Photo North and The Curators - Collaborating with the arts across the globe to curate exhibitions, festivals and develop events. It all begins with an idea. Maybe you have a creative project to share with the world. Whatever it is, the way you tell your story can make all the difference. Get in touch, maybe we can help. Peter Dench and Sharon Price

Photo North Festival, Community Interest Company

Privacy Policy — How We Use Your Data

If you want to find out how we use your data, you’ve come to the right place. Here we’ll cover the information we collect, how we use it and what you can expect from our data handling processes.

We aim to give you a great user experience across all our channels and platforms, which includes implementing best practice when collecting, processing and sharing of your data. But if you have any concerns, please don’t hesitate to contact and we’ll be happy to discuss them.

Photo North, Photo North Festival and The Curators are a trading style of Photo North Festival, Community Interest Company (the company), which is registered with the Information Commissioner’s Office as a data controller.

We collect information about:

People who visit our websites
People who use our search engine or other interactive features, like quizzes
People who enter the competitions that we host on our website or other channels
People who subscribe to, read, and consume our email newsletter(s)
People who contact us through our website
People who interact with our social media posts or social media advertising or contact us through social media
People who use our social media channels or social media apps to interact with us (including ‘comments’)

1. Website Visitors

When someone visits our website, we use a range of services to serve the request and understand how our visitors consume our content.

We offer an industry standard level of security across our website to improve the user experience, increase reliability and protect any information you choose to submit to us. This is often known as SSL or secure sockets layer.

We aim to meet and exceed the industry standards for data security, however we cannot guarantee the security of data sent over the internet because of the variety of technologies and providers.

In servicing requests to our website, we rely on third party providers Squarespace and Google Drive. This means that any information you submit to us through our website may pass through countries outside of the UK or Europe in fulfilling your request or submission.

Third party services, including Google Analytics and Squarespace Analytics are used to improve our services and to understand the behaviour of visitors to our website and any other digital services that we may provide from time to time.

This information does not include personally identifiable details, however it does tells us things like:

The type of device you used to visit the website
The parts of the website that you visited
How you interacted with the website

We collect this information on content that we produce and publish, as well as content that we produce and publish on behalf of clients or brand partners. The latter content can be identified as such by the presence of an ‘advertising feature’ panel or other disclosure.

This non-personally identifiable information may be shared with third party the clients or brand partners explicitly referenced as ‘artists / photographers’, ‘brand sponsors’ or ‘brand partners’ on the content in relation to the effectiveness of the activity, so that they may improve their campaigns, products or services.

Web server log files are used to record standardised information on every request made to our website and the other resources we host. This information includes:

The resource requested
The time of the request
The device hardware and software used to make the request
The IP address of the device or network used to make the request

This information is held for up to 5 calendar years and used for compliance, security and robustness purposes. It is not normally used to identify individual users except where required for security or legal purposes.

2. Users of our website’s search engine or other interactive features

To provide a better user experience and analyse the effectiveness of our the content, we collect information including:

The text of the search query used when searching our website
The section, page or feature of the website that was interacted with and the duration of the interaction
The device used by the visitor to enable the interaction
The time and date of such an interaction

We collect this information on content that we produce and publish, as well as content that we produce and publish on behalf of a artist or brand sponsor / partner. The latter content can be identified as such by the presence of a ‘sponsored by’ or other disclosure.

This non-personally identifiable information may be shared with the third party brand sponsor / partner that is explicitly noted as the ‘sponsored by’ of the content in relation to the effectiveness of the activity so that they may improve their campaigns, products or services.

3. Users, entrants and purchasers of competitions, promotions or third-party contact forms on our website

Promotions on our website offer our website visitors the chance to win a prize, purchase a product or take up an offer from or in association with our brand sponsor / partners or artist.

Our artists and brand sponsors / partners utilise promotions as a way to inform you about their products or services, and they sometimes include additional benefits like offers, discounts or exclusive incentives.

We collect personally identifiable information, alongside usage data and information to enable us to practically, fairly and securely process and action promotions.

This data is also analysed to help us produce better, more relevant content and provide our artists and brand sponsors / partners with information on the effectiveness of the content and campaigns we produce for them.

The information we collect includes:

The user’s first name and last name
The user’s email address
The IP address of the device or network used to access the promotion page
The hardware and software of the device used to access the promotion
The geographic location of the device used to enter the promotion, either estimated from the device or network’s IP address or from the device’s GPS capabilities (with a capable device when the user grants permission for the collection of this data)
The date and time of the interactions
Technical information relating to the entry and interaction, such as device behaviour and cursor position on the screen

This information is securely sent to our servers and securely stored by our CRM and email provider.

When you send information to us for this purpose, your information is sent outside of the United Kingdom and sometimes outside the EU to be stored by this third party. This third party uses multiple data processing locations including USA, Australia and Germany.

Data at rest is also encrypted and their data centre adheres to several layers of industry best practice.

To ensure best practice and compliance with industry standards, we perform analysis and checks on users that take up promotions after their submission.

We inform winners by email, subject to the terms and conditions of the specific competition or promotion.

Users may be added to our email newsletter subscribers to be informed of similar promotions and opportunities.

Losing competition entrants may receive additional emails afterwards with marketing material such as an offer, promotion or exclusive incentive in return for entering the competition.

Users may receive email updates (which may include offers and discounts by way of a thank you for entering the competition or taking up the promotion) from the third party company or brand sponsor / partner.

We may sell, share or trade the personally identifiable information provided during competition entry to the third party company or sponsor / brand partner that paid for the competition.

Data may be sent outside of the United Kingdom and EU when it is sent to a third party.

Individuals may request deletion of the data they submit to us by emailing info@photonorthfestival.co.uk

We will assess the validity of every request received and may require verification of the requesters’ identity to proceed. Requests are normally processed in one calendar month, with changes cascaded to our backups in line with our retention policy. We may notify the individual making the request within 14 days of receiving a valid request.

4. Subscribers and readers of our emails and email newsletters

We store data to track people who subscribe to our emails, email newsletters and enter our competitions, including:

The user’s first name and last name
The user’s email address
The IP address of the device or network used to access the website
The hardware and software of the device used to access the website
The geographic location of the device used to access the website
Any other information requested as part of the competition sign-up, as indicated on the form

We use a third-party supplier, Squarespace and Google Drive to securely store and process user data and analyse the behaviour of users. Your information may be transmitted outside the United Kingdom and EU during subscription and processing.

We use secure methods including SSL and encryption to enhance the security of your data and to prevent to the most possible extent the interception of your data as it travels over the internet, though we cannot guarantee the security of data as it travels over the internet or in the delivery of email.

Additionally, Squarespace collects user behaviour data on how subscribers and users consume our e-newsletter, which we use to improve our communication with users. This information includes individual and aggregate information on emails opened and links clicked and by whom.

Where an action relates to a specific user or subscriber, such as an email open or link clicked, we may analyse this information to offer a better user experience, detect fraud, offer customised content and identify the content and experiences (some relating to paid campaigns from our brand sponsors / partners) that particular users are interested in.

We may share or sell this data to the named third party company or brand partner when your data specifically relates to a promotion or campaign from that company or sponsor / brand partner.

Individuals may request deletion of the data they submit to us by emailing info@photonorthfestival.co.uk

5. Users of the contact forms on our website

We provide contact forms on our website for multiple purposes:

To enable users to contact Photo North Festival
To enable users to contact the brand sponsor of a campaign or piece of sponsored content in relation to their products or services

When you enter information on our website in these cases, your information is transmitted over a secure connection between your computer and our website to prevent third parties from intercepting your information.

However, because of the nature of internet communications, the company cannot guarantee the security of information transmitted over the internet.

The information collected will be appropriate to the subject matter of your enquiry, to enable your enquiry to be answered and responded to, and, where applicable, the commercial requirements of the brand sponsor / partner.

