Bonsall Arts Trail Data Protection and Confidentiality Policy
1. Data Protection
Bonsall Arts Trail needs to process certain types of personal data about the data subjects who come into contact with it in order to carry out its work. This personal data must be collected and managed with appropriately regardless of format (which can include on paper, digitally computer, or recorded using other media) in accordance with the EU’s General Data Protection Regulation (GDPR).
Bonsall Arts Trail regards the lawful, fair and transparent treatment of personal data as very important to maintaining the confidence of all stakeholders and artists we work with. Bonsall Arts Trail intends to ensure that personal information is treated lawfully and correctly.
Therefore, Bonsall Arts Trail will adhere to GDPR principles of data protection. These require that personal data is:
(1) processed lawfully, fairly and in a transparent manner in relation to individuals
(2) only collected for purposes that are made explicit, are specific and legitimate.
Data from individuals will not be processed further in any way that is incompatible with these purposes. However, Bonsall Arts Trail regard further processing for the purposes of
(i) archiving in the public interest
(ii) statistical purposes
Are not incompatible with the initial purposes
(3) Only personal data will be collected that is sufficient and limited to what is necessary in relation to the purposes for which it is processed
(4) Bonsall Arts Trail will ensure to the best of its ability that data stored in relation to the purposes for which it is processed will be accurate and, contemporaneous. Bonsall Arts Trail will take every reasonable care to that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay
5) Data will be stored in a form which permits identification of data subjects a period of time that is necessary for the purposes for which the personal data are processed. However, personal data may be stored for longer periods if processed only for archiving purposes in the public interest, or statistical purposes. This is subject to implementation of the appropriate technical and organisational measures designed to safeguard the rights and freedoms of individuals, as required by the GDPR
6) Article 5(2) of the GDPF requires that ‘the controller shall be responsible for, and be able to demonstrate, compliance with the principles’. Therefore, personal data will only be processed in a manner that protects security and against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.