Privacy Notice
Audience Surveys
GIFT will have access to the data you provide on the audience survey form for the purposes of evaluating GIFT’s 2020 digital programme. The data we are collecting includes:
​
-
Demographic information
-
Opinion / feedback
-
Contact details
Evaluation materials will be used for internal monitoring, reporting to funders, publications and to inform future festivals. All identifying information will be anonymised, unless further consents are provided.
All data will be anonymous unless you opt in to share your contact details. All information will be safely stored by GIFT and will be treated as private and confidential and held in accordance with General Data Protection Regulation 2018. The data provided on this form will be held by GIFT for up to 3 years.
To find out more about how GIFT uses your data access GIFT’s Privacy Policy below and / or by contacting: giftfestival.info@gmail.com
​
GIFT Privacy Policy
This privacy policy was last updated: May 2020
Review date: May 2021
About GIFT
GIFT is an Unincorporated Association. Our address is GIFT, Gateshead Central Library, Prince Consort Road, Gateshead, NE8 4LN
GIFT (data controller) is committed to keeping personal information (data) safe and meeting its responsibilities under privacy law. The General Data Protection Regulation (GDPR) applies in the UK and across the EU from May 2018.
This policy outlines:
1. GIFT's responsibilities as a data controller
2. What personal data we collect and why?
3. How data is collected, stored and used and is it shared?
4. The rights of the data individual
This policy will be regularly reviewed and GIFT will share these updates on its website: www.giftfestival.co.uk.
We will get in touch with individuals directly to let them know about any significant changes.
1. GIFT’s responsibilities:
GIFT has a legal responsibility to ensure that data is processed lawfully, fairly and in a transparent manner in relation to individuals (data subject). This means all staff at GIFT are responsible for adhering to this Privacy Policy and GIFT’s Data Management Plan, which follows GDPR 2018.
GIFT’s Data Protection Officer (DPO) is Festival Director Kate Craddock, but all staff have a responsibility to ensure that the processes described in this policy are observed.
2. The personal data we collect and why:
As part of its work GIFT may need to collect personal information from our participants, audiences, employees or contacts. Personal information, or personal data, refers to any information about an individual (data subject) from which that person can be identified. It does not refer to anonymous data. Anonymous data is information where any personal identifiers have been removed. If anonymity is used it will be bought to the individuals’ attention via privacy notices (privacy notices are further explained in section 3.
The lawful basis for us to collect data will come under one of the following processes:
- Consent (when individuals give consent)
- Contract (in order to be able to deliver or enter in to a contract)
- Legal obligation (where the law requires it)
- Vital interests (to protect someone’s life)
- Public task (to perform a task in the public interest or for official functions)
- Legitimate interests (necessary for your legitimate interests unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests)
The lawful basis for the data collection will be detailed at the point of collection.
The types of data GIFT may collect, and store include:
Participants:
- Name and contact details
- Date of Birth
- Demographic information
- Parental consent (if the participant is under 16)
- Emergency contact details
- Relevant medical history, allergies or food intolerances
- Media release consent (for photographs, film, audio and media content)
- Access requirements
- Evaluation information
Workforce (includes employees, freelance staff, trustees, volunteers and interns):
- Name, address and contact details
- Date of Birth
- Demographic information
- Proof of identity (including divers license or passport) for processing DBS checks
- HR information, including Tax, National Insurance and pension information
- Bank details
Audiences:
- Name and contact details
- Demographic information
Contacts:
- Name, address and contact details
The reasons we collect and store data:
​
Participants:
- To gain consent to take part in projects
- To gain permission for children aged under 16 to take part in projects
- To ensure the safety and wellbeing of participants during projects
- To gain consent to take videos and photos and record audio
- To better understand what it is like to work with us
- To document and showcase those taking part in GIFT experiences
- To support the effective administration of the company
Workforce (includes employees, freelance staff, trustees, volunteers and interns):
- To enter into a contract of employment with an individual
- To support the effective administration of the company
- To adhere to legal requirements for retaining financial and contractual information
- To better understand what it is like to work with us
- To document and showcase those working with Unfolding Theatre
Audiences:
- To send news and promotional information about GIFT's work, performances and events
- To send fundraising news
- To better understand the quality and reach of our work, performances and events
Contacts:
- To send news and promotional information about our work, performances and events
- To send fundraising news
- To report the impact and reach of our work
- To record those who have supported us financially or through the use of their services
3. Children/young people:
GIFT creates projects in participation with children and young people. To do so it may require collecting data about the young people taking part. From 13+ GIFT can collect individuals’ email addresses. Parents and guardians will be required to provide consent for young people under the age of 16.
