DATA PROTECTION POLICY
This policy describes the strategy of the Exeter Literary Festival with regards to the General Data Protection Regulation (GDPR) that is due to come into force on 25th May 2018.
Exeter Literary Festival collects some personal information from members of the public for specific reasons, primarily to inform people of events and activities in the local area according to their interests.
1. LAWFUL BASIS FOR DATA PROCESSING
The six lawful bases for data processing are set out in Article 6 of the GDPR. These are:
(c) Legal obligation
(d) Vital interests
(e) Public task
(f) Legitimate interests
The lawful basis under which Exeter Literary Festival processes personal data is
(a) Consent: the individual has given clear consent for EXETER LITERARY FESTIVAL to process their personal data for a specific purpose.
2. INDIVIDUAL RIGHTS
The GDPR provides the following rights for individuals:
1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision making and profiling.
2.1 The right to be informed
The EXETER LITERARY FESTIVAL have an obligation to advise individuals how their personal data will be used. This will be via a privacy statement at the time of signing up to the mailing list.
The Exeter Literary Festival takes your privacy seriously and will only use your name and email address to send you emails at your request. Your information will not be used for any other purpose, will not be shared with any other party and you can request to unsubscribe at any time. You also have the right to object if you believe emails from us contain inappropriate material for this mailing list.
Purpose of data processing and the lawful basis:
The purpose for holding the names and email addresses of subscribers is in order to send subscribers emails about the activities of the EXETER LITERARY FESTIVAL and information about the local area according to the interests specified by the subscriber at the time of subscribing.
The lawful basis is consent.
The legitimate interests of the controller:
The EXETER LITERARY FESTIVAL would like to keep subscribers informed of volunteering opportunities relating to current and future literary events.
Categories of personal data:
The EXETER LITERARY FESTIVAL will only hold the name and email address of the subscriber for the purposes of the EXETER LITERARY FESTIVAL emailing list. The EXETER LITERARY FESTIVAL may request further information for the processing of applications for involvement in specific events, and feedback and evaluation of events. The same controls will apply to all data supplied.
Any recipient of the personal data:
The personal data will be stored in a secure database and will only be accessible by mailing list administrators.
Details of transfer to third party and safe guards:
Personal data will not be transferred to any other location or to any other third party.
Personal data will be held from the time of subscribing to the mailing list until such time that the subscriber removes themselves from the list by unsubscribing.
The right to withdraw consent at any time:
Every subscriber has the right to remove themselves from the mailing list at any time by unsubscribing.
2.2 The right of access
Individuals have the right to confirmation that their data is being held by EXETER LITERARY FESTIVAL and to receive a copy of the information stored. This can be provided free of charge by emailing firstname.lastname@example.org
2.3 The right of rectification
Individuals are entitled to have personal data rectified if it is inaccurate or incomplete. This can be achieved free of charge by emailing email@example.com
and must be actioned by EXETER LITERARY FESTIVAL within one month of the request.
2.4 The right to erasure
An individual can request the deletion of their information by unsubscribing from the mailing list using the link that can be found in every email sent out, or by emailing firstname.lastname@example.org
2.5 The right to restrict processing
An individual can request that we cease sending emails to them. Due to the limited data held, this will be treated in the same way as 2.4. Should an individual wish to begin receiving emails again, they should subscribe to the mailing list again as a new user.
2.6 The right to data portability
Due to the limited data held (name and email address), this can be covered by 2.2 whereby a full copy of information held by EXETER LITERARY FESTIVAL will be provided to the individual via email.
2.7 The right to object
An individual has the right to object should they consider the emails to contain inappropriate material for the mailing list by emailing email@example.com
2.8 Rights related to automatic decision making and profiling
No automatic decision making or profiling is currently carried out on the personal data held by EXETER LITERARY FESTIVAL.
3. ACCOUNTABILITY AND GOVERNANCE
The elected Exeter Literary Festival Communications Officer acts as the Data Protection Officer and in the event that this role is vacant, the Chairperson will assume responsibility.
The GDPR requires personal data to be processed in a manner that ensures its security. This includes protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. It requires that appropriate technical or organisational measures are used.
The data will be held in a secure database, and will only be accessible by mailing list administrators, each with individual login usernames and passwords.