Skip to content

Privacy Policy

1. Who we are

Design-Nation and the websites and are owned and operated by University of Lincoln, Brayford Pool, Lincoln LN6 7TS.

University of Lincoln is committed to safeguarding your privacy and to this end we have developed this Privacy Policy to explain how we use the Personal Data we collect about you.

The following complies with General Data Protection Regulation (GDPR).

This policy may change from time to time so please check it periodically.

This update is current as of August 2023.

2. About Us (The Data Controller)

The Data Controller means the person or organisation who decides the purposes for which and the way in which any personal data is processed.

At Design-Nation the Data Controller is University of Lincoln.

You can contact us by emailing [email protected] or you can write to us via:

Information Compliance Officer


University of Lincoln

Brayford Pool



3. Personal Data

This section explains the sort of data we might collect about you.

3.1 The Data We Collect

In order to conduct and manage our business we collect, retain and use Personal Data and Sensitive Personal Data, referred to in this policy as “Personal Data”. We only collect, process and maintain the minimum necessary in order to provide our services effectively.

This information might be provided by you when using one of the services such as applying for membership, using our website, subscribing to our email and postal marketing lists, but it can also be collected from other sources, including third parties that you have authorised to pass on your information to us, or from data in the public domain.

Personal Data is information that relates to you (whether you are directly or indirectly identifiable), such as (but not limited to) your name, address, email address, telephone number, country of residence, date of birth, credit and debit card details, purchase history, location data, or online identifier e.g. IP Address and Cookies.

Special Category Data (sometimes called Sensitive Personal Data) refers to the above but specifically includes genetic data and biometric data, such as (but not limited to) religious or philosophical beliefs and political opinions, racial or ethnic origin, biometric data (e.g. photo in an electronic passport).

3.2 Retention of Your Personal Data

Design-Nation retains your Personal Data only for as long as is necessary to fulfil its business needs and/or legal obligations. This period will vary depending on the service or function being performed but adheres to retention schedules that are regularly reviewed.

When the retention period is reached, we may review whether we still need to retain it or update it. When we consider that the Personal Data is no longer needed for any purpose it will be securely deleted.

If you decide that you no longer wish to do business with us, we may keep some basic information so that we can confirm that the relationship existed – and that it has ended – as well as some of its details. This information may then be deleted in accordance with the appropriate retention policy.

For more information about your rights, such as the Right To Erasure please see Section 7 below.

3.3 Security of Your Personal Data

We take every precaution to protect your Personal Data.

We have put in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your personal information as secure as possible.

We will ensure that any third parties we use for processing your personal information do the same.

We will not transfer, process or store your data anywhere that is outside of the European Economic Area.

4. How we use your personal data

In order to process your Personal Data we must have a lawful basis to do so. When we process your data, we either do so to fulfil contractual obligations, you have given us your consent, it is in our legitimate interest, or we have a legal obligation to do so.

In this section we outline typical reasons for processing your data and the lawful basis under which this is carried out. This is intended to help you understand how our Privacy Policy is applied in practical terms and is not intended as an exhaustive description of the ways in which Personal data is used.

4.1 Contract

One of the most common occasions when we might process your Personal Data is when we need to do so to fulfil a contract. If you apply for membership, for example, we will process Personal Data including your name, address, email address, phone number and credit/debit card details. To fulfil our contract, we may also send you application confirmations and information by email or post, or we might telephone you.

To process a transaction your Personal Data including card details may be passed to third party service providers who act as Data Processors under instruction from us (see Section 5 below).

4.2 Consent

All our Direct Marketing communications via email and electronic messenger services are processed on the lawful basis of Consent.

When you opt in to receive direct marketing communications from us you agree to receive targeted news and information about events and activities (including fundraising), which we feel might be of interest to you. Opting in is confirmed via your Design-Nation membership confirmation or newsletter subscription.

You can withdraw consent at any time by clicking unsubscribe on a direct marketing email or by contacting us verbally or in writing via [email protected] or via the Information Compliance Officer at the address in section 2 above (see section 7.9 below).

4.3 Legitimate Interest

Legitimate Interests means that we can process your Personal Data if we have a genuine and legitimate reason, and we are not harming any of your rights and interests.

