Data Protection Policy for Cork Vegfest
Data Protection Policy for Cork Vegfest
At Cork Vegfest privacy and data protection rights are very important to us. We will not collect any personal information about you without your clear permission. Any personal information which you volunteer to Cork Vegfest will be treated with the highest standards of security and confidentiality, and strictly in accordance with the Data Protection Acts, 1988 & 2003 and with General Data Protection Regulations which came into effect on 25 May 2018.
Data Protection is the safeguarding of the privacy rights of individuals in relation to the processing of personal data, in both paper and electronic form. The Data Protection Acts 1988 and 2003 (the “Data Protection Acts”) lay down strict rules about the way in which personal data and sensitive personal data are collected, accessed, used and disclosed.
This document outlines Cork Vegfest’s policy to help ensure that we comply with the Data Protection Acts.
Inquiries about this Data Protection Policy should be made to: General Manager/Data Protection Officer, Cork Vegfest – firstname.lastname@example.org
Purpose of this policy
This policy is a statement of Cork Vegfest’s commitment to protect the rights and privacy of individuals in accordance with the Data Protection Acts (1988) and (2003) and the General Data Protection Regulations.
We collect your information as a means of contacting you, a valued Cork Vegfest stakeholder, in the lead up to and during Cork Vegfest and ancillary events hosted by Cork Vegfest throughout the year. Stakeholders include volunteers, suppliers, exhibitors, speakers and performers; any and all applicants seeking to engage with the festival or associated events. We retain the right to contact all stakeholders in relation to future events or related opportunities with Cork Vegfest and associated events. All information provided to us is treated in the strictest confidence and is not made available to any third parties. We have outlined below the variety of ways in which data is collected and stored on our stakeholders, why we collect it, who has access to it and our retention policy for each area.
Data Protection Principles
Cork Vegfest is firmly committed to ensuring personal privacy and compliance with the Data Protection Acts, including the provision of best practice guidelines and procedures in relation to all aspects of Data Protection. We shall perform our responsibilities under the Data Protection Acts in accordance with the following Data Protection principles:
- Obtain and process information fairly – We shall obtain and process personal data fairly and in accordance with statutory and other legal obligations.
- Keep it only for one or more specified, explicit and lawful purposes – We shall keep personal data for purposes that are specific, lawful and clearly stated. Personal data will only be processed in a manner compatible with these purposes as defined above.
- Use and disclose only in ways compatible with these purposes – We shall use and disclose personal data only in circumstances that are necessary for the purposes for which we collected the data.
- Keep it safe and secure – We shall take appropriate security measures against unauthorized access to, or alteration, disclosure or destruction of personal data and against its accidental loss or destruction.
- Keep it accurate, complete and up-to-date – We adopt procedures that ensure high levels of data accuracy, completeness and that data is up-to-date.
- Ensure it is adequate, relevant and not excessive – We shall only hold personal data to the extent that it is adequate, relevant and not excessive.
- Retain for no longer than is necessary – We have a retention policy for personal data.
- Access Requests – We will respond to requests for records within one month of receiving the request.
Cork Vegfest’s Filing Systems
Cork Vegfest uses Google Drive as its electronic filing system. Google Drive facilitates access to documents and files only in situations where they have been specifically shared with an individual. It is our operational policy that files are only shared with the team members who need to access the information to carry out their duties. Data is deleted as per our retention policies which are outlined in each area below.
Google Drive is a secure platform for file storage and is GDPR compliant – https://cloud.google.com/security/gdpr
Cork Vegfest retains minimal information in hard copy format which is stored in the General Manager’s office. We retain accounting documents (invoices and related paperwork) as per Revenue Guidelines.
Mailchimp / Customer Mailing Lists
We store data (customer name and email addresses) on our Mailchimp for customers who have explicitly given their consent to us to contact them with marketing information and festival updates on Cork Vegfest and related events. Subscribers either consent to marketing communications when they purchase their ticket (via an opt in tick box) or they opt in directly via our website newsletter sign up form. We retain this information until a customer decides to opt out of receiving the communications. The Marketing Team have access to this information.
We do not share this information with third parties.
Eventbrite is Cork Vegfest’s Ticketing service and used to sell tickets to Cork Vegfest and related events. Information stored on Eventbrite includes customer names, addresses, emails and billing information. Cork Vegfest collects this information so that we can verify customer orders and issue them tickets to the festival and provide them with relevant information that they require in advance of coming to the festival. Customers provide the information as part of the purchasing process. We retain this information on file via Eventbrite. The Event Coordinator and Ticketing Administrator have access to this information.
We do not share this information with third parties.
We use Google Drive to create application forms for volunteers, speakers and performers and exhibitors for the festival. The information is needed to process the selection of talks and worker roles for the festival and to communicate with them about their duties should they be selected. This information is entered directly by applicants.
The information is accessible by the Event Organizer, Exhibitors Manager and Steward Coordinator and the relevant team members who are involved in the selection process. The applicants themselves can access the forms which they have completed.
Should we have an external third party involved in the review process, the information of shortlisted applicants is shared with them too.
Applications are retained for 26 months after obtaining the information and then deleted.
Google Drive services used by Cork Vegfest are GDPR compliant – https://cloud.google.com/security/gdpr
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. We use the information to track performance of our website and to calculate the amount of resources we need to deliver the site to our users. This data is generated by the requests made when visitors to our site click on different pages. Our retention policy for this data is set to a default of 14 months. This allows us to compare easily performance from year to previous year.
The information is accessible by the Event Coordinator, and to the Web and Marketing team. This data is available to the technical support to the Web and Marketing team. This is a requirement to ensure the site remains functional under the heavy load experienced during the festival peak periods.
Guest Details for Tickets
We collate information on guests (name and contact email address) so that we can issue guests with tickets for Cork Vegfest. Information is obtained directly from the stakeholders by the relevant Cork Vegfest team member who have requested the information so as to action the production of guest tickets.
Data collected in spreadsheet format is retained for 6 months after obtaining the information. Guest data is is transferred to Eventbrite and remains on Eventbrite after the event.
This information is not shared with third parties.
We request specific information from our stewards when they agree to volunteer for Cork Vegfe. This information includes name, address, contact phone number, next of kin details. This information is required for contract purposes. Information is obtained directly from the steward by Google Drive form. This information is passed on to the Steward Coordinator.
This information is retained on file as part of our HR filing procedures.
Overall responsibility for ensuring compliance with Data Protection Acts rests with Cork Vegfest. All employees and contractors of Cork Vegfest who separately collect, control or process the content and use of personal data are individually responsible for compliance with the Data Protection Acts. Cork Vegfest’s Data Protection Officer coordinates the provision of support, assistance, advice and training within Cork Vegfest to ensure that the company is in a position to comply with the legislation.
We will inform the DPC of any breaches on Cork Vegfest’s behalf within 72 hours.
This Data Protection Policy will be reviewed regularly in light of any legislative or other relevant developments.
This Data Protection policy is available on the Cork Vegfest website.