Privacy Policy

Bonsall Arts Trail Data Protection and Confidentiality
Policy

1. Data Protection

Bonsall Arts Trail needs to process certain types of
personal data about the data subjects who come into contact with it in order to
carry out its work. This personal data must be collected and managed with
appropriately regardless of format (which can include on paper, digitally computer,
or recorded using other media) in accordance with the EU’s General Data
Protection Regulation (GDPR).

Bonsall Arts Trail regards the lawful, fair and transparent
treatment of personal data as very important to maintaining the confidence of
all stakeholders and artists we work with. Bonsall Arts Trail intends to ensure
that personal information is treated lawfully and correctly.

Therefore, Bonsall Arts Trail will adhere to GDPR
principles of data protection. These require that personal data is:

 (1) processed
lawfully, fairly and in a transparent manner in relation to individuals

 (2) only collected
for purposes that are made explicit, are specific and legitimate.

Data from individuals will not be processed further in any
way that is incompatible with these purposes. 
However, Bonsall Arts Trail 
regard further processing for the purposes of

(i) archiving in the public interest

(ii) statistical purposes

Are not incompatible with the initial purposes

(3) Only personal data will be collected that is sufficient
and limited to what is necessary in relation to the purposes for which it is
processed

(4) Bonsall Arts Trail will ensure to the best of its
ability that data stored in relation to the purposes for which it is processed
will be accurate and, contemporaneous. 
Bonsall Arts Trail will take every reasonable care to that personal data
that are inaccurate, having regard to the purposes for which they are
processed, are erased or rectified without delay

5) Data will be stored in a form which permits identification
of data subjects a period of time that is necessary for the purposes for which
the personal data are processed. However, 
personal data may be stored for longer periods if processed only for
archiving purposes in the public interest, or statistical purposes. This is
subject to implementation of the appropriate technical and organisational
measures designed to safeguard the rights and freedoms of individuals, as required
by the GDPR

6) Article 5(2) of the GDPF requires that ‘the controller
shall be responsible for, and be able to demonstrate, compliance with the
principles’. Therefore, personal data will only be processed in a manner that protects
security and against unauthorised or unlawful processing and against accidental
loss, destruction or damage, using appropriate technical or organisational
measures.