Privacy Policy (Arts Award Portal)

What We Collect & Why

Account Registration & Portal Access

  • Collected: child’s name, parent/guardian email, password (safely hashed), child’s age or date of birth, and optionally phone number or address for admin.

  • Purpose: to create and manage accounts, deliver portal content, and contact you about online workshops

Workshop Bookings

  • If applicable: we collect parent/guardian contact details to schedule and conduct live zoom sessions.

  • Storage: details are used solely for organising sessions, verifying single-child usage, and evaluating service use. Data is retained for up to 12 months after the final session, then deleted unless required for legal reasons.

Payment Details

  • Payment processing is via trusted processors (Stripe/PayPal) — we do not store card information.

Work Uploads via Dropbox

Learners will submit their Arts Award work through Dropbox file requests. When uploading:

  • Dropbox requires the child’s name and an email address.

  • These details are collected directly by Dropbox to tag the submission. We do not see, or have access to the email address that is used for uploading.

  • Creative Briefs will have access to the uploaded files and associated details for assessment purposes.

  • Dropbox acts as a data processor on our behalf. Please see Dropbox’s own privacy policy for how they handle this information: https://www.dropbox.com/privacy

We use these uploads only to review Arts Award progress and provide feedback. Files and associated submission data are retained until assessment is complete, then deleted after a maximum of 12 months unless longer retention is required for legal reasons.

YouTube Embed Disclaimer

  • We have embedded YouTube content for educational purposes. We do not control or endorse the “watch next” or other recommendations shown on YouTube.

Lawful Bases for Processing

  • Contractual basis: to provide portal access and workshops.

  • Consent: implied parental permission for children’s use.

  • Legitimate interests: improving the portal, workshop delivery, and basic support communications.

How We Share Your Data

  • With Squarespace and payment processors (for hosting and transactions).

  • With trusted IT or communications providers if needed for functionality or session delivery.

  • We do not sell your data.

International Transfers

If any data is processed or stored outside the UK (e.g., via Squarespace or YouTube), we use lawful safeguards (UK adequacy or standard contractual clauses).

Retention Periods

  • Portal account data: kept while active; deleted or anonymised after closure unless legal retention is required.

  • Booking emails and workshop planning records: retained up to 12 months post-session.

  • Payment and invoicing data: kept for 6 years for tax/accounting purposes.

Your Rights

You can request:

  • Access to your data

  • Corrections

  • Deletion or restriction

  • Portability (where applicable)

  • To withdraw consent for marketing (non-essential) emails please contact hello@creativebriefs.co.uk. Proof of identity may be required.

Security

We use HTTPS, access controls, and limit data access to those who need it.

Complaints

Contact us first if you have concerns. You may also contact the ICO: ico.org.uk

Changes to This Policy

Updates will be posted here with a “Last updated” date. Your continued use indicates acceptance.

Last updated: 20 August 2025