CDRN member login

Culture Data &
Research Network

Privacy Notice

Last updated 28/10/2021

Culture Data and Research Network (CDRN)

Who we are

The Culture Data and Research Network (CDRN) is a network of researchers and data practitioners working within public-facing arts and cultural institutions and heritage organisations in the UK.

CDRN operates independently of any research or data agency, database provider or funding body and is operated by a voluntary steering group.

CDRN is committed to protecting our member’s privacy. We use the information that we collect about them in accordance with the Data Protection Act 2018 (DPA 2018), the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications (EC Directive) Regulations 2003.

The University of Sheffield is the data controller for the network (ICO registration Z681065X). The registered address is: 

Sheffield University
Western Bank
S10 2TN

This privacy notices tells you what to expect us to do with your personal information if you contact us or use one of our services.

Our contact details

If you have any queries about membership or data protection, in the first instance please contact the CDRN steering group by emailing culturedataresearchnetwork [at]

The University of Sheffield’s Data Protection Officer can be contacted dataprotection [at] 

The type of personal information we collect

We only collect the information that is necessary to carry out normal business operations and to provide any goods or services you’ve asked for.

  • Name
  • Organisation and job title
  • Details of when you became a Sole Trader or Limited Company
  • Email address
  • LinkedIn details
  • Technical information when users access our website e.g. IP address
  • Information about visits to our website e.g. what pages are accessed, search terms used to find our website etc.
  • Image and likeness (captured in photographs as CDRN events

Sensitive data

Some sensitive data such as gender and ethnicity may be requested in our members’ surveys but it is analysed anonymously and is not obligatory to provide.

How we get the personal information and why we have it

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • You have requested membership
  • You have visited our website
  • You have purchased a ticket for an event e.g. annual conference
  • You wish to attend, or have attended, an event e.g. online
  • You have joined the CDRN Slack channel
  • You have joined the CDRN members only LinkedIn page
  • You have made a complaint or enquiry to us
  • You have made an information request to us
  • You enter research

Our basis for processing your personal information

We aim to be clear when we collect your data and not to do anything you wouldn’t reasonably expect.

Members give their consent to the activities in this privacy notice upon sign up for membership.

We may process personal data because it is in our legitimate interests to do so. Examples of this include:

  • Conducting members’ research
  • Checking the trading history of members who are sole traders/limited companies
  • Analysing members’ information in order to better understand our base

Membership is administered under the legal basis Performance of Contract.

What we use your information for

We will only collect the personal data that we need and use it on relevant lawful purposes as permitted by the current data protection legislation (DPA 2018 & the UK GDPR).

  • Carry out our obligations arising from your members and to provide you with the information, goods and services that you require from us.
  • To administer membership records.
  • To notify you about CDRN events.
  • To notify you about any changes to the CDRN or our services.
  • To analyse members’ information in order to better understand our base.
  • Use images/likeness to promote the network e.g. feature images of member events such as the CDRN conference on our website
  • To send you invitations to take part in members’ research. Some of these may be carried out by service providers working with CDRN.
  • To ensure that the content from our website is presented in the most effective manner for you and for your device.

Email & web activity

We keep a record of the emails we send you, and we may track whether you receive or open them.

We receive and store certain details whenever you use our website. We use “cookies” to help us make our site – and the way you might use it – better. Cookies mean that a website will remember you and enable online transactions. It also helps us understand how you use our website, where we can make improvements and how best to tell our audiences about events they might be interested in. Pleas read our Cookie Policy here

From Third Parties

Your information may be shared with us by other organisations and websites, but only when you have indicated that you give your consent to hear from us. You should check their Privacy Notice when you provide your information to understand fully how they will process your data.

Sharing your data with third parties

We will not share any personal details with third parties without your consent, or unless required in order to fulfil our contract with you, or allowed by law.

Members will be invited to quarterly Zoom-based meetings – by attending the meeting, they will be sharing their personal details with Zoom. Members will also be invited to join CDRN’s Slack channel and members’ only LinkedIn page. Again, by joining, members will be sharing their personal details with Slack and LinkedIn. Please note that these websites have their own privacy notices and that we do not accept any responsibility or liability for these policies.

CDRN and The University of Sheffield will not disclose your personal data to any external third party, other than as set out above and/or where you have given us permission to do so, unless we are required to do so by law.

The personal data that you provide the CDRN & The University of Sheffield will be held in compliance with our Retention Schedule. Members’ data will be cleaned annually.

How we store your personal information

The personal data that you provide the CDRN & The University of Sheffield will be held in compliance with our Retention Schedule. Members’ data will be cleaned annually. 

How we store your personal information 

Your personal data will be held and processed on CDRN systems. We maintain secure systems to hold contact details and a record of your interactions with us such as queries, complaints and attendance at events. Where possible we aim to keep a single record for each member. 

We will always seek to hold your data securely. Access to members’ information is strictly controlled and can only be accessed by the steering committee. 

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

All information received by us is retrieved using secure technology. In order to provide a safe and secure environment for your personal information we use up to date technology with a view to protecting that information against loss, misuse or unauthorised alteration. 

Data is held by us for as long as is legally or practically necessary for our business. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. You can find out more about our retention policy by contacting 

CDRN will undergo an annual membership data clean. If a membership ends, we will keep the name of the organisation that the member registered with. All other personal data will be deleted. 

Your data protection rights

Under data protection law, you have rights including:

Your right of access

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which mean you may not always receive all the information we process.

Your right to rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.

Your right to erasure

You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing

You have the right to ask us to restrict the processing of your information in certain circumstances.

Your right to object to processing

You have the right to object to processing if we are able to process your information because the process forms part of our public tasks, or is in our legitimate interests.

Your right to data portability

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.

You are not required to pay any charge for exercising your rights. We have one month to respond to you. Please contact us at  culturedataresearchnetwork [at]  if you wish to make a request.

Giving you control

We try to make it as easy as possible for you to tell us how you’d like to hear from us. You can withdraw your consent at any time by emailing culturedataresearchnetwork [at] .

Our website contains links to and from existing work and research. If you follow a link to any of these websites, please note that these websites have their own privacy notices and that we do not accept any responsibility or liability for these policies. Please check these notices before you submit any personal data to these websites.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us by contacting culturedataresearchnetwork [at] 

If further action is required, a member of the CDRN steering committee will refer the matter to The University of Sheffield’s Data Protection Officer.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:     

Information Commissioner’s Office

Wycliffe House
Water Lane

Helpline number: 0303 123 1113

ICO website: