PURPOSE OF DOCUMENT
The purpose of this document is to define the procedure for data protection of members, traders and event participants information.
From May 2018 the General Data Protection Regulations (GDPR) applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This could include chronologically ordered sets of manual records containing personal data.
As part of the GDPR we must demonstrate:
- That we have a lawful basis for collecting and processing personal data;
- That we keep the data securely;
- That we will delete personal data when specifically requested by an individual or company;
- That we will delete personal data after a defined time period;
COMPANY GDRP COMPLIANCE
Recording of Data
Any event entry forms that require the one of more of the following details of an individual or company shall include a company GDRP statement (see section 4)
- Postal/residential address
- email address
- phone number
- bank account, credit/debit card or electronic payment information or any information that could identify you;
It is important to note that Children (under age 13) are not legally allowed to give their consent and this must be sought from their legal parent or guardian;
Storage Of Data
Any member who retains paper copies, or uses a personal computer to store any correspondence such as emails, event forms, letters that contain personal details of any persons or company having contact with Swanage Regatta and Carnival shall ensure that the computer is password protected and is kept secure at all times and that paper copies of information are kept in a suitably locked location.
Deletion of Data
Unless there is a specific and legitimate reason for doing so, all electronic files and emails shall be deleted and paperwork more than 12 months old shall be destroyed. Paper copies of original documentation shall be shredded, electronic files shall be deleted and must also be permanently deleted from the users “recycle bin” or deleted items folder.
Use of Email
Where a member of the company fulfills a position that is provided with a company email address the following shall be complied with:
- When sending emails to more than one non-member the sender must use bcc for all recipients;
- When sending emails to more than one member the sender should use bcc for all recipients unless they know all recipients have given consent for their email to be known;
- [name]@swanagecarnival.com email addresses must be used for all correspondence with third parties;
- Emails pertaining to Swanage Regatta and Carnival Ltd must be kept in a separate location (or email folder) from personal emails so they can be located or deleted when necessary. This includes sent items folders which will also contain emails which will have to be managed;
COMPANY GDRP STATEMENTS
General Policy Statement
The following statement forms the policy for Swanage Regatta and Carnivals compliance with the 2018 GDRP legislation;
- The Data Controller is SWANAGE REGATTA AND CARNIVAL LTD, Herston Cross House, 230 High Street, Swanage, Dorset BH19 2PQ. Swanage Regatta and Carnival is a company limited by guarantee, Registered in England No.4933189
- We collect personal information data to respond to enquiries and administer our events.
- We obtain personal information from our contacts with you; application forms, ticket applications, responses to advertising and trading records.
- We have a legitimate interest in keeping and processing the data to maintain a database to provide information requested and in our commercial interests relating to our events.
- The processing is undertaken within our organisation and used only for the purposes of administering the event.
Any person or company has the right to be removed from our data lists.
- We will remove such details on request (email secretary@swanage carnival.com or by post to the above address) and unless there is a legal requirement to keep that information will delete it from our records;
- Any person or company has the right to know the information we hold about them (email secretary@swanage carnival.com or by post to the above address). We may make further enquiries to confirm any such request is from an individual or company.
- We will correct any errors a person or company alerts us to.
- Except where a person or company has asked for removal we will keep data for as long as we have a relationship with them and no longer than 1 year thereafter unless there is a specific reason to retain it.
- Except where there is a legal requirement for us to provide information we will refer any enquiry asking for personal information to the person or company concerned when it is requested.
Public Event Form Statement
The following statement shall be added to all event entry forms:
Swanage Regatta and Carnival will hold personal data about you including your name, postal address, phone number(s) and an email address. We will keep your data for a maximum of one year unless there is a specific reason to retain it. Data you have shared with us will not be shared with any external parties without your permission and will only be used to contact you for matters related to this event.
Traders Form Statement
The following statement shall be added to all Trade booking forms:
Swanage Regatta and Carnival will hold personal data about you including your name, postal address, phone number(s) and an email address. We will keep your data for a maximum of one year unless there is a specific reason to retain it. Data you have shared with us will only be shared with any external parties for operational requirements and will only be used to contact you for matters related to this event.