Portsmouth Music Festival collects and uses personal information (referred to in the General Data Protection Regulation (GDPR) as personal data) about committee members, volunteers, performers, parents of performers under 18, teachers and other individuals who come into contact with the Festival. This information is gathered in order to enable the running of the Festival and other associated functions. In addition, the Festival may be required by law to collect, use and share certain information
Andrew McVittie, Chair of Portsmouth Music Festival, is the Data Controller of the personal data that it collects and receives for these purposes.
Portsmouth Music Festival’s Data Protection Officers are the Management Committee who may be contacted via the Chair (firstname.lastname@example.org).
Portsmouth Music Festival issues Privacy Notices (also known as a Fair Processing Notices) to all performers, parents of performers under 18, committee members, volunteers and teachers. These summarise the personal information held about performers, parents of performers under 18, committee members, volunteers and teachers, the purpose for which it is held and who it may be shared with. It also provides information about an individual’s rights in respect of their personal data.
This policy sets out how Portsmouth Music Festival deals with personal information correctly and securely and in accordance with the GDPR, and other related legislation.
This policy applies to all personal information however it is collected, used, recorded and stored by Portsmouth Music Festival and whether it is held on paper or electronically.
What is Personal Information/ data?
Personal information or data means any information relating to an identified or identifiable individual. An identifiable individual is one who can be identified, directly or indirectly by reference to details such as a name, an identification number, location data, an online identifier or by their physical, physiological, genetic, mental, economic, cultural or social identity. Personal data includes (but is not limited to) an individual’s, name, address, date of birth, photograph, bank details and other information that identifies them.
Data Protection Principles
The GDPR establishes six principles as well as a number of additional duties that must be adhered to at all times:
2. Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (subject to exceptions for specific archiving purposes)
3. Personal data shall be adequate, relevant and limited to what is necessary to the purposes for which they are processed and not excessive;
4. Personal data shall be accurate and where necessary, kept up to date;
5. Personal data shall be kept in a form that permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
6. Personal data shall be processed in a manner that ensures appropriate security of the personal information.
Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of data protection.
Data Controllers have a General Duty of accountability for personal data.
Portsmouth Music Festival is committed to maintaining the principles and duties in the GDPR at all times. Therefore Portsmouth Music Festival will:
Complaints will be dealt with in accordance with Portsmouth Music Festival’s complaints policy. Complaints relating to the handling of personal information may be referred to the Information Commissioner who can be contacted at Wycliffe House, Water Lane Wilmslow Cheshire SK9 5AF or at www.ico.gov.uk
This policy will be reviewed as it is deemed appropriate, but no less frequently than every 3 years. The policy review will be undertaken by the Management Committee.
If you have any enquires in relation to this policy, please contact Andrew McVittie in the first instance. (email@example.com)