LEIGHTON-LINSLADE CARNIVAL – PRIVACY STATEMENT
PURPOSE OF DOCUMENT
The purpose of this document is to define the procedure for data protection of members, traders and event participants information by Leighton-Linslade Carnival.
From May 2018 the General Data Protection Regulations (GDPR) applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified by reference to an identifier.
The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This could include chronologically ordered sets of manual records containing personal data.
As part of the GDPR we must demonstrate:
That we have a lawful basis for collecting and processing personal data.
That we keep the data securely.
That we will delete personal data when specifically requested by an individual or company.
That we will delete personal data after a defined time period.
Recording of Data
Any event entry forms that require the one of more of the following details of an individual or company shall include a company GDPR statement (see section 4)
bank account, credit/debit card or electronic payment information or any information that could identify you.
It is important to note that Children (under age 13) are not legally allowed to give their consent, and this must be sought from their legal parent or guardian.
Storage of Data
Any member who retains paper copies or uses a personal computer to store any correspondence such as emails, event forms, letters that contain personal details of any persons or company having contact with Leighton-Linslade Carnival shall ensure that the computer is password protected and is kept secure at all times and that paper copies of information are kept in a suitably secure location.
Deletion of Data
Unless there is a specific and legitimate reason for doing so, all electronic files and emails shall be deleted and paperwork more than 5years old shall be destroyed. Paper copies of original documentation shall be shredded, electronic files shall be deleted and must also be permanently deleted from the users “recycle bin” or deleted items folder.
Use of Email
Where a member is representing Leighton-Linslade Carnival, the following shall be complied with:
When sending emails to more than one non-member the sender must use bcc for all recipients.
When sending emails to more than one member the sender should use bcc for all recipients unless they know all recipients have given consent for their email to be known.
firstname.lastname@example.org address must be used for all correspondence with third parties.
Emails pertaining to Leighton-Linslade Carnival must be kept in a separate location (or email folder) from personal emails so they can be located or deleted when necessary. This includes sent items folders which will also contain emails which will have to be managed.
General Policy Statement
The following statement forms the policy for Leighton-Linslade Carnival’s compliance with the 2018 GDPR legislation.
- The Data Controller is LEIGHTON-LINSLADE CARNIVAL using the postal address of theChairman, as published on the Committee page of our website
- We collect personal information data to respond to enquiries and administer our events.
- We obtain personal information from our contacts with you; application forms, bookingforms
- We have a legitimate interest in keeping and processing the data to maintain a database to provide information requested and in our commercial interests relating to our events.
- Theprocessing is undertaken within our organisation and used only for the purposes of administering the events.
- Any person or company has the right to be removed from our data lists.
- We will remove such details on request (email email@example.com or by post to the address referredto in point 1 above) and unless there is a legal requirement to keep that information will delete it from our records.
- Any person or company has the right to know the information we hold about them (email firstname.lastname@example.org com or by post to the address referred to in point 1 above). We may make further enquiries to confirm any such request is from an individual or company.
- We will correct any errors a person or company alerts us to.
- Except where a person or company has asked for removal, we will keep data for as long as we have a relationship with them and no longer than 2 years thereafter unless there is a specific reason to retain it.
- Except where there is a legal requirement for us to provide information, we will refer any enquiry asking for personal information to the person or company concerned when it is requested.
Public Event Form Statement
The following statement shall be added to all event entry forms:
Leighton-Linslade Carnival will hold personal data about you including your name, postal address, phone number(s) and an email address. We will keep your data for a maximum of five years unless there is a specific reason to retain it. Data you have shared with us will not be shared with any external parties without your permission and will only be used to contact you for matters related to this event.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
A cookie often contains a unique number which can be used to recognise your device, when a user of this device returns to a website that it has visited before.
performance of our site.
Adopted November 2020