tiata fahodzi Limited
privacy notice May 2018
your personal data:
We have updated our privacy notice as of May 2018 and this verifies our compliance with GDPR.
what we need
tiata fahodzi will be what’s known as the ‘Controller’ of the personal data you provide to us.
We only collect information that’s necessary to carry out our business or to deliver our charitable objectives. The more ways you engage with tiata fahodzi as an organisation, the more data we might require in order to provide the necessary services required. There are occasions where you can choose to not provide us with the information we require.
The information we may collect from you is as follows:
- Prefix and full name
- Email address
- Postal address including region
- Phone number
- Date of birth
- Access requirements
- Dietary requirements
- Contact preferences
- Equal opportunities data
- Data you submit as part of an application
This is not an exhaustive list and we may retain different types of information for different individuals based on the service we are providing.
why we need it
We need to know your basic personal data in order to provide you with services and/or information which relates to you being involved with tiata fahodzi.
For example we may use your data to administer:
- Your employment
- Feedback based on your application / submission
- Relevant information about tiata fahodzi
- Arts Council statistical information about people we engage with
- Tickets for you, for events
We will not collect any personal data from you that we do not need, in order to provide and oversee this service to you.
the lawful basis under which we process the data:
- Contract: it’s necessary to enter into or deliver a contract (for example, we need your address to send you a ticket, or we hold employee data so that we can pay you)
- *Consent: with your explicit permission through a check box system when collecting the data
- Legal obligation: the processing is necessary to comply with the law
- Legitimate interests: processing is necessary for legitimate interests i.e. informing an audience member about a new similar event
* tiata fahodzi understands that consent must be freely given, specific, informed and unambiguous. There must be a positive opt-in – consent cannot be inferred from silence, pre-ticked boxes or inactivity. It must also be separate from other terms and conditions, and we need to have simple ways for people to withdraw consent.
what we do with it
All the personal data we process is processed by core staff in the UK however for the purposes of IT hosting and maintenance this information may be located on servers outside of the European Union.
Specifically, we use these reputable service providers, with high levels of data protection systems in place:
- MailChimp administers our opt-in mailing list
- JustGiving administers our supporters donations
how do we protect your data?
tiata fahodzi is committed to protecting the personal information you entrust to us. We adopt robust and appropriate technologies and policies, so the information we have about you is protected from unauthorised access and improper use.
No 3rd parties have access to your personal data unless the law allows them to do so. We do not share or sell your data.
We have a data protection regime in place to oversee the effective and secure processing of your personal data.
how long we keep it
We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it may be destroyed, subject to the marketing purposes shown in the section below.
what we would also like to do with it
Your information that we retain to use for our own marketing purposes, will be kept with us until you notify us that you no longer wish to receive this information.
This information is not shared with third parties and you can unsubscribe at any time via our the unsubscribe link on our email bulletins, which will direct you to MailChimp’s website which will in turn unsubscribe you from all of our lists and databases.
what are your rights?
If at any point you believe the information we process on you is incorrect, or you wish to see it, you can request to see this information and even have it corrected or deleted.
If you wish to raise a complaint on how we have handled your personal data, you can contact our Executive Director Kirsten Burrows who will investigate the matter and refer it to the tiata fahodzi Chair of Trustees.
If you are not satisfied with our response or believe we are processing your personal data otherwise than in accordance with the law you can complain to the Information Commissioner’s Office (ICO).
tiata fahodzi has checked our procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format.
The GDPR includes the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to object
The matters above will be dealt with through the Privacy Notice once this is confirmed.
subject access requests
tiata fahodzi acknowledges that we need to check our procedures to work out how we would react if someone asks to have their personal data deleted, for example. Would our systems help to locate and delete the data? Who will make the decisions about deletion?
We would need:
- to provide the personal data in a structured commonly used and machine readable form
- to provide the information free of charge (we reserve the right to charge an administration fee of £5)
- to comply within a month
We understand that we can refuse or charge for requests that are manifestly unfounded or excessive. If we refuse a request, we must tell the individual why and that they have the right to complain to the supervisory authority and the right to a judicial remedy. We must do this without undue delay and at the latest, within one month.
Where our website contains links to other websites and other organisations, whether charities or otherwise; inclusion of a link to another website does not imply endorsement of its content or opinions, your relationship and any transactions with other organisations through their websites or otherwise are your own responsibility.
MailChimp is used by many organisations and although we can remove you from our mailing list on their servers you may also be associated to them or another organisation using their system, therefore to remove your details totally from their online system please contact MailChimp directly.
We do not deal directly with children’s personal data, other than supplied by their parents with permission.
On a project-by-project basis tiata fahodzi considers whether we need to put systems in place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity.
tiata fahodzi ensures that we have the right procedures in place to detect, report and investigate a personal data breach.
Suspected data breach instances are dealt with by the Executive Director in liaison with the Chair of Trustees who in turn discussed with all trustees on a case by case basis.
Data Protection Officers
Our data processing is not at a level or risk that we should have to nominate a Data Protection Officer – day to day compliance is dealt with by the Executive Director, Kirsten Burrows
tiata fahodzi operates within the UK only.
If you have questions in relation to the data we hold or how it is used, you can get in touch with us in the following ways:
Kirsten Burrows, Executive Director
tiata fahodzi Ltd
The Barn, 1 Watford House Lane,
Watford WD17 1BJ