Generally, this means that when you provide Personal Data, unless stated otherwise, we will use this information for our legitimate interests to carry out our business of operating an arts organisation.

Before doing this, though, we will also carefully consider and balance any potential impact on you and your rights.

These are what we consider to be core ‘Legitimate Interests’, with some examples of the types of processes we might use to achieve them.

Direct Marketing: Postal Communications: We will send you postal marketing that includes targeted news and information about events and activities (including fundraising), which we feel might be of interest to you. Promotions: administering promotional activities including competitions.

Fundraising: We may approach you with requests for financial or other forms of support to help us achieve our mission, including the sale of memberships or other loyalty schemes.  We may also use a number of basic research tools to estimate your potential interest in other fundraising opportunities, membership levels or other ways of supporting us further and match them to your account (see Section 4.4 below).

Ordering: In order for us to process an order, payment has to be taken and Personal Data collected, such as name, address and telephone number, credit and debit cards.

Your Best Interest: Processing your Personal Data to protect you against fraud when transacting on our website, and to ensure our websites and systems are secure.

Personalisation: Where the processing enables us to enhance, modify, personalise or otherwise improve our services/communications for the benefit of existing, lapsed or potential customers or supporters.

Analytics: To process your Personal Data for the purposes of customer analysis, assessment, profiling and segmentation and direct marketing (including targeted digital display adverts), on a personalised or aggregated basis, to help us with our activities and to provide you with the most relevant information. Please see Customer Profiles – Section 4.4 and Your details on the Web – Section 5, below

Research: To determine the effectiveness of promotional campaigns and advertising and to develop our products, services, systems and relationships with you.

Documentation: We may use photographs, film/videography, sound recording, quotations, feedback and survey responses to document our activities for promotional purposes and for journalistic, academic, artistic and literary functions.

Due Diligence: We may need to conduct investigations on supporters, potential customers and business partners to determine if those companies and individuals have been involved or convicted of offences such as fraud, bribery and corruption.

Administration: Of your Customer Account, in order to ensure your Personal Data is accurate and up-to-date we may contact you to update our records. From time to time we will also need to send you our website, policy and service announcement updates; for HR purposes, such as the collection and storage of CVs and applications; Health & Safety, such as recording accidents. Customer Care – responding to customer feedback.

Data Protection: We will also hold information about you so that we can acknowledge your relationship with us and respect your preferences for being contacted by us.

When we process your Personal Data for our legitimate interests, we will consider and balance any potential impact on you and your rights under relevant legislation.

Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to do so by law). For more information on your rights see Section 7 below.

4.4 Customer Profiles

In accordance with our legitimate interests, we may make use of profiling and screening methods to identify potential new customers and supporters, produce more relevant communications, target digital advertising, and provide a better experience for our customers and supporters. Processing your Personal Data for profiling can help us target our resources more effectively by gaining an insight into the background of our customers and supporters, helping us to build relationships that are appropriate to your interests and capacity to engage and/or donate.

To do this we may use third party Data Processors. We may also use additional sources of data to increase and enhance the information we hold about you. This may include (but is not limited to) obtaining details of changes of address, date of birth, telephone numbers and other contact details, information related to your wealth and demographic data. It may also include information from public registers and other publicly available sources such as Companies House, newspapers, and magazines.

If you wish to object to the processing of Personal Data in any of the ways listed above or you simply have questions about this please contact us via [email protected] or the Information Compliance Officer at the address in Section 2 above.

5. Sharing your personal data

We will never sell or rent your Personal Data to other organisations.

There are, however, certain circumstances under which we may disclose your Personal Data to third parties, where we have your consent to do so.

When we use other companies to provide services on our behalf, e.g. processing, mailing or delivering orders, answering customers’ questions about products or services, sending mail and emails, customer analysis, assessment and profiling, targeted digital display advertising, and when using auditors/advisors or processing credit/debit card payments.

When the data is anonymised and it is submitted to support industry benchmarking, research and funding requirements such as with Arts Council England.

If it is to other departments of University of Lincoln including our subsidiaries (i.e. the companies owned by University of Lincoln).

If we merge with another organisation to form a new entity, information may be transferred to the new entity.