The information collected will typically include:

The user’s first name and last name
The user’s email address
The IP address of the device or network used to access the website
The hardware and software of the device used to access the website
The geographic location of the device used to enter the website, either estimated from the device or network’s IP address or from the device’s GPS capabilities (with a capable device and the user grants permission for the collection of this data)
The date and time of the interaction
Technical information relating to the interaction, such as device behaviour and cursor position on the screen
The subject of the contact
The enquiry text of the contact
The telephone number of the user
The types of communication the user wants to receive from either Photo North Festival and/or the brand sponsor / partner.

Your information may be transmitted outside the United Kingdom and EU for storage and processing and subsequent sharing with a third party.

We store your information using third parties. These include Squarespace and Google Drive. Both systems use contemporary encryption to ensure customer data is secure when in transit and at rest.

These third parties securely store and process user data and analyse the behaviour of users when they are emailed through their systems.

This data includes statistical behaviour on email opening and links clicked, and some of this information is associated with the users that performed those actions.

We use this information to improve the effectiveness of email communications and to identify the users who interacted with our email communications, as well as those of our artists and brand sponsors / partners. This allows us to provide a better service and to potentially tailor and customise future communications.

We may share or sell this data to the named third party company or brand sponsor / partner when your data specifically relates to a promotion or campaign from that company or sponsor / brand partner.

Individuals may request deletion of the data they submit to us by emailing info@photonorthfestival.co.uk

6. Users of our social media channels (interacting with our posts, sending social media messages, etc)

We use Facebook, Twitter, Instagram, LinkedIn, Threads, Bluesky, YouTube and TikTok as ways to disseminate our content to users and enable sharing of the content on our digital platforms. These social media channels also allow their users to send messages to the company and to leave comments against the content published via those channels, which is covered in the section below.

The security of these social media channels is out of the control of the company and therefore the company takes no responsibility for it.

It is always advisable to check for a secure connection when entering any personal or sensitive information into a website or on social media.

These messages are likely to include personally identifiable information which has been previously entered, and, at a minimum, the user’s name and contact email address.

Your message, and associated information is stored and processed outside the United Kingdom and EU.

These messages are stored by the third-party social media site.

7. People who use our social media channels or social media apps to interact with us

We use social media channels, including but not limited to Facebook, Twitter, Instagram, LinkedIn, Threads and TikTok, to allow the people in our audience to interact with us, by leaving a comment or otherwise interacting with us.

This functionality is enabled by the third-party social media platform which we implement on our website by means of a direct secure connection to the social media platform or using an ‘App’ hosted on the social media platform itself.

When you submit a comment through our social media App (e.g. our Facebook App) the comment is transmitted directly to the social media platform’s provider over a secure connection. Once data reaches the social media platform, your comment, together with your account information held by the social media platform, is stored on their servers. The security and privacy of the data that the social media companies hold on you is out of our control, and therefore the company takes no responsibility for it.

We may create a copy of the comment that you make via the social media App (e.g the Facebook App) on the company’s web servers for audit and performance purposes (e.g. so that the content is more easily discoverable, or to provide redundancy should the social media channel become unreachable). This will include the text of the comment you submit, together with personally identifiable social media account information, such as your full name and username, together with information on your device and connection. Most social media platforms allow you to choose what information is shared with third parties such as the company in this manner.

It is always advisable to check for a secure connection when entering any personal or sensitive information into a website or on social media.

Your comment, and associated information is transmitted, stored and processed outside the United Kingdom and EU.

We will assess the validity of every request received and may require verification of the requesters’ identity and specific information to enable us to locate the comment to proceed with deletion. Requests are normally processed in one calendar month, with changes cascaded to our backups in line with our retention policy. We may notify the individual making the request within 14 days of receiving a valid request.

The company has no capability to action deletion requests for comments from the social media platforms to which you submit your comments, and your deletion request should be submitted directly to the social media platform to which you submitted it.