Lowdham Pantomime Group (LPG) General Data Protection Regulation Policy
Statement – GDPR stands for General Data Protection Regulation and replaces the previous Data Protection.
It was approved by the EU Parliament in 2016 and came into effect on 25th May 2018.
GDPR states that personal data should be ‘processed fairly & lawfully’ and ‘collected for specified, explicit and legitimate purposes’ and that individuals’ data are not processed without their knowledge and are only processed with their ‘explicit’ consent.
GDPR covers personal data relating to individuals. LPG is committed to protecting the rights and freedoms of individuals with respect to the processing of personal data of members, contractors, subscribers and volunteers.
The Data Protection Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.
GDPR includes 7 rights for individuals
1) The right to be informed
Lowdham Pantomime Group is an amateur dramatics group and as such, is required to collect and manage certain data. We need to know members’ names, addresses, telephone numbers and email addresses, and the email addresses of anyone who signs up to our mailing list.
We also need to know children’s full names, addresses and date of birth. In respect of our Safeguarding Policies, we are requested to provide these data to the Local Authority and the emergency services should they request it. We do not record any information about children without also recording the details of their parent or guardian who will have given consent.
In order to comply with Disclosure and Barring Service (DBS) checks, LPG is also required to hold certain data on members and volunteers. These include names, addresses, email addresses, telephone numbers and date of birth. DBS Numbers and date of issue are also held on an electronic system and are kept securely by the secretary of LPG.
We do not collect personal information from patrons about ticket purchasing or publicity mailing. These activities are managed by LPG and Ticket Source, respectively, and each is responsible under the legislation for how it records and stores patrons’ personal details
We only use a member’s personal data for correspondence about our administration and activities. This is known as Legitimate Interests under the legislation. We will never provide such data to other individuals or organisations without the member’s explicit consent, unless we are legally obliged to do so.
The names and photographs of members may appear on our website and social media in connection with our theatre activities. Names of members appear in production programmes.
2) The right of access
At any point, an individual can make a request relating to their data and LPG will need to provide a response (within 1 month). LPG can refuse a request, if we have a lawful obligation to retain data but we will inform the individual of the reasons for the rejection. The individual will have the right to complain to the Information Commissioner’s Office (ICO) if they are not happy with the decision.
3) The right to erasure
You have the right to request the deletion of your data where there is no compelling reason for their continued use. However, LPG has a legal duty to keep details of members and volunteers for a reasonable time following a request for removal.
Personal names, addresses, dates of birth and emails will be deleted within 1 year of a member leaving LPG. However, photographs and other media can not be deleted.
We shall only store a member’s information for as long as it is required for the purposes for which it was collected or if we are legally obliged to retain it. The personal information that is stored will be regularly reviewed to keep it up-to-date.
We shall ensure that appropriate measures are in place to protect such information from loss, misuse, and unauthorised access or disclosure, including the secure destruction of information after it is no longer required.
Information may be stored digitally on password-protected computers and secure online storage facilities such as iCloud, Google Drive, One Drive and Dropbox.
4) The right to restrict processing
Members and volunteers can object to LPG processing their data. This means that records can be stored but must not be used in any way to generate, for example, examination applications, reports or for communications.
5) The right to data portability
LPG requires data to be transferred from one IT system to another; such as from LPG to the Local Authority or emergency services. The Local Authority and emergency services use secure file transfer systems and have their own policies and procedures in place in relation to GDPR.
6) The right to object
Members and volunteers can object to their data being used for certain activities like marketing or research.
7) The right not to be subject to automated decision-making including profiling
Automated decisions and profiling are used for marketing based organisations. LPG does not use personal data for such purposes.
Storage and use of personal information
LPG stores personal data held visually in photographs or video clips, website images or as sound recordings. Names are stored with images in photo albums, displays, on the website or on LPG social media sites.
GDPR means that LPG must:
* Manage and process personal data properly
* Protect the individual’s rights to privacy
* Provide an individual with access to all personal information held on them.
This Policy will be formally adopted at the AGM meeting LPG in April 2020 but to allow LPG to implement this as soon as is practical, it has been agreed by the executive committee via email consultation on Friday 24th January 2020 that this policy will be implemented with immediate effect.
Policy review date: April 2021