Introduction

The purpose of this policy is to enable the Blewbury Players to comply with the law GDPR (May 2018) in respect of the data it holds about individuals.

The Charity Will:

  • follow good practice

  • protect trustees, volunteers, remunerated personnel (e.g. Directors) and other individuals by respecting their rights

  • demonstrate an open and honest approach to personal data and

  • protect the charity from the consequences of a breach of its responsibilities.

 This policy applies to all the information that we control and process relating to identifiable, living individuals including contact details, photographs, audio and digital recording.

Data Storage and processing

The Blewbury Players recognises that data is held about:

  • trustees

  • volunteers

  • Remunerated personnel e.g. Directors

  • Friends of the Players

  • Those who have consented to be on our mailing list

  • Those who purchase tickets online

This information is always stored securely and access is restricted to those who have a legitimate need to know.  We are committed to ensuring that those about whom we store data understand how and why we keep that data and who may have access to it.  We do not transfer data to third parties without the express consent of the individual concerned.

Rights of individuals

All individuals who come into contact with The Blewbury Players have the following rights under the GDPR:

  • a right of access to a copy of their personal data

  • a right to object to processing that is likely to cause or is causing damage or distress

  • a right to prevent processing for direct marketing

  • a right to object to decisions being taken by automated means

  • a right, in certain circumstances, to have inaccurate personal data rectified, blocked, erased or destroyed and

  • a right to claim compensation for damages caused by a breach of the DPA.

Archived records are stored securely.
The trustees recognise their overall responsibility for ensuring that the charity complies with its legal obligations

Roles and Responsibilities for Trustees

  • reviewing Data Protection and related policies

  • ensuring that Data Protection induction and training takes place

  • handling subject access requests.

All trustees and volunteers are required to read and understand and accept any policies and procedures that relate to the personal data they may handle. The Policy is published on our website http://blewburyplayers.co.uk/

Key risks to the safety of data control and process:

The trustees have identified the following potential key risks:

  • breach of confidentiality (information being given out inappropriately)

  • individuals being insufficiently informed about the use of their data

  • misuse of personal information

  • failure to up-date records promptly

  • poor IT security and

  • direct or indirect, inadvertent or deliberate unauthorised access.

 The trustees will review the charity’s procedures regularly, ensuring that the charity’s records remain accurate and consistent and in particular:

  • IT systems will be designed, where possible, to encourage and facilitate the entry of accurate data

  • data on any individual will be held in as few places as necessary and trustees and staff will be discouraged from establishing unnecessary additional data sets

  • effective procedures will be in place so that relevant systems are updated when information about an individual change.

 If a breach of data security is suspected or occurs the trustees/Data Protection Officer should be notified immediately.

Subject Access Requests

Any individual who wants to exercise their right to receive a copy of their personal data can do so by making a Subject Access Request, (‘SAR’) to the Blewbury Players – blewburyplayers@gmail.com. The request must be made in writing and the individual must satisfy the Blewbury Players of their identity before receiving access to any information.

A SAR must be answered within 40 calendar days of receipt by the charity.

Collecting and using personal data

Our legal basis for processing this data is our legitimate interest as an Amateur Dramatic Group. We use the data for the communication of information and the organisation of events and collect it in a variety of ways

 The Blewbury Players will:

  • not use any of the personal data it collects in ways that have unjustified adverse effects on the individuals concerned

  • be transparent about how it intends to use the data and give individuals appropriate privacy notices when collecting their personal data

  • handle people’s personal data only in ways they would reasonably expect

  • not do anything unlawful with the data.

  • not post photographs on social websites without permission; we have safeguarding responsibilities

  • advise audience members not to take photographs or make recordings

 Keeping Data Secure 

The Charity will take all appropriate measures to prevent unauthorised or unlawful processing of personal data and to protect personal data against loss, damage or destruction.  This means that:

  • This information will be recorded in our Players database, which is stored on a secure personal computer and/or a locked filing cabinet

  • Email addresses will be used in a group mailing list, blind-copied and used solely for the legitimate interests described above.

  • We shall only use GDPR compliant online software services e.g. Ticket Tailor for the purpose of selling tickets.

 Retention of personal data

The Charity will not keep personal data for longer than is necessary.

More information:

Full information about the Data Protection Act, its principles and definitions can be found at www.ico.gov.uk
Authorised by Resolution by the Trustees
Date:  May 2021 (Revised)
Effective Date of the Policy: May 28th 2021
Effective Date for Review: June 1st 2022