This is the privacy statement of the Much Wenlock Christmas Fayre. At the Christmas Fayre (“the Christmas Fayre”, “the Fayre”, or “we”) we are committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you; that you provide us or that we receive from others about you will be processed by us. It includes data that we hold electronically and in paper files.
1 | How and why we process personal data
We will process data to deliver the services the Fayre are contracted to provide to you; to administer requests or event bookings submitted via our website https://www.wenlockchristmasfayre.org.uk , via a paper application, or at a marketing event.
We confirm, when processing data on your behalf, that we will comply with the provisions of all relevant data protection legislation and regulation.
We do not sell, rent or lease any of the personal information collected from you to third parties. We do not use or disclose sensitive personal information, such as race, religion, or political affiliations (in the event that we become aware of any), without your explicit consent.
What personal information we collect
The personal information that we collect will vary depending on which product or service we deliver. These may include (the list is non-exhaustive):
- Personal Identifiable Information (Names, email address, postal information)
- Financial
- Business Information (Names, email address, postal information, type of business)
- Confidential
- IP addresses
Where we collect personal information from
- Through formal engagement to provide Christmas Fayre services
- Via our website (General enquiries; mailing list sign ups, event booking; questionnaires or surveys)
- At marketing or recruitment events (event feedback/surveys)
Legal bases for processing data
The legal bases for the processing of client data where a formal client engagement exists is under the following paragraphs of the General Data Protection Regulation (GDPR): Article 6 1.(b), the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, and Article 6 1.(f), it is in the legitimate interests of the data controller or a third party.
Our legitimate interest means the interests of the Fayre in conducting and managing our business to enable us to give you the best service and the best and most secure experience. For example, we have an interest in making sure our marketing is relevant to you, so we may use your data to send you information that is tailored to your interests. It can also apply to processing that is in your interests as well. Safeguards have been put in place to ensure we achieve the correct balance between both our interests.
Where no formal engagement exists, the legal basis for processing personal information is consent provided via our website or via formal consent at a marketing event.
How we use your personal data
The purposes for which personal information is processed may include any or all of the following (the list is non-exhaustive):
- Deliver services and meet legal responsibilities
- Verify identity where this is required
- Communication by post, email, or telephone
- Understand needs and how they may be met
- Maintain records
- Process financial transactions
Who has access and why?
Data will be held and processed for the purpose of providing the service that we are contracted under our Terms of Engagement; or where you have provided your information via our website or at a marketing event.
Only those staff who have a legitimate need to access data will be authorised to do so. We may also be required to share your data with some third parties. For example, if we have a problem with some software it may be necessary to provide the software supplier with specific data. However, where this is necessary we only disclose the information that is required to resolve the issue, and we have agreements in place that require them to keep your information secure and not to use for their own purposes. Examples of third parties could include (this list is non-exhaustive):
- Software providers
- Website hosting provider
- Electronic communication providers
How long we retain your personal data
To meet our legal data protection and privacy obligations, we only hold on to your information for as long as we need it and for the purposes we acquired it for in the first place.
Where we have a formal engagement, we will collect personal data and retain for no more than 18 months. Where you have submitted your data via our website or other marketing channels, we shall keep your personal information on our database for no more than 20 months, subject to an individual’s right to unsubscribe or be forgotten at any time. Please see the Your Rights section below.
2 | Using our website & social media
Information Collection
We may collect information about the software on your computer (your browser version etc) and your IP address (your connection with the internet) in order to improve your interaction with our website. This may happen automatically without you being aware of it.
We may use cookies (small text files which we and other website operators store on your computer when you visit our websites) to deliver a better and more personalised interaction. They enable us to recognise you when you return to the website, store information about your preferences, and
improve the way your searches are processed. This helps us to better manage and develop our website, to provide you with a more enjoyable, customised service and experience in the future, and to help us develop and deliver better products and services tailored to your individual interests and needs.
Cookies also enable us to generate statistics about the number of visitors we have and how they use the website and the internet to improve the service we provide. You can set your browser to reject our cookies if you wish (you should consult your browser help section for details), but this might restrict your use of the website and other websites. For more information about cookies, please see our cookies statement here.
Social media
Any social media posts or comments you send to us (on our Facebook page, Twitter or LinkedIn) will be shared under the terms of the relevant social media platform on which they are written and could be made public. Other people, not us, control these platforms. We are not responsible for this kind of sharing. We recommend you should review the terms and conditions and privacy policies of the social media platforms you use.
3 | Your Rights
You have a number of rights under GDPR:
Right of Access
You have the right, subject to a number of exceptions, to know what information we hold about you.
Right to Rectification
You have the right to have any information we hold about you corrected if inaccurate or incomplete.
Right to Erasure
You have the right to ask us to delete personal information about you where:
- You consider that we no longer require the information for the purposes for which it was obtained.
- We are using that information with your consent and you have withdrawn your consent – see Withdrawing consent.
- You have validly objected to our use of your personal information – please see ‘Right to Object’.
- Our use of your personal information is contrary to law or our other legal obligations.
Right to Object
You have the right to object our processing of your personal data on the basis of legitimate interest, for direct marketing or for processing event bookings.
We will stop processing your data on the basis of legitimate interest unless there are compelling legitimate grounds for us to continue.
We will not use any of your data for direct marketing without your express consent.
Right to Restrict Processing
You have the right to restrict processing of your data in certain circumstances, such as when there is a question over the way in which we are using it.
Right to Data Portability
You have the right to obtain and reuse your personal data for your own purposes.
Automatic Processing
We will not make any decision regarding you by purely automated means.
Withdrawing consent using your information
Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.
Please contact us by contacting us as below or by emailing data.privacy@wenlockchristmasfayre.org.uk if you wish to exercise any of these rights.
4 | Changes to our Privacy Policy
We keep this privacy statement under regular review and will place any updates on this page.
Paper copies of the privacy statement may also be obtained from:
Much Wenlock Christmas Fayre, data.privacy@wenlockchristmasfayre.org.uk
This privacy statement was last updated on 21 May 2018.
Contact information and further advice
Any questions or comments regarding this privacy policy should be emailed to: data.privacy@wenlockchristmasfayre.org.uk
Complaints
We seek to resolve directly all complaints about how we handle personal information but you also have the right to lodge a complaint with the Information Commissioner’s Office, whose contact details are as follows:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
T : 0303 123 1113 (local rate) or 01625 545 745
Website – https://ico.org.uk/concerns