We are required by law or requested by the police or a regulatory or government authority investigating potentially illegal activities. We may also disclose Personal Data to appropriate third parties to assist in anti-fraud checks and investigations and for purposes of taxation.

A list of our main Third Party Data Processors can be found in Section 8.

6. Your details on the web

Technology is increasingly changing how we communicate, consume and share information with each other and at first glance it’s not always clear who is responsible for your Personal Information and how it is being processed. This section outlines how your details are used by us on the web.

6.1 Cookie Policy

Cookies are small pieces of information that are stored by your browser on your computer or mobile phone’s hard drive when you browse website.

For more information on cookies, please visit:

6.1.1 Why We Use Them

Cookies help us:

Make our website work as you would expect.

Remember your settings during and between visits.

Improve the speed/security of the site.

Allow you to share pages with social networks like Facebook.

Continuously improve our website for you.

Make our marketing more efficient (ultimately helping us to offer the service we do at the price we do).

Granting us permission to use cookies.

If the settings on your browser that you are using to view this website are adjusted to accept cookies we take this, and your continued use of our website, to mean that you are fine with this. Should you wish to remove or not use cookies from our site you can learn how to do this below, however doing so will likely mean that our site will not work as you would expect.

6.1.2 How Long Do Cookies Last?

When a web server sends a cookie, it asks your browser to keep that particular cookie until a certain date and time. These dates can be:

Some date in the future – which might be a few minutes or a few hours from now (to track something like your shopping cart in an online store). The cookie might expire many years in the future, to keep track of your browser for a long time.

When you close your browser – this is called a session cookie, the next time you start your browser these will have vanished.

Some date in the past – this is how the server asks a browser to remove a previously-stored cookie.

6.1.3 What Cookies Do We Use

a) Our Cookies

We use cookies to make our website work including:

Remembering if you have consented to the use of cookies.

b) Third party functions

Our site, like most websites, includes functionality provided by third parties.

Providing our online ticketing service:

c) Anonymous visitor statistics cookies

We use cookies to compile visitor statistics such as how many people have visited our website, what type of technology they are using, how long they spend on the site, what page they look at, etc. This helps us to continuously improve our website. These analytics programs also tell us, on an anonymous basis, how people reached this site (e.g. from a search engine) and whether they have been here before, helping us to develop our services for you. Our site uses the following analytics programs:

Google Analytics 4 – GA4

d) Cookies used by Twitter, Instagram, Tiktok and Facebook, including advertising, or targeting cookies:

These cookies provide information on visitors to Twitter, Instagram, Tiktok and Facebook, check whether users are logged in to either platform and set application cookies for Twitter, Instagram, Tiktok and Facebook.

Typically, these types of cookies are used to deliver adverts, which will be more relevant to you and your interests. They are also used to limit the number of times you see an advertisement and to help measure the effectiveness of the advertising campaign. They are normally placed by advertising networks with our permission. They remember that you have visited a website and this information is shared with other organisations such as advertisers. Targeting or advertising cookies will often be linked to site functionality provided by the other organisation.

We use ‘Advertising’ cookies on the Design-Nation websites to:

Link to social networks, like Facebook, who may use information to provide targeted advertising to you on other websites.

Used to identify that you have visited the Design-Nation websites, to show you relevant adverts from us.

Provide advertising networks with information on your visit so that they can present you with adverts that you may be interested in.

6.1.3 Turning Cookies Off

You can usually switch cookies off by adjusting your browser settings to stop it from accepting cookies. Doing so, however, will likely limit the functionality of ours and a large proportion of the world’s websites as cookies are a standard part of most modern websites.

7. Your rights

Under the General Data Protection Regulation you have a number of legal rights relating to the collation, retention, processing, sharing and use of your Personal Data. These are:

The right to be informed

The right of access

The right to rectification

The right to erasure

The right to restrict processing

The right to data portability

The right to object

Rights in relation to automated decision making and profiling.

7.1 The Right To Be Informed

You have the right to be informed about the collection and use of your Personal Data. As a Data Controller we have an obligation to provide you with information relating to how we process your Personal Data, our retention periods for that personal data, and who it will be shared with.

This is called “Privacy Information”.

This Privacy Policy is our main method for providing you with this Privacy Information but we may do so using other techniques at the point of collecting your Personal Data from you.

