Privacy Policy

Privacy Policy

Who We Are

The AllAboutArts Festival (the “Festival”) website, is owned and operated by the Festival Committee. Any questions relating to this privacy policy or exercising your rights under GDPR (General Data Protection Regulation) should be directed to the Festival Data Controller using the email address allaboutartsfestival@outlook.com

What information do we collect via this website?

We may collect and process the following data about you:

  • Contact Data includes name and email address.
  • Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  • Usage Data includes information about how you use our website.
  • Festival Entry Data includes name, address, email address, telephone number(s), teacher/parent status, entrant name(s) and entrant age(s) .
  • Ticket Purchasing Data including name, email address and IP address

Please note that we do not collect ANY payment information. Any payments made for either Festival entry or Ticket Purchasing are processed on, and by, Stripe’s secure servers.

How Is This Data Collected?

  • Contact Data This data is provided by you when you fill out the contact form or send us an email directly.
  • Technical Data and Usage Data This data is collected by automated technologies and is currently limited to the use of Cookies (see below details) and server logs.
  • Festival Entry Data This data is provided by you upon submitting a successful entry or entries to the Festival.
  • Ticket Purchasing Data This data is provided by you upon checkout with the exception of IP address which is identified by the system.

How do we use this information?

  • Contact Data This data is used to allow us to communicate with you in response to your having initiated contact with us. The legal basis for collecting and processing this Data is consent which is provided by you at the time of sending us a message. Consent is given by the clear affirmative action of submitting the contact form:
    “‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;” [GDPR Art.4(11)]
    You may assert your rights under the GDPR legislation and remove this consent at any time by contacting the Data Controller with your request.
  • Technical Data and Usage Data This data is used to analyse usage of the website and services in order to monitor and improve the website and its services, and to prevent malicious activity (please see the Cookies section for more details). The legal basis for collecting and processing this data is our legitimate interests.
  • Festival Entry Data This data is used to administer and organise the preparation and running of the Festival and delivery of Festival results. The legal basis for collecting and processing this data is consent which is given at the time of Festival entry submission, with the submission being a clear, affirmative action. You may assert your rights under the GDPR legislation and remove your consent at any time by contacting the Data Controller with your request. Please note that removal of consent for storing and processing Festival Entry Data will result in your entry/entries being removed from the Festival programme as we cannot administer your entries without processing the data.
  • Ticket Purchasing Data This data is used to allow us to communicate with you regarding your ticket purchase and to administer . The legal basis for collecting and processing this data is consent which is provided by you at the time of submitting your application for Festival Membership. You may assert your rights under the GDPR legislation and remove this consent at any time by contacting the Data Controller with your request.

We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.

In addition to the specific purposes for which we may process your personal data set out in this section, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

Disclosure of Personal Information

We will only share your personal data with third parties where we are legally obliged to or for administration or operational reasons with the following exceptions:

  • Names of Class winners will be published on the website and may also be published in future Festival literature or marketing
  • Names of Entrants will be shown on the Festival live stream/Zoom meeting as part of their performance

Data Retention

  • Contact Data This data, namely your name and email address and message contents, is stored as part of the email communications between yourself and the Festival or its Committee members until such time as it is deemed no longer necessary or you withdraw your consent for storing and processing the data under the GDPR.
  • Technical Data and Usage Data Data collected by Cookies is subject to our Cookie policy (see below). Currently we do not run any analytics or other technologies designed to measure website metrics and usage. If we do, this Privacy Policy will be updated to disclose this fact and the data retention period will be decided at that time.
  • Festival Entry Data This data is stored for a maximum of 5 years after the date of submission. The retention is to enable us to respond to historical queries, track Festival entry trends in order to improve the quality and delivery of the Festival, and to allow accurate accounting. As this data is processed under the legal basis of consent, you may exercise your right to withdraw consent at any time.
  • Ticket Purchasing Data This data is retained for 3 years after the date of ticket purchase. The retention is to enable us to respond to historical payment queries or discrepancies, track Festival ticket purchase trends in order to improve the quality and delivery of the Festival, and to allow accurate accounting.

Data Access

As part of the GDPR, you have the right to request access to the personal data we hold (commonly known as a “data subject access request”). You will not normally have to pay a fee to access your personal data. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.

We aim to complete your request within one month. However, in some cases it may take longer than that, in which case we will contact you and keep you informed of the progress.

Incomplete Data or Requesting Changes

Another of your GDPR rights is the right to have inaccurate personal data rectified, or completed if it is incomplete. Please contact the Data Controller with details and we will be happy to amend or update your information.

Right To Be Forgotten

You have the right (under GDPR) to request the removal and deletion of personal data we hold in relation to you. Please be aware that this is not an absolute right and only applies in specific circumstances. If you request personal data deletion we will act upon your request within one month. Our response will either be to delete the data or to refuse the request, in which case the reason(s) for refusal will be clearly identified.

Please read the ICO guidance for more information.

If you consider that our processing of your personal information infringes data protection laws, or that our response to a request made by you under GDPR legislation was not satisfactory, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

Cookies

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies, and as such, cookies must be regarded as personal data.

We use cookies:

  • to identify you when you visit our website and as you navigate our website
  • to help us to analyse the use and performance of our website and services
  • as an element of the security measures used to protect user accounts, including preventing fraudulent use of login credentials, and to protect our website and services generally
  • to store your preferences in relation to the use of cookies more generally
Managing Cookies

Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:

Blocking all cookies will have a negative impact upon the usability of many websites.
If you block cookies, you will not be able to use all the features on our website

Loading...