PRIVACY POLICY
This Privacy Notice explains aims how we collect, use and protect your personal data, as required by the General Data Protection Regulations. The Bristol Eisteddfod Association is a ‘Data Controller’ for the purposes of the Regulations.
1
Why do we collect and use personal data?
We collect data to run the Festival; primarily, this involves the distribution of the syllabus, the allocation of entrants to their chosen classes, communication with entrants in the lead up to the Festival, and the acceptance of payments. We do not collect ‘sensitive data’ unless there is a legitimate reason, e.g. where a participant may need support to enter the Festival.
We also hold data in respect of the Trustees, as required by the Charity Commission, as well as data for any person claiming expenses, e.g. adjudicators or accompanists. We do not hold data for any other purpose nor do we hold data that is not necessary for us to fulfil our obligations.
2
What personal data do we collect?
We collect name and contact information for the applicant; this will often be provided by a teacher making an application for several of his or her pupils. We collect names and ages for those entering the Festival and we require confirmation that the applicant has the necessary consents to provide this information (where the entrant is not the applicant).
3
How do we collect and store this information?
Data is collected at the time of application to the Festival or on submission of an expense claim. The information is provided by paper application form or online via a third party software provider (currently RunMyFestival).
The third party provider also acts as a data controller and has its own privacy notice which is also available online
(https://www.runmyfestival.
co.uk/ runMyFestival/docs/
rmfps.xhtml).
We store the data via a mix of electronic (spreadsheet and RunMyFestival) and manual (paper based) records. Electronic data is stored on computers that are password protected. Manual records are stored in the private homes of ‘festival personnel’ who are volunteers and any manual financial data is kept in a locked cupboard.
4
How long do we retain the data?
Records are retained for approximately one year after each Festival, with the exception of any financial data, which will be kept by the Treasurer as required by legislation (generally 7 years).
5
The lawful basis for processing data
Contractual obligations: we need the personal data of the applicant to meet our contractual obligations. (i.e. to administer and deliver the annual Festival).
Legitimate interest: we hold and process the personal data of entrants to pursue our legitimate interests in a way that might be reasonably expected as part of running the Festival.
Consent: we seek consent before sending any marketing material regarding the Festival; we do not send any marketing material without specific consent from the recipient.
6
Who it is shared with?
Other than using a third party software provider as described above, we do not share personal information with any other person or organisation.
7
Transfer of data outside the European Economic Area (EEA)
Wherever possible the Festival does not use servers that are based outside the EEA. In the case of an exception the service provider must adhere to a code of conduct and security that complies with the requirements of the EEA.
8
Other Websites
Our website provides links to other websites. (e.g. RunMyFestival) This privacy Notice only applies to the Bristol Eisteddfod Association, so when you link to other websites you should read their own privacy notices and direct any questions you may have to the operators of those websites.
9
Access to your personal data and correction
Anyone can request to view, amend or delete their data which is held for the purposes of the Festival by sending a message via the website (http://www.bristolfestival.
co.uk/contact-us.php).