Thornbury Carnival C.I.C.

Introduction

The UK Data Protection Act 1998 describes how organisations (including Thornbury Carnival) must collect, handle and store personal information. That Act is underpinned by eight important principles which say that personal data must:

1. Be processed fairly and lawfully
2. Be obtained only for specific, lawful purposes
3. Be adequate, relevant and not excessive
4. Be accurate and kept up to date
5. Not be held for any longer than necessary
6. Processed in accordance with the rights of data subjects
7. Be protected in appropriate ways
8. Not be transferred outside the UK, unless that country or territory also ensures an adequate level of data protection

This document provides an overview of how the Thornbury Carnival protects your privacy.

Why We Store Data

In order to manage our membership and events Thornbury Carnival must gather and use information that people provide to us. Before storing any information about someone we will always get their consent first. That consent will take the form of an ‘Opt-In’ (where it must be clearly stated that we have permission to do so) instead of an ‘Opt-Out’ (stating that we do not).

What Data Will We Hold

Typically, we will store the following information:

• Names of individuals
• Postal addresses
• Email addresses
• Telephone numbers
• Other relevant information relating to individuals
• Information provided to us about acts, performances, exhibits or stalls
• Information provided to us in any on-site parking requests

In addition to the above we may also store other information about you that is directly relevant to event management.

What Data We Will Not Hold

We will never hold the following information about individuals:

• Banking details
• Political information
• Marketing Information
• Information provided by 3rd parties

Who Can Access The Data We Hold

Access to data provided to us will be made available to all persons working for (or on behalf of) Thornbury Carnival with a valid reason to access that data. It will not be made available to any other persons or organisations without the express permission of the individual the data refers to.

How Is The Data We Hold Protected

Your data will be stored to comply with the provisions of our Data Protection Policy (copy on request). That mandates how all copies of any data (whether paper or electronic) are securely managed and protected against disclosure to unauthorised persons or organisations.

How Long Will We Hold Data For

We will hold data supplied to us for no more than 5 years after its last use. i.e. if you acted, performed, exhibited or had a stall at an event in 2016 and 2019, your data would be created in 2016 and destroyed by 2024 (if you do not attend another event before then).

How Can You Find Out What Data We Hold About You

You have a legal right under UK Data Protection laws to request a copy of all relevant information we hold about you. To do that you should contact the Chair of Thornbury Carnival and submit a ‘Subject Access Request’. That costs £10 (to cover administration costs) and Thornbury Carnival is legally obliged to reply to your request within 30 days.

As part of that process we must ensure that you have a legal right to the information you request. We will therefore take steps to verify your identity BEFORE releasing any data to you. If after receiving a copy of the data we hold about you, you wish that all/part of it be changed/deleted, you should contact the Thornbury Carnival official who sent you that data and formally request that it be altered.

What Will Happen If A Data Breach Occurs

Thornbury Carnival has procedures in place to monitor access to the information we hold about you. If we determine that any of your information has been unlawfully communicated to 3rd parties we will notify you as soon as possible.

To download a pdf copy of this Privacy Policy click here.