Thornbury Carnival C.I.C.
Last Updated: 17th May 2022
From May 2018, the General Data Protection Regulations (GDPR) applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified by reference to an identifier.
The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This could include chronologically ordered sets of manual records containing personal data.
As part of the GDPR we must demonstrate:
- That we have a lawful basis for collecting and processing personal data.
- That we keep the data securely.
- That we will delete personal data when specifically requested by an individual or company.
- That we will delete personal data after a defined time period.
Why We Store Data
In order to manage our membership and events, Thornbury Carnival must gather and use information that people provide to us. Before storing any information about someone we will always get their consent first. That consent will take the form of an ‘Opt-In’ (where it must be clearly stated that we have permission to do so) instead of an ‘Opt-Out’ (stating that we do not).
A key source of personal data that may be stored and used by Thornbury Carnival CIC includes photographs of the event. Notice’s will be attached to relevant access points and stages, informing the public that their picture may be taken by official designated Carnival Photographers, and who to contact if they wish to have photographs deleted. Announcements will be made on the public system during the day to highlight this.
What Data Will We Hold?
Typically, we will store the following information:
- Names of individuals
- Postal addresses
- Email addresses
- Telephone numbers
- Other relevant information relating to individuals
- Information provided to us about acts, performances, exhibits or stalls • Information provided to us in any on-site parking requests
In addition to the above, we may also store other information about you that is directly relevant to event management. Any member who retains paper copies or uses a personal computer to store any correspondence such as emails, event forms, letters that contain personal details of any persons or company having contact with Thornbury Carnival shall ensure that the computer is password protected and is kept secure at all times and that paper copies of information are kept in a suitably secure location.
What Data We Will Not Hold?
We will never hold the following information about individuals: • Banking details
- Political information
- Marketing Information
- Information provided by 3rd parties
Who Can Access The Data We Hold?
Access to data provided to us will be made available to all persons working for (or on behalf of) Thornbury Carnival CIC with a valid reason to access that data. It will not be made available to any other persons or organisations without the express permission of the individual the data refers to.
How Is The Data We Hold Protected?
Your data will be stored to comply with the provisions of our Data Protection Policy (copy on request). That mandates how all copies of any data (whether paper or electronic) are securely managed and protected against disclosure to unauthorised persons or organisations.
How Long Will We Hold Data For?
Unless there is a specific and legitimate reason for doing so, all electronic files and emails shall be deleted and paperwork more than 5 years old shall be destroyed. Paper copies of original documentation shall be shredded, electronic files shall be deleted and must also be permanently deleted from the users “recycle bin” or deleted items folder.
How Can You Find Out What Data We Hold About You?
You have a legal right under UK Data Protection laws to request a copy of all relevant information we hold about you. To do that you should contact the Chair of Thornbury Carnival CIC and submit a ‘Subject Access Request’. That costs £10 (to cover administration costs) and Thornbury Carnival CIC is legally obliged to reply to your request within 30 days.
As part of that process, we must ensure that you have a legal right to the information you request. We will therefore take steps to verify your identity BEFORE releasing any data to you. If after receiving a copy of the data we hold about you, you wish that all/part of it be changed/deleted, you should contact the Thornbury Carnival official who sent you that data and formally request that it be altered.
What Will Happen If A Data Breach Occurs?
Thornbury Carnival CIC has procedures in place to monitor access to the information we hold about you. If we determine any information has been unlawfully communicated to 3rd parties, we will notify you as soon as possible.
Public Event Form Statement
The following statement shall be added to all event entry forms:
Thornbury Carnival will hold personal data about you including your name, postal address, phone number(s) and an email address.
We will keep your data for a maximum of five years unless there is a specific reason to retain it. Data you have shared with us will not be shared with any external parties without your permission and will only be used to contact you for matters related to this event.