EU General Data Protection Regulation (GDPR) Compliance Statement and Privacy Policy
The EU General Data Protection Regulation (GDPR) is in force from 25 May 2018.
The GDPR provides a set of ‘digital rights’ and protections for EU citizens in terms of the data that individuals and organizations hold about them, and applies new responsibilities to those organizations on what data they can hold, how they can process and use that data, and how individuals can access or request changes to or deletion of the data held about them.
This GDPR Compliance Statement explains what data we hold, what we use it for, and the legal basis on which it is used. The statement has been prepared using the checklists in the ICO document, “Preparing for the General Data Protection Regulation – 12 Steps to Take Now” and the guidance given on the ICO website https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/, and represents our GDPR Impact Assessment.
1. Awareness
This Compliance Statement applies to data held and processed by the Green Man Committee, an annually appointed group of people who wish to organise and run Pilton Green Man Day. Committee Members are aware of the impact of and responsibilities for the GDPR compliance, and have read this Compliance Statement.
It is available publicly on the websites http://www.piltonfestival.co.uk. Additionally, links to this Statement have been sent in an email to every individual whose data we hold.
2. Information we hold
Email addresses of people who have emailed us and to whom we have replied – automatically saved in mail server software.
Individuals who have served as, or are, are Committee members. This data comprises Email Address, First Name, Family Name, Address and Telephone Number(s).
Individuals who have expressed a wish to help with the organisation and running of Green Man Day but are not Committee members. This data comprises Email Address, First Name, Family Name, and possibly Telephone Number(s).
Individuals who have expressed a wish to help with the Green Man Day Pageant. This data comprises Email Address, First Name, Family Name, and possibly Telephone Number(s).
Individuals/ Businesses/Charities who provide services to Green Man Day or have applied for a stall at our event. This data comprises Email Address, First Name, Family Name, and possibly Telephone Number(s).
Both paper and electronic copies of information are stored securely by individual Committee members. Consent for our use of information can be withdrawn at any time.
How we use your data
To give notice of our AGM and meetings;
To give reminders and provide information about the next Green Man Day including opportunities for volunteering or having a stall;
To comply with our licensing and H&S requirements, where people have a relevant role.
Every mailing includes an ‘unsubscribe’ option that allows each recipient to request their details be removed.
We aim to act on these requests as rapidly as practically possible.
3. Privacy information
The privacy information required under the GDPR Regulations are as follows: Identity and contact details of the controller: Donna Sibley for the Green Man Day Committee, piltonfestival@googlemail.com
Purpose of the processing and the legal basis for the processing: Data is collected and retained for the purposes of informing individuals of events in which they have expressed an interest. This data is collected and processed under the legal basis of ‘Legitimate Interests’.
Categories of personal data: The categories of personal data collected and processed are as indicated in the section on ‘Information we hold’, above.
Any recipient or categories of recipients of the personal data: Data is used only by the Green Man Day Committee for the purposes outlined above.
Retention period or criteria used to determine the retention period: Data is retained for as long as it still has relevance; for example, individuals who wish to be informed about Green Man Day will have their data retained as long as the events continue, or until they request to be unsubscribed.
The existence of each of data subject’s rights: The data subjects rights are acknowledged and best efforts will be used to respond to any and all requests for access to or deletion of data records. The right to withdraw consent at any time, where relevant:Every mailing includes an ‘unsubscribe’ option that allows each recipient to request their details be removed.
The right to lodge a complaint with a supervisory authority: the Green Man Day Committee is based in the UK and the relevant supervisory authority is the Information Commissioner’s Office (ICO) – see https://ico.org.uk/
The source the personal data originates from and whether it came from publicly accessible sources: The sources the personal data originates from are as indicated in the section on ‘Information we hold’, above.
Whether the provision of personal data is part of a statutory or contractual requirement or obligation and possible consequences of failing to provide the personal data: There are statutory requirements to provide data in line with our licensing and H&S conditions.
The existence of automated decision making, including profiling and information about how decisions are made, the significance and the consequences: No automated decision making is used.
4. Individuals’ rights
We acknowledge individuals’ rights as specified in the GDPR and will make best efforts to respond to any requests from individuals in association with these rights, as follows:
the right to be informed
the right of access
the right to rectification
the right to erasure
the right to restrict processing
the right to data portability
the right to object
the right not to be subject to automated decision-making including profiling
5. Subject access requests
We will make best efforts to respond to any requests from individuals in association with these rights as quickly as possible, and in all cases within the one month timescale required by GDPR.
6. Lawful basis for processing personal data
Data is collected and processed under the legal basis of ‘Legitimate Interests’, using the three-part test:
Identify a legitimate interest: By joining our mailing list, volunteering or applying for a stall individuals have expressed a legitimate interest in the Green Man Day Committee.
Show that the processing is necessary to achieve it: Communication via email is fundamental to the operation of the Green Man Day Committee.
Balance it against the individual’s interests, rights and freedoms: the individual has the absolute right to request deletion of their data at any time.
Data is used in ways which the individuals would reasonably expect and which has a minimal privacy impact. Only data necessary for the operations stated is collected and processed.
7. Consent
Consent is requested from each individual on contacting the Green Man Day Committee for use of their data in the ways outlined above.
8. Children
Children may take part in our Procession, Pageant or perform on our stages. We will only collect personal information about children to enable them to take part where their parents have given permission for us to do so. This information will be destroyed once their part has ended.
9. Data breaches
We acknowledge the requirement to notify the ICO in certain instances of data breaches. Reasonable steps are taken to prevent data breaches.
10. Data Protection by Design and Data Protection Impact Assessments