Information may include:
- Name
- Contact details (over 13 only)
- Date of Birth
- Parent / guardian details (under 16)
- Demographic information
- Parental/ guardian consent (if the participant is under 16)
- Emergency contact details
- Relevant medical history, allergies or food intolerances
- Media release consent for photographs, film, audio and media content (parental / guardian consent required if the participant is under 18)
- Access requirements
- Feedback
4. How is data collected, stored, used and is it shared?
In some cases, GIFT may need to gather consent to collect, store and use individuals’ data. If this is the case GIFT will provide a privacy notice at the time the data is being collected. The privacy notice will outline:
​
- Who is processing their data
Most of the time this will be GIFT. However, there may be occasions where we are collaborating with another organisation who also needs access to this data. This will be clearly outlined in the privacy notice.
- What data is involved
The privacy notice will detail all data being requested. We will only request data required for the purposes of the process.
- The purpose for processing that data The privacy notice will detail how and why the data is being processed. We will not share information with other parties unless this outlined in the privacy notice.
- The outcomes of data processing
​
The privacy notice will detail how and where the data is being stored. Information will be stored for different lengths of time. Each privacy notice will specify how long GIFT will store information for.
- How to exercise their rights
Each privacy notice will detail an individuals’ rights. This is further explained below in section 5.
- How data is stored
To protect individual’s privacy GIFT ensures it uses secure processes, procedures and databases to hold data. Privacy notices will outline how each type of data is secured.
General practice includes:
• use of locked filing cabinets where data is stored on paper or memory sticks
• shredding of paper data that is no longer required
• computer log in passwords that are strong, not shared and changed regularly
• restrictions on staff access levels and use of passwords where data is stored on a cloudbased system or network
• using third party processors, which includes cloud-based systems, which have been audited and agreed
GIFT will keep and process data only for long enough to fulfil the purpose for which it was collected. After that point, it will be disposed of in a secure manner. Each privacy notice will explicitly outline how long information will be held.
Privacy notices will be shared with individuals at the point of contact. Individuals can request copies of privacy notices at any given point.
Data sharing:
GIFT will never sell individuals data. However, it may be processed by limited third parties in line with funding agreements and project partnerships. Where any data sharing occurs, or anonymity is used it will be bought to the individual’s attention via privacy notices.
Examples of data sharing include:
• Sharing participant, audience and workforce statistics with third parties, including Arts Council England, funders and project partners, to report on its work
• Using third-party provider, Mail Chimp & Wix to deliver its newsletters
• Using third-party provider, Just Giving to deliver fundraising campaigns
• Using Google Analytics and Audience Agency’s web analytics tool to collect information regarding visitor website interactions. (This includes what visitors do on our website, as well as information provided by visitor’s computers, i.e. browser type. This data is anonymised and GIFT will not attempt to find out the identities of those visiting its website).
When visiting GIFT's website, the individual consents to the use of cookies, files placed on the computer by a website to collect internet log data and learn about the behaviour of visitors. For more information about cookies, including how to turn them off, visit www.aboutcookies.org
GIFT may share information about individuals with law enforcement agencies and other organisations or individuals if required to by law.
5. The rights of the individual: the right to erasure
​
Any individual who is the subject of data held by GIFT is entitled to:
- Ask what information the company holds about them and why
- Ask how to gain access to it
- Be informed how to keep it up to date
- Be informed how the company is meeting its data protection obligations
If you would like a copy of some or all of the data GIFT holds about you
– please contact our DPO at: giftfestival.info@gmail.com
On the receipt of a subject access request GIFT will have 30 days to respond. This process will be managed by the DPO, who will ensure that the subject is aware of the procedure, receiving confirmation of when this process has begun, receiving the requested information within the 30-day period.
The right to erasure:
Data subjects have the right to be ‘forgotten’.
If requested GIFT will erase the data held on individuals as far as reasonably possible.
If you would like to request GIFT delete data, it holds please contact our DPO at: giftfestival.info@gmail.com
Images used online, on social media, in reports or on our website could be tagged, copied, shared or printed by members of the public.
Ongoing review of measures to ensure compliance:
Meeting the obligations of the GDPR to ensure compliance will be an ongoing process.
GIFT will regularly renew its policy and processes to ensure it complies.
GIFT will:
i. Maintain documentation/evidence of the privacy measure plans, implementation and records of compliance in conjunction with its Data Management Policy
ii. Train employees on privacy and data protection matters
Any questions:
If you have questions about your personal data or our privacy policy please contact our Data Protection Officer (DPO) at giftfestival.info@gmail.com or phone.
Alternatively, write to GIFT at:
If you require more support, or wish to contact the Information Commissions Office, please use this link: https://ico.org.uk/your-data-matters/