The General Data Protection Regulations (GDPR) is a new law which will replace the current Data Protection Act. Every organisation in every sector that processes personal data will have to be compliant with GDPR – this is a fundamental legal responsibility and one which Tisbury Carnival takes very seriously. This document sets out the policy and procedures to be put in place to ensure that TC and its Committee and Volunteers comply with the provisions of the GDPR when processing personal data.
TC is required to adhere to the eight principles of data protection as laid down by the GDPR. In accordance with those principles personal data shall be:
Processed fairly and lawfully and in a transparent manner
Processed for specified purposes only
Adequate, relevant and not excessive
Accurate and up to date
Not kept longer than necessary
Processed in accordance with the individual’s rights
Processed and held securely
Not transferred outside the countries of the European Economic Area without adequate protection.
How We Collect Your Personal Information
Generally, we collect your information when you decide to interact with us. This can happen by you letting us know that you want to receive our newsletter or emailed information about Carnival and/or our other activities, by volunteering to help our charity, by participating in or bringing your business to Carnival, or by becoming a sponsor or donor.
3. The Types of Information We Collect
We only collect the information that is necessary for us to carry out our work as a charity effectively and to make the activities and events that we undertake as enjoyable as possible. Any information that we collect from you will be at an appropriate level and specific to your involvement with TC.
4. How We Protect Your Data
TC is committed to protecting the personal information you entrust to us. Where we process your personal data, we will do so in compliance with the requirements of this policy.
TC must ensure that:
all personal data is kept securely;
no personal data is disclosed either verbally or in writing, accidentally or otherwise, to any unauthorised third party;
any queries regarding data protection, including subject access requests and complaints, are promptly dealt with;
any data protection breaches are attended to swiftly with a view to resolving them as soon as possible;
where there is uncertainty around a data protection matter, advice is sought from the TC Chairperson and/or Committee
Committee and volunteers who are unsure or unclear as to the identities of the authorised third parties to whom they can legitimately disclose personal data should seek advice from the TC Chairperson and/or Committee.
5. Access to Your Data
TC is required to permit individuals to access their own personal data via a subject access request. Any individual wishing to exercise this right should do so in writing. Tisbury Carnival Committee, 9 Whitehill Estate, Hindon SP3 6EHor email us at Tisburycarnival@outlook.com. We will respond to you request as soon as possible.
6. Data Protection Breach
Where a Data Protection breach occurs, or is suspected, it should be reported immediately to TC.
This notice was updated on 14/09/19. It will be updated from time to time to consider changes in the law and it will also be reviewed annually by TC to ensure that it is compatible with developments and changes made within TC.