Data Policy

DATA POLICY

  1. Norfolk Music Festival needs to keep personal data about its committee, members, volunteers, participants and supporters in order to carry out group activities.
  2. We will collect, store, use, amend, share, destroy or delete personal data only in ways which protect people’s privacy and comply with the UK General Data Protection Regulation (GDPR) and other relevant legislation.
  3. We will only collect, store and use the minimum amount of data that we need for clear purposes, and will not collect, store or use data we do not need.
  4. We will only collect, store and use data for:
    • purposes for which the individual has given explicit consent, or
    • purposes that are in our our group’s legitimate interests, or
    • contracts with the individual whose data it is, or
    • to comply with legal obligations, or
    • to protect someone’s life, or
    • to perform public tasks.
  5. We will provide individuals with details of the data we have about them when requested by the relevant individual.
  6. We will delete data if requested by the relevant individual, unless we need to keep it for legal reasons.
  7. We will endeavour to keep personal data up-to-date and accurate.
  8. We will store personal data securely.
  9. We will keep clear records of the purposes of collecting and holding specific data, to ensure it is only used for these purposes.
  10. We will not share personal data with third parties without the explicit consent of the relevant individual, unless legally required to do so.
  11. We will endeavour not to have data breaches. In the event of a data breach, we will endeavour to rectify the breach by getting any lost or shared data back. We will evaluate our processes and understand how to avoid it happening again. Serious data breaches which may risk someone’s personal rights or freedoms will be reported to the Information Commissioner’s Office within 72 hours, and to the individual concerned.
  12. To uphold this policy, we will maintain a set of data protection procedures for our committee and volunteers to follow.

’Specific Actions’

  • The personal data we hold consists of: Name(s), Age (minors only), Address, Telephone number(s) and Email addresses.
  • When you enter the Festival online your data is stored on a secure server in encrypted spreadsheets and backed up on an external hard drive
  • If you have subscribed to our electronic newsletter, your email address will be held remotely on a secure server in an encrypted spreadsheet and backed up on an external hard drive.
  • You have the right to see what data we hold on you by requesting to do so on our website or by emailing: info@norfolkmusic.org.uk. Data will be removed within 28 days upon your request