Privacy

Lichfield Folk Festival

We would like to let you know about future Lichfield Folk Festival matters and we need your permission to continue to hold your contact details for this purpose. If you agree to us contacting you please fill in the form below and return to us as soon as possible.

You can opt out at any time in the future should you change your mind.

Thank you.

Please complete:-

Surname:-

First Name:-

Address    :-

Post Code:-

Home Phone No :-

Mobile Phone No:-

Permission to be contacted about future events from Lichfield Folk Festival

  •  Yes
  •  No

Your email address and contacts will only be used by Lichfield Folk Festival. If you wish to change or unsubscribe your email address from our email list, (including postal addresses), please send an email to XXXXXXXXXXXXX with your name & details that you want removing from our records.

Lichfield Folk Festival
Data Protection Policy

The General Data Protection Regulation (GDPR)

Context and overview                                                    

  • Approved by Committee on: 04/05/2018
  • Next review date:04/09/2018

Introduction

Lichfield Folk Festival (LFF) needs to gather and use basic information about individuals.

These can include Committee members, officers, and other people the Committee may need to contact.

This policy gives guidance as to how personal data must be collected, handled and stored to meet good practice and to comply with the law.

This data protection policy ensures LFF:

  • Complies with General Data Protection Regulation (GDPR) and follows good practice
  • Protects the rights of involved in the Festival and other contacts
  • Is open about how it stores and processes individuals’ data
  • Protects itself from the risk of data breach

Data protection law

The General Data Protection Regulation (GDPR) replaces the Data Protection Acts of 1998 and 2003 and describes how organisations, including LFDC, must collect, handle and store personal information.

These rules apply regardless of whether data is stored electronically or on paper.

To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.

 The General Data Protection Regulation (GDPR) has 6 important principles.  These are

  1. Lawfulness, fairness and transparency  - data should be gathered and used in a way that is legal, fair and understandable. Members have the right to know what is being gathered and have this corrected or removed.
  2. Purpose limitation  - data must only be used for a legitimate purpose specified at the time of collection. This data should not be shared with third parties without permission.
  3. Data minimisation The data collected should be limited only to what is required for the purpose stated.
  4. Accuracy The personal data should be accurate, kept up to date, and, if it is no longer accurate, should be rectified or erased.
  5. Storage limitation Personal data should only be stored for as long as is necessary.
  6. Integrity and confidentiality Personal data should be held in a safe and secure way that takes reasonable steps to ensure the security of this information and avoid accidental loss, misuse or destruction

People, risks and responsibilities

The policy applies to all committee, officers and interested parties

It applies to all data that the committee holds relating to identifiable individuals

Data protection risks

This policy helps to protect LFF from data security risks, including:

  • Breaches of confidentiality eg. Information being given out inappropriately
  • Failing to offer choice – all individuals should be free to choose how the  Committee uses data relating to them

Responsibilities

  • Everyone within the Committee has responsibility for ensuring that data is collected, stored and handled appropriately.
  • The only people able to access data covered by this policy should be those who need it in order to carry out their duties and responsibilities.
  • Data should not be shared informally.
  • Data should be stored securely

Data storage

When data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it. These guidelines also apply to data that has been printed out from electronically stored information:

  • Paper and printouts should not be left where unauthorised people can see them
  • Data printouts should be shredded when no longer required

When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts.

Subject access requests

All individuals who are the subject of personal data held by LFF are entitled to

  • Ask what information the Committee holds about them and why.
  • How to gain access to it.
  • Be informed how to keep it up to date.
  • Be informed how the Committee is meeting its data protection obligations.

                                                                                                                                                                                                  

Lichfield Folk Festival (LFF)
Data Retention policy

The General Data Protection Regulation (GDPR)

 

Any data held shall only be kept for as long as it is necessary and useful. 

Personal Data will be used only to notify dancers of events organised by LFF.

Personal Data will be reviewed in September every year before booking forms are sent out for the following  year. If there has been no contact with a member during this period, their details will be deleted from the Data base. Personal Data will always be deleted if an individual has withdrawn consent or if the data is no longer up to date.