Fèisean nan Gàidheal Privacy Notice
Fèisean nan Gàidheal has always been careful in handling and protecting your data. We take your privacy seriously and will only use your personal information to provide services you request from us. All information will be handled in compliance with Fèisean nan Gàidheal’s data protection policy available here designed to comply with the General Data Protection Regulation (GDPR).
The Privacy Notice will become effective from 25 May 2018 and will be reviewed periodically. It describes the categories of personal data we process and for what purposes. We are committed to collecting and using such data fairly and in accordance with the requirements of the GDPR.
1.1 We take your privacy seriously and you can find out more here about your privacy rights and how we gather, use and share your personal information – that includes the personal information we already hold about you now and the further personal information we might collect about you. How we use your personal information will depend on the services we provide to you.
1.2 Our Data Protection Officer (DPO) provides help and guidance to make sure we apply the best standards to protecting your personal information. Our DPO can be reached by email email@example.com or by post at Data Protection Officer, Meall House, Portree, Isle of Skye IV51 9BZ, if you have any questions about how we use your personal information.
1.3 We are committed to maintaining the trust and confidence of our visitors to our website. In particular, we want you to know Fèisean nan Gàidheal is not in the business of selling, renting or trading email lists with other companies and businesses for marketing purposes.
1.4 This Privacy Notice provides up to date information about how we use your personal information and will update any previous information we have given you about using your personal information (also referred to as personal data). We will update this Privacy Notice if we make any significant changes affecting how we use your personal information, and if so we will contact you to let you know about the change.
2 About us
2.1 Fèisean nan Gàidheal is a company limited by guarantee, registered number SC130071. It is a Scottish Charity, number SC002040. We are what is known as the ‘controller’ of personal information we gather and use. When we say ‘we’ or ‘us’ in this Privacy Notice, we mean Fèisean nan Gàidheal and our subsidiary company, Blas Festival Ltd, both headquartered at Meall House, Portree Isle of Skye IV51 9BZ.
- All offices and officers of Fèisean nan Gàidheal
- Fèisean nan Gàidheal’s Board of Trustees and the Board of Blas Festival Ltd
- Consultants and self-employed administrators contracted by Fèisean nan Gàidheal and/or Blas Festival Ltd
2.2 Where individual Fèisean are registered with the Office of the Information Commissioner, Fèisean nan Gàidheal’s registration will not apply to them, except in the case of joint data. Member Fèisean, not already registered as data controllers, may adopt or adapt this notice for their own purposes.
3 Your privacy rights
3.1 You have the right to object to how we use your personal information. You also have the right to see what personal information we hold about you. In addition, you can ask us to correct inaccuracies, delete or restrict personal information or to ask for some of your personal information to be provided to someone else.
To make enquires for further information about exercising any of your rights in this Privacy Notice please contact our DPO by post at Fèisean nan Gàidheal, Meall House, Portree, Isle of Skye IV51 9BZ or by email firstname.lastname@example.org.
3.2 You can also make a complaint to the data protection supervisory authority, the Information Commissioner’s Office.
4 How we gather your personal information
We may obtain personal information:
- directly from you, for example when you fill out a job or grant application form;
- through agreeing to a contract of employment or engagement
- through forms consenting to you, or a family member, taking part in activities we organise;
- through email correspondence;
- publicly available on a website;
- through marketing information and questionnaires
- through surveys you may complete for us
- through social media
- through box office systems if you purchase tickets for events
- if you apply for a disclosure check
5 What kinds of personal information we use
5.1 We use a variety of personal information depending on the relationship you have with Fèisean nan Gàidheal. For example, you may be a Fèis organiser, Fèis committee member, tutor, musician, grant applicant, contractor, employee, trustee, journalist, representative of a funding body or a politician who has an interest in how public money is spent.
