GDPR is an important change in government legislation regarding data protection and stands for The General Data Protection Regulation. It effectively provides an update to the Data Protection Act, bringing in new requirements and increasing the penalties for breaches. Any organisation that is required by law to comply with GDPR must do so by the 25th May 2018 at the latest. This law doesn’t only cover businesses, but sports clubs, charities etc – basically any organisation that handles personal data.
GDPR will impose strict controls on how all organisations collect and process personal data within the EU and/or personal data of EU citizens. The UK is expected to enforce the full range of GDPR requirements.
The regulation outlines six key principles for organisations that process individuals’ personal information. These are that data shall be:
- processed lawfully, fairly and transparently
- collected for specified, explicit and legitimate purposes
- adequate, relevant and limited to what is necessary for processing
- accurate and kept up to date
- retained only for as long as necessary
- processed in an appropriate manner to maintain security
Right to be forgotten
If you do not wish to be contacted by the Dundee Mountain Film Festival and wish to have your details removed, then you can do so by sending an email to email@example.com
How you can access and update your information
The accuracy of your information is important to us. If you change email address please let us know by sending an email to firstname.lastname@example.org If a mailshot returns an ‘address not recognised’ or ‘invalid’ we will automatically delete the email address from our database. Alternatively you can just register your new email address on our Contacts page on our website.
If you change home address, and you receive a paper copy of our brochure, you can let us know of your new address by sending an email to email@example.com . You can also contact this email address if you wish to be removed (or added) from/to our mailing list.
You have the right to ask for a copy of the personal information Dundee Mountain Film Festival hold about you.
Security precautions in place to protect the loss, misuse or alteration of your information
Non-sensitive details e.g. email are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure.
Use of ‘cookies’
Links to other websites
In addition, if you link to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.
16 or Under
We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ we will not process your data, unless it is provided by a parent or guardian.
Review of this Background and Policy
We keep this Policy under regular review. This Policy was last updated May 2018.
This Policy sets out what we do with Personal Data and what you can expect from us as part of our obligations when processing this Personal Data.
What data are we gathering?
We may hold Personal Data about potential audiences and volunteers. We believe it is important to be open and transparent about how we will use your Personal Data. Information we may hold includes the following:
● name and contact details;
Why do we collect this information?
We use this information to communicate with you and to carry out our obligations as the committee of the Dundee Mountain Film Festival. The list of activities we carry out that may require the use of Personal Data include:
● To inform you of events organised by the Dundee Mountain Film Festival
● To update you on significant changes in the programme of the festival
How do we gather data?
We gather data through a variety of methods, these include:
- Contact form on our website or by email
- Feedback forms
- Ticket application forms (paper)
- Ticket application information (Eventbrite)
When will we delete this data?
We may keep information for different periods of time for different purposes as required by law or best practice
Feedback forms – these are shredded once the information is transferred to the email database if permission has been given to do so.
Ticket Application forms (paper) – these are shredded once the addresses are transferred to our mailing list if permission has been given to do so.
Ticket Application forms (Eventbrite) – Eventbrite provides full details of how it uses your personal data (as a Consumer) on its own privacy notice.
Email data base – This is held securely within Mailchimp. It is routinely cleansed of all unsubscribed and invalid email addresses. Any emails that we send you through Mailchimp will have an unsubscribe link.
Who has access to this data and who do we share it with?
Only those members who need information to carry out their role of sending emails or mailshots have access to that information.
We do not store credit card details, nor do we share data with third parties.
Where will the data be stored?
The data is stored on a laptop computer belonging to one of the Festival Committee. This is backed up on an external drive.
What are your rights to your Personal Data
As a Data Subject you have rights over your own data that you can exercise at any time, these are:
● Data is accurate – we must keep your data accurate
● Data is erased – we must erase data if not needed or requested by you
● Data is portable – we must provide a copy of your data back to you
● Consent withdrawal – we must allow you to withdraw consent at anytime
In the event that you wish to contact us to exercise these rights or for any further queries on this Privacy Notice please contact firstname.lastname@example.org
If you are dissatisfied, you have the right to raise a complaint with the Information Commissioners Office at www.ico.org.uk