Data protection and Privacy Policy
Data Protection Act and GDPR Compliance Statement
Introduction
The UK Data Protection Act 2018 (“DPA”) which incorporates the EU General Data Protection Regulation (“GDPR”) came into force on 25th May 2018 and brings with it the most significant changes to data protection law in two decades. Based on privacy by design and taking a risk-based approach, the Act has been designed to meet the requirements of the digital age.
Our commitment
Cornwall International Male Choral Festival (“CIMCF”) is committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have data protection in place which complies with existing law and abides by the data protection principles. However, we recognise our obligations in updating and expanding our programme to meet the demands of the DPA.
CIMCF will safeguard the personal information under our remit and develop a data protection regime that is effective and fit for purpose, and will demonstrate an understanding of, and appreciation for, the new Regulation. Our preparation and objectives for DPA and GDPR compliance are summarised in this statement.
DPA and GDPR adherence
CIMCF will comply with the DPA and GDPR.
Data subject rights
CIMCF ensures that individuals can enforce their data protection rights by providing access to any personal information that we process about them and to request information about:
- What personal data we hold about them
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your personal data for
- If we did not collect the data directly from them, information about the source
- The right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this
- The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
- The right to lodge a complaint or seek judicial remedy and who to contact in such instances
Information security
CIMCF takes the privacy and security of individuals and their personal information very seriously and takes every reasonable measure and precaution to protect and secure the personal data that we process.
If you have any questions about CIMCF, DPA and GDPR, please contact director@cimcf.uk.
Privacy Notice
Cornwall International Male Choral Festival (CIMCF) gathers and processes your personal information in accordance with this privacy notice and in compliance with the relevant data protection regulation and laws. This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.
Cornwall International Male Choral Festival is registered with the Charity Commission for England and Wales (number 1099924) and is a company limited by guarantee (number 4509936) registered in England. Registered office: Cornwall International Male Choral Festival, Peat House Newham Road, Truro, Cornwall TR1 2DP
Information that we collect
CIMCF processes your personal information to meet our legal, statutory and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice.
The personal data that we collect from you is:
- Name
- Address
- Email addresses
- Telephone Numbers
We collect information in these ways:
- By telephone
- In writing
- By email/SMS
- By electronic means (e.g. via websites and forms)
How we use your personal data (legal basis for processing)
CIMCF takes your privacy very seriously and will never disclose, share or sell your data without your consent (unless required to do so by law). We only retain your data for as long as is necessary and for the purpose(s) specified in this notice. Where you have consented to our providing you with promotional offers and marketing, you are free to withdraw this consent at any time.
The purposes and reasons for processing your personal data are:
- We collect your personal data in the performance of a contract or to provide a service and to ensure that your instructions are completed
- We may occasionally send you marketing information where we have assessed that it is beneficial to you as a customer and in our interests. Such information will be non-intrusive and is processed on the grounds of legitimate interests
Your rights
You have the right to access any personal information that CIMCF processes about you and to request information about:
- What personal data we hold about you
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your personal data for
- If we did not collect the data directly from you, information about the source
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible unless there is a valid reason for not doing so, at which point you will be notified.
You also have the right to request erasure of your personal data or to restrict processing (where applicable) in accordance with the data protection laws, as well as to object to any direct marketing from us. Where applicable, you have the right to data portability of your information and the right to be informed about any automated decision-making we may use.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.
Sharing and disclosing your personal information
We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. CIMCF uses third parties to provide the services and business functions; however, all processors acting on our behalf only process your data in accordance with instructions from us and comply with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures.
As part of organising your visit to the CIMCF your contact details will be shared with Melody Music. Melody Music is contracted by the CIMCF to organise accommodation, and travel if requested, for visiting Choirs. For more information about Melody Music and the DPA and GDPR policies and procedures please visit their website at http://www.melodymusic-company.com/
We use Mailchimp for mailing purposes. For more information about Mailchimp, please read their Privacy Notice at https://mailchimp.com/legal/privacy/
We may use Survey Monkey in order to gather views about our services. For more information about Survey Monkey, please read their Privacy Notice at https://www.surveymonkey.com/mp/legal/privacy-policy/
We use Google G Suite for our systems. For more information about Google, please read their Privacy Notice at https://privacy.google.com/businesses/compliance
Safeguarding measures
CIMCF takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction.
Transfers outside the EU
Personal data in the European Union is protected by the General Data Protection Regulation (GDPR) but some other countries may not necessarily have the same high standard of protection for your personal data. CIMCF, by virtue of the fact that we engage with the Google Drive platform, will transfer or store personal data outside the EU. However, the level of compliance that Google adheres to is in line with current GDPR legislation.
Consequences of not providing your data
You are not obligated to provide your personal information to CIMCF. However, as this information is required for us to provide you with our services, we will not be able to offer all our services without it.
Legitimate interests
As noted in the ‘How We Use Your Personal Data’ section of this notice, we occasionally process your personal information under the 'legitimate interests’ legal basis. This will be fair and lawful, ensuring that they are proportionate and appropriate, and only where it does not override your interests or rights.
An example of when we would use the ‘legitimate interests’ legal basis for processing your personal information would be in the event of direct marketing within the legislation’s scope. This would include contacting you with regards to commercial interests that would be directly beneficial to your business.
CIMCF will occasionally send you information which will have been identified as being beneficial to our customers and in our interests. Such information will be relevant to you as a customer and is non-intrusive and you will always have the option to opt-out/unsubscribe at any time.
How long we keep your data
CIMCF only ever retains personal information for as long as is necessary. Where you have consented to our using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.
Special categories data
CIMCF will not process sensitive personal information about you (known as special category data).
Marketing
Occasionally, CIMCF would like to contact you with information regarding products and services that we provide. If you consent to our using your contact details for this purpose, you have the right to modify or withdraw your consent at any time by using the opt-out/unsubscribe options or by contacting CIMCF directly.
Lodging a complaint
CIMCF only processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the supervisory authority.