Last Revised: September 2022
1.0 OUR CORE BELIEFS REGARDING USER PRIVACY AND DATA PROTECTION
Big Church Festival is committed to safeguarding the privacy of anyone who applies to exhibit or advertise with us; this policy sets out how we will treat your personal information.
- Your privacy as a user and protection of your data are human rights
- We have a duty of care to the people whose data we collect and process
- Data is a liability, it should only be collected and processed when absolutely necessary
- We dislike spam as much as you do!
- We will never sell or rent your data, and will only distribute your data with our third party partners with your specific consent.
2.0 EXPO/TEA GARDEN MARKET AND ADVERTISING APPLICATIONS
If you are applying to be in the Expo, Tea Garden Market or applying for an advert, in line with our Big Church Festival GDPR policies, we will keep your information unless you email and request that it is deleted from the time you confirm your booking and will not use your data for any other purposes. If you wish to opt out of an correspondances during this time, please notify us by contacting [email protected].
3.0 EMAIL NEWSLETTER
If you apply through our Promotional Opportunities Brochure you will then automatically join our mailing list, the email address that you submit to us will be forwarded to MailChimp who provide us with email marketing services. We consider MailChimp to be a third party data processor (see section 6.0 below). The email address that you submit will not be stored within this website’s own database.
Your email address will remain within MailChimp’s database for as long as we continue to use MailChimp’s services for email marketing or until you specifically request removal from the list. You can do this by unsubscribing using the unsubscribe links contained in any email newsletters that we send you or by requesting removal via email. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list.
If you are under 13 years of age you MUST obtain parental consent before joining our email newsletter.
While your email address remains within the MailChimp database, you will receive periodic (approximately monthly) newsletter-style emails from us.
4.0 STORAGE OF PERSONAL INFORMATION AND ‘LEGITIMATE INTEREST’
We may collect, store and use the following kinds of personal data:
- Information about your visits to and use of this website;
- Information concerning any transactions you undertake with us on or in relation to this website, including any purchases you make of goods or services;
- Information that you provide to us for the purpose of registering with us and/or subscribing to our website services and/or email notifications
4.1 What lawful bases do we rely on to use your personal data?
What lawful bases do we rely on to use your personal data?
The lawful bases that we rely on for processing your personal data are:
- You have provided your consent to us using your personal data for a specific purpose:
We will ask for your consent to use your personal data to send you electronic communications such as newsletters and emails.
You always have the right to withdraw your consent at any time.
- It is necessary in connection with the performance of a contract with you:
Sometimes it is necessary to process your personal data so that we can enter into contractual relationships with you. For example, for Members and Causes that we enter into agreements with we will need to process personal data about your contacts to enable us to perform our agreement.
- It is necessary for compliance with a legal obligation to which we are subject:
This would include where we have to retain certain records, for example. Or where we are required to disclose personal data to any regulators or law enforcement agencies.
- It is within our legitimate interests.
Applicable law allows personal data to be collected and used if it is reasonably necessary for our legitimate interests or a third party’s legitimate interests (as long as the processing is fair, balanced and does not unduly impact individuals’ rights). We will rely on this ground to process your personal data when it is not practical or appropriate to ask for your consent, and where we are confident that this will not impact your rights.
Our legitimate interests are achieving our mission. Our Website facilitates this mission.
We also have a legitimate interest in providing useful reports and feedbacks to Members and Trustees, in an anonymous form.
We will also rely on our legitimate interests for the proper administration of Big Church Tickets and to manage our operations (for example, maintaining appropriate records and databases).
When we process your personal data to achieve such legitimate interests, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal data for activities where our interests are overridden by the impact on you, for example where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).
Sensitive or special category data
We do not anticipate the collecting of sensitive data from you (i.e. data on health, ethnicity, race, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, sex life or sexual orientation).
Where we do collect such sensitive data from you, we will ensure that we obtain your prior explicit consent. You always have the right to withdraw your consent.
4.2 Your rights
Right to restrict processing
In certain circumstances you have a right to require us to stop processing your personal data in a particular way. To find out more, please email us at [email protected]chfestival.com.
Right to erasure
You have the right to request that your personal data is erased from our database in certain circumstances. To find out more, please email us at [email protected]
Right of access
You have a right to ask for a copy of the personal data we hold about you. If you want to access your personal data, please send a description of the personal data you want to see and proof of your identity to [email protected], data provision is free of charge.
Right to rectification
We also want to make sure that your personal data is accurate and up to date. Please let us know if your details change. You may also ask us to correct or remove personal data which is inaccurate.
Right to object
You can also opt-out of receiving all or some of our marketing communications or request that we stop processing personal data about you for certain purposes at any time by contacting us using the details below.
Right to data portability
In certain circumstances you have a right to data portability which means we will provide you (or a third party you nominate) with your personal data in a structured, commonly used and machine-readable format.
Please note that you may only use/ benefit from some of these rights in limited circumstances. For more information, we suggest that you consult guidance from the Information Commissioner’s Office (ICO) www.ico.org.uk or please contact us using the details below.
We keep personal data for as long as there is a need to keep it in connection with the purposes for which it was collected and in accordance with our Data Retention Policy. In the event that you ask us to stop sending you marketing communications, we will retain certain details, such as your name, to help us ensure that you are not contacted again.
5.0 ABOUT THIS WEBSITE’S SERVER
This website is hosted by AWS within their EU West 1 data centre located in Ireland.
Full details of cloud security within AWS data centre can be found here.
All traffic (transferral of files) between this website and your browser is encrypted and delivered over HTTPS
6.0 OUR THIRD PARTY DATA PROCESSORS
We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with the legislation set out in section 2.0. All three of these third parties are based in the USA and are EU-U.S Privacy Shield compliant.
7.0 DATA BREACHES
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
8.0 DATA CONTROLLER
The data controller of this website is: Big Church Festival, a Charity and UK Private limited Company by guarantee without share capital use of ‘Limited’ exemption with company number: 06794709
Whose registered office is:
40 Oxford Road, Worthing, West Sussex, BN11 1UT
And whose operating office is:
PO BOX 3340. LITTLEHAMPTON WEST SUSSEX BN16 9FP
Big Church Festival welcomes your comments regarding this Statement of Privacy. If you believe that Big Church Festival has not adhered to this policy, please contact Big Church Festival. We will use commercially reasonable efforts to promptly determine and remedy the problem.
9.0 DATA PROTECTION
In the event of data protection queries please email [email protected] and we will get back to you as soon as possible.
10.1 Version Date
– V1 – Policy developed 5th October 2018
– V2 – Policy developed 20th September 2019
– V3 – Policy developed 27th September 2021
– V4 – Policy developed 12th September 2022