We will use the information that we collect about you in accordance with, the Privacy and Electronic Communications Regulations 2003, the Data Protection Act 1998 (DPA) and any replacement laws, and, from May 2018, the General Data Protection Regulation (GDPR).
1. Who are we?
Company is a performing arts organisation based in the UK, a registered company in England (no 4302402) and a registered charity (no 1111087).
2. Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. We do not collect sensitive data. The processing of personal data is governed by the General Data Protection Regulation (GDPR).
3. How do we process your personal data?
Company complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use personal data for the following legitimate business purposes:
a. To invite you to concerts, receptions, events etc;
b. To inform those on our mailing list of news, concerts, projects, fundraising campaigns, other people’s events etc;
c. To fundraise for projects and charitable aims;
d. To maintain appropriate governance procedures;
e. To maintain our own financial accounts and administrative records (including the processing of gift aid applications);
f. To contact and contract musicians, contractors, employees and volunteers;
g. To use film, photographs and/or audio for promotional purposes on our web site, social media or other media formats.
We may occasionally use information sources that are in the public domain to learn more about you and to ensure that the data we hold about you is accurate and up to date.
4. What is the legal basis for processing your personal data?
Under GDPR, Company processes your personal data for the specific purposes set out in paragraph 3 which are in our legitimate interests and help us to enhance the services and communications we provide.
When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests – we will not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
We aim to be clear when we collect your data and not to do anything you wouldn’t reasonably expect.
We may process your personal data because it is necessary for the performance of a contract. For example, if you make a purchase, sign up for an event or give a donation.
We may process personal data because it is in our legitimate interests to do so. For example, we may use your personal information to understand your interests or reasons for donating to us, to conduct due diligence on major donors, to tailor our communications to you or to provide an exceptional experience. We may also collect information about how you use our services (including our website) to analyse our customer base and improve our processes.
5. Sharing your personal data
We do not sell personal details to third parties for any purpose nor will we share your personal data with any other organisations for their own marketing communications.
We may need to disclose your details:
• if we run an event in partnership with another named organisation so that they can help us run the event
• to our legal advisors
• for the purposes of regulatory or inspection compliance, for example to the Charity Commission
• Data processing services acting in an accordance with our instructions, and subject to confidentiality obligations
• in order to comply with any legal obligation to do so. This includes the police and other crime protection and detection agencies or regulatory bodies.
6. How long do we keep your personal data?
Specifically, we retain data while it is still current and gift aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate.
7. Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
• To request a copy of your personal data which Company holds about you;
• To request that Company corrects any personal data if it is found to be inaccurate or out of date;
• To request your personal data is erased where it is no longer necessary for Company to retain such data;
• The right to withdraw your consent to the processing at any time (opt out);
• The right to request that Company provides you with your personal data and where possible, to
transmit that data directly to another data controller (known as the right to data portability);
• Where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
• To object to the processing of personal data;
• The right to lodge a complaint with the Information Commissioners Office.
If you wish to withdraw your consent at any time, you can do so either by contacting us, or simply by clicking the 'unsubscribe' link at the bottom of any forthcoming emails.
9. Contact details
To exercise all relevant rights and to raise queries or complaints please in the first instance contact Company General Manager, Bronek Pomorski on 01444 443060 or via email at firstname.lastname@example.org; or at Company’s correspondence address: Opera Brava Limited, Morley House, Franklynn Road, Haywards Heath RH16 4DT.