Privacy Notice & GDPR 


Artswork Media is Bath Spa University’s creative media production company based at Unit 7.02, Paintworks, Bath Road, Bristol. 

We are committed to adhering to Data Protection law and associated Regulations as part of working practices.

During the course of our activities we process personal data about our students, prospective students, staff, suppliers, clients, guest speakers and other third parties. We recognise that the correct and lawful treatment of this data will maintain confidence in Artswork Media and will provide for successful academic and business operations. This applies to all data users, processing data on behalf of Artswork Media.

All staff must comply with this policy where the term ‘staff’ means anyone working in any context within Artswork Media at whatever level or grade and whether permanent, fixed term or temporary, including but not limited to employees, retired but active research staff, other visiting research or teaching staff, workers, agency staff, agents, volunteers, and external members of committees.

This applies to students of Bath Spa University based at Artswork Media when processing personal data on behalf of the University whether as part of research activities, group study, performance, experiments, fieldwork and case studies. It does not apply when acting in a private or non-University capacity. 

Adhering to Data Protection law at Artswork Media is summarised (but not restricted to) as the below:

·       The application of the data protection principles for all processing; lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; and integrity and confidentiality.

·       An understanding and the enablement of data subject rights as outlined within the law: to be informed; access; rectification; erasure; restriction; data portability; and objection (including in relation to automated decision-making).

·       Ensuring the implementation of Artswork Media’s accountability obligations under data protection law, including: implementing appropriate data protection policies; implementing data protection by design and default in projects, procurement and systems; using appropriate contracts with third party data controllers and data processors; holding relevant records about personal data processing; implementing appropriate technical and organisational security measures to protect personal data; reporting certain personal data breaches to the Information Commissioner’s Office; conducting Data Protection Impact Assessments where required; and ensuring adequate levels of protection when transferring personal data outside the European Economic Area.

·       Cooperating, responding to and taking guidance and advisory actions (where relevant) with the Information Commissioner’s Office (ICO).




We reserve the right to amend this privacy notice at any time. Where appropriate, we will notify data subjects of those changes by mail or e-mail.




In line with data subject rights you are entitled to make a request for the data we hold. 

If you as an individual have any questions regarding handling of personal data, please use our Contact Form to contact Artswork Media via e-mail directly here.




The GDPR covers all data controllers and data subjects based in the EU. It also applies to organisations based outside the EU that process the personal data of its residents.

We use personal data if we have a) consent, b) contractual purpose, c) public interest or d) legitimate interests. 

How we processes personal data, for which purpose we use personal data, how we update, remove and transfer personal data and how we assure information security for personal data is described below.




This table shows purpose for use of personal information, types of personal information and time to store. For each processes, there is be a description how we follow the directive in more detail.


Contact information you provide us with include your name, physical address information, company name, job role; contact phone number and contact e-mail address information.

Media as images, sound and video recordings could be sensitive personal data, therefore described separately.




This chart describes how we see the exceptions on a high level from GDPR when we make film productions at Artswork Media.


Limited GDPR

For productions where there is a journalistic purpose, (news, some public events and documentaries)  we limit GDPR for media  to  
Accountability and Instant breach alerts. Proof of consent, Rights to erasure and Portability of data are not valid due to exceptions in GDPR for journalistic work.

For productions where there is an artistic purpose, (some public events, narratives and commercials) we limit GDPR for media to Accountability, Proof of consent and Instant breach alerts.  Rights to erasure and Portability of data are not valid due to exceptions in GDPR for artistic work.

These limitations are only valid for the process of film production. For other processes as sales, financials and others, we have full GDPR.


For all other type of productions, (private events and corporate) we fully follow GDPR, i.e. Accountability, Proof of consent, Instant breach alerts, Rights to erasure and Portability of data.