Please note, we regularly review, and where necessary, update our Privacy Information.

We must also bring any new uses of your Personal Data to your attention before we start the processing.

7.2 The Right of Access

You have the right to access your Personal Data.

To request a copy of your Personal Data please email [email protected] or to the Information Compliance Officer at the address in Section 2 above.

There is currently no charge for this.

7.3 The Right to Rectification

Although we make every effort to ensure the accuracy of all Personal Data held by us, you may feel that what we currently have on record is inaccurate or incomplete. If you wish us to update this information you can make a request for rectification either verbally or in writing via [email protected] or via the Information Compliance Officer at the address in Section 2 above.

7.4 The Right to Erasure

Under GDPR you have the right to have Personal Data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances.

If you wish to request the erasure of your Personal Data you can make a request either verbally or in writing via [email protected] or via the Information Compliance Officer at the address in Section 2 above.

7.5 The Right to Restrict Processing

You have the right to request the restriction or suppression of your Personal Data. This means that you can limit the way that we use you data but this is different from having your data erased.

You may wish to exercise this right because you have issues with the content of the information we hold or how we have processed your data. This is usually a temporary measure whilst we investigate the accuracy of your Personal Data or the grounds for processing it.

If you wish to request the restriction of processing of your Personal Data you can make a request either verbally or in writing via [email protected] or via the Information Compliance Officer at the address in Section 2 above.

7.6 The Right to Data Portability

This right allows you to obtain and reuse your Personal Data for your own purposes across different services in a safe and secure way, without hindrance to usability (e.g. in a commonly used machine-readable form such as a CSV file). This only refers to Personal Data that you have provided to us, is processed through automated means and where that processing is based on your consent or the performance of a contract.

If you wish to request your Personal Data in a portable format you can make a request in writing via [email protected] or via the Information Compliance Officer at the address in Section 2 above.

7.7 The Right to Object

You have the right to object to the processing of your Personal Data based on legitimate interests (see Section 4 above). This can specifically include direct marketing (including profiling); and for the processing for purposes of scientific/historical research and statistics.

If you object to the processing of your Personal Data for direct marketing purposes we must stop processing your Personal Data in this way immediately and there are no exemptions or grounds to refuse.

If you wish to object to the processing of Personal Data you can make a request either verbally or in writing via [email protected] or via the Information Compliance Officer at the address in Section 2 above.

In addition, to help you exercise control over the processing of your Personal Data for Direct Marketing via electronic communication you can unsubscribe at any time by following the links on direct marketing emails or, if you have purchased tickets online via our website you can log into your Customer Account and update your Direct Marketing preferences there.

7.8 Rights in relation to automated decision making and profiling.

We use your Personal Data to undertake profiling to better understand our audiences more deeply so that we can produce relevant communications and provide 7.8 Rights in relation to automated decision making and profiling. a better experience for our customers and supporters (see 4.4 above). You can object to the processing of your Personal Data in this way under the Right to Object outlined in Section 7.7 above.

If you wish to object to the processing of Personal Data you can make a request either verbally or in writing via [email protected] or via the Information Compliance Officer at the address in Section 2 above.

7.9 The Right to Withdraw Consent

As noted in Section 4.2 above, we process your Personal Data for electronic Direct Marketing purposes by your Consent and you have the right to withdraw this at any time. This does not affect your other rights under GDPR.

To withdraw your consent for the processing of your Personal Data as outlined above you can do so verbally or in writing via [email protected] or via the Information Compliance Officer at the address in Section 2 above.

7.10 Complaints

If you believe that the processing of your Personal Data has infringed on the General Data Protection Regulation you can lodge a complaint with the Information Commissioner’s Office. More information about reporting a breach can be found here:

8. Appendix: Third party data processors

In order to deliver our services we work with selected third party service providers to process data on our behalf and on our instructions. This is to ensure your Personal Data and the safeguarding of your privacy is managed efficiently and effectively.

In these cases we require that these third parties comply strictly with our instructions and with data protection laws, for example around security of personal data.

Our main third party Data Processors are:

Survey Monkey for surveys

Mailchimp for e-newsletters

Ticketsource for event and membership payments

Eventbrite for event booking

design-nation dn-logo-2021 facebook instagram search