Privacy policy

1 What is this policy for?

1.1 Whenever we need to collect any of your data, we will let you know why we need to do so and what it will be used for, but this guide provides a useful overview of all of those situations and provides more detail on how we keep your data secure and up to date, how long we might hold it for, and what your rights are in relation to it.

1.2 Whittington Music Festival is committed to protecting your personal data and will use any personal or sensitive data we collect from you in line with the General Data Protection Regulations (GDPR).

2 Who’s responsible for data the group collects?

2.1 Whittington Music Festival is a Data Controller under the GDPR. Whittington Music Festival’s Data Controller is Pam Parish who can be contacted at info@whittingtonmusicfestival.org.uk.

3 What data do we collect and what do we use it for?

3.1 Whittington Music Festival collects data from individuals to help us plan, organise and run our day-to-day operations.

3.2 Event attendees: for processing and managing tickets for events

3.2.1 As our events are ticketed, we need to collect your data in order to allow you access to the event and to send you a confirmation of your reservation/purchase.

3.2.2 This data will only be used for administering your access to the event/s for which you have booked and will not be used to send you marketing/promotional messages from the group unless you have also provided your consent to receive these (see below).

3.3 Mailing list subscribers: for marketing and promotion

3.3.1 We offer everybody the opportunity to sign up (consent) to receive marketing and promotional information on our activities (e.g. emails about forthcoming events).

3.3.2 When you sign-up to our marketing mailing list we will ask for your name, email, phone number and postal address. We will use this data to send you information about our events and activities (e.g. forthcoming performances, social events and fundraising events).

3.3.3 Anything we send you will include a clear option to withdraw your consent (i.e. to opt out of future emails) and you can also do so at any time by contacting the Data Controller (identified in 2.1 above)

4 Do we share your data with anyone else?

4.1 We will never pass your details on to third parties except where we use third party services for Festival communications and ticketing. We will always make sure any third parties we use are reputable, secure, and process your data in accordance with your rights under GDPR.

5 Are there special measures for children’s data?

5.1 We do not knowingly collect or store any personal data about children under the age of 13.

6 How can you update your data?

6.1 You can contact us at any time at info@whittingtonmusicfestival.org.uk to update or correct the data we hold on you.

7 How long will we hold your data?

7.1 The Whittington Music Festival data retention policy is to review all data held on individuals at least every two years and remove data where we no longer have a legitimate reason to keep it.

7.2 Where you have withdrawn your consent for us to use your data for a particular purpose (e.g. unsubscribed from a mailing list) we may retain some of your data for up to two years in order to preserve a record of your consent having been withdrawn.

8 What rights do you have?

8.1 Under the GDPR, you have the following rights over your data and its use:

• The right to be informed about what data we are collecting on you and how we will use it
• The right of access – you can ask to see the data we hold on you
• The right to rectification – you can ask that we update or correct your data
• The right to object – you can ask that we stop using your data for a particular purpose
• The right to erasure – you can ask us to delete the data we hold on you
• The right to restrict processing – you can ask that we temporarily stop using your data while the reason for its use or its accuracy is investigated
• Though unlikely to apply to the data we hold and process on you, you also have rights related to portability and automated decision making (including profiling)