on a regular basis to determine its relevance and destroy your personal data if we no longer require it or no longer provide any services to you.
If you ask us to stop sending direct marketing communications to you, we will keep the minimum amount of information (e.g., name, address, or email address) to ensure we adhere with such requests.
We sometimes share your personal data with trusted third parties. For example, copywriters who may contact you to write an article about your development journey, funders, or a partner organisation we think could help and support you.
Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:
We provide only the information they need to perform their specific services.
They may only use your data for the exact purposes we specify in our contract with them.
We work closely with them to ensure that your privacy is respected and protected at all times.
If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
Examples of the kind of third parties we work with are:
Direct marketing companies who help us manage our electronic communications with you.
Google/Facebook to show you information that might interest you while you’re browsing the internet. This is based on either your marketing consent or your acceptance of cookies on our websites.
Copywriters and journalists who create case studies and marketing content for us.
For fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies.
We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in the UK, your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.
We may share your personal data with relevant authorities where we are under a legal duty to do so, or where we feel that it is in your legitimate interests that we do so, for example in relation to safeguarding or child protection issues. Where we rely on your legitimate interests as the lawful basis for sharing your data, we will first undertake a Legitimate Interests Assessment.
For further information please contact our Data Controller
To help personalise your journey through our websites we sometimes may use the following companies:
You should find it easy to access and amend the personal information that we hold on you, or request that we stop contacting you. It’s your data and we want to make sure you feel in control of it.
The General Data Protection Regulations (GDPR) provides the following rights individuals:
Right to be informed
Individuals have the right to be informed about the collection and use of their personal data
Right of access
Individuals have the right to access their personal data and supplementary information (known as a Subject Access Request) * You have the right to request details of what information we hold about you. We will take steps to verify your identity before responding to your request and will then respond as soon as possible but no later than within a month. Please send a description of the information you would like to see, together with proof of your identity to firstname.lastname@example.org
Right to rectification
GDPR includes rights for individuals to have inaccurate personal data rectified or completed if it is incomplete. If you have any concerns about the accuracy of your personal data, please let us know using the contact details below.
Right to erasure/forgotten
GDPR introduces a right for individuals to have personal data erased in certain circumstances.
Individuals have the right to request the restriction or suppression of their personal data
Data portability – right to transfer data between controllers
The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.
Right to object
Individuals have the right to object to processing based on legitimate interests or the performance of a task in the public interest, direct marketing, and processing for purposes of scientific/historical research and statistics.
Right not to be subject to automated decision making
GDPR has provisions on automated individual decision making and profiling
*To ask for your information, please contact Data Controller, Real Ideas Organisation, Devonport Guildhall, Ker Street, Plymouth, PL1 4EL or email email@example.com
If we choose not to action your request, we will explain to you the reasons for our refusal, based on the lawful bases for processing outlined in ‘What Sort of Personal Data do we Collect & lawful basis’?
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. To stop hearing from Real Ideas please write to Real Ideas Organisation, Devonport Guildhall, Ker Street, Plymouth PL1 4EL. We will always comply with your request.
You have the right to stop the use of your personal data for email marketing. All our email marketing activity is delivered via Mailchimp which will always give you opportunity to update your preferences or withdraw your consent to hear from us with marketing messages. We will always comply with your request.
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
At the end of your relationship with us you can ask us to delete your personal data and we will do so as far as we are reasonably able and subject to our legal requirements to retain such data. You can also request that we provide you with written confirmation of the deletion of your personal data, which we will provide if we have deleted that data and can provide evidence of this.
You have the right to lodge a complaint with the supervisory authority, The Information Commissioner’s Office – www.ico.org.uk
If you would like to exercise any of your rights outlined in this policy or have any concerns or questions about the way in which Real Ideas handles your personal data, please contact us –
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1113.
Or go online to www.ico.org.uk/concerns (opens in a new window; please note we can’t be responsible for the content of external websites)
Real Ideas is working with NHS Test and Trace as part of the country’s ongoing COVID-19 response. NHS Test and Trace is a contact tracing service run by the Department of Health and Social Care (DHSC).
If you are visiting one of our buildings, in line with government guidance, at least one member of every party of customers (up to 6 people) must provide their name and contact details using either the NHS Test and Trace app or directly to Real Ideas.
Do I have to share my details with NHS Test and Trace?
Yes. In line with current government guidance, you will not be able to visit Real Ideas buildings unless you supply your details.
Why are you collecting and Sharing this information?
We’re using your information on the legal basis that it is necessary for reasons of public interest in the area of public health.
Who do we share your information with?
Your information is shared with Department of Health and Social Care (who run NHS Test and Trace). This is only shared in the event that someone who has tested positive for COVID-19 has listed Real Ideas as a place they visited recently, or if Real Ideas is identified as potential location of a local outbreak of COVID-19.
How Long Do you keep my Information for this Purpose?
If the information is not being used for another reason by Real Ideas (such as facilitating ticket bookings where information will be kept longer), your data will be deleted after 21 days by Real Ideas.
Where your data is passed to NHS Test and Trace in the case of a suspected outbreak, your information will be kept for up to 8 years, as part of the standard contact-tracing retention period set out by Public Health England.
We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it.
If you have any questions that haven’t been covered, please contact our Data Protection Officer who will be pleased to help you:
Email us at firstname.lastname@example.org
Or write to us at Real Ideas Organisation, Devonport Guildhall, Ker Street, Plymouth PL1 4EL.
This notice was last updated on 12/04/2021.
Become a member
As a member you will have access to our support, insider knowledge, experiences and spaces.
We want to grow our community, so our members can share our create workshops online, mentoring and consultancy. In addition to our community and news, you can access our co-working spaces, studios and teaching spaces.