5.2 Sometimes we ask for personal information required to enter into a contract with you or to meet a legal obligation (such as employment legislation), without which we would not be able to do so. If you are applying for a post or undergoing a disclosure check, we may need to use your name, address, date of birth, contact details, information to allow us to check your identity, status and qualifications. Personal data relating to employees may be collected primarily for the purposes of:
- recruitment, promotion, training, redeployment, and/or career development
- administration and payment of wages and sick pay
- calculation of certain benefits including pensions
- disciplinary or performance management purposes
- performance review
- recording of communication with employees and their representatives
- compliance with legislation
- provision of references to financial institutions, to facilitate entry onto educational courses and/or to assist future potential employers; and educational courses and/or to assist future potential employers.
In some cases we might need additional information, for example regarding:
- Medical needs or additional support needs to enable participation
- Child protection information to meet legal obligations to protect vulnerable groups.
5.3 Where specific monitoring systems are in place, for example in relation to public funds, we may be required to gather information on ethnic origin and nationality. This data will always be anonymised.
6 How we use your personal information
6.1 Depending on the relationship you have with us, we need to gather, use and share additional personal information for specific purposes, which are set out in more detail below.
- To operate and administer our services;
- To administer payments to and from you;
- To comply with our legal obligations;
- To support our vulnerable groups;
- To market events and services to you from us or our partners.
6.2 We use a third-party provider, MailChimp, to deliver our newsletter and a small number of marketing emails regarding Fèis and Blas events each year. Please see MailChimp’s privacy notice here. You can unsubscribe from those mailings automatically at any time by clicking the unsubscribe link at the bottom of marketing emails or by emailing our data protection officer. Please be assured that we do not rent or trade email lists with other organisations and businesses.
6.3 When you purchase a ticket/s for Blas Festival events, the Box Office or online system records your name, address data, email and contact number which is stored. You may, of course, purchase a ticket (or tickets) in person without supplying the aforementioned personal data. Many of the events at Blas Festival are presented in partnership with other artistic organisations and promoters and we need to share information with them about your booking to enable you to collect your ticket/s at an event they are running in collaboration with us.
Please be assured that we do not share your personal details with any other companies and will add details gathered from our ticket selling activities to our central database, unless you advise us that you do not wish your information to be added, but you will be able to unsubscribe at any time from any future mailing.
7 Our legal basis for using your personal information
7.1 We only use your personal information where that is permitted by the laws that protect your privacy rights. We only use personal information where:
- we have your consent (if consent is needed);
- we need to use the information to comply with our legal obligations;
- we need to use the information to perform a contract with you; and/or
- it is fair to use the personal information either in our interests or someone else’s interests, where there is no disadvantage to you – this can include where it is in our interests to contact you about events or services, market to you, or collaborate with others to improve our services.
Where we have your consent, you have the right to withdraw it unless we have an overriding legal reason for retaining it, e.g. employment records.
7.2 Special protection is given to certain kinds of personal information that is particularly sensitive. This is information about your health status, racial or ethnic origin, political views, religious or similar beliefs, sex life or sexual orientation, genetic or biometric identifiers, trade union membership or criminal convictions or allegations. We will only use this kind of personal information where:
- we have a legal obligation to do so (for example to protect vulnerable people);
- it is necessary for us to do so to protect your vital interests (for example if you have a severe and immediate medical need whilst on our premises, participating in our events);
- it is in the substantial public interest;
- it is necessary for the prevention or detection of crime;
- it is necessary for insurance purposes; or
- you have specifically given us explicit consent to use the information.
8 Sharing your personal information with or getting your personal information from others
8.1 We will only share personal information within our organisation and only where we need to do that to make services available to you, market events and services to you, meet or enforce a legal obligation or where it is fair and reasonable for us to do so. We will only share your personal information to the extent needed for those purposes.
8.2 Who we share your personal information with depends on your relationship with us and the purposes for which we use your personal information.
8.3 Most of the time the personal information we have about you is information you have given to us, or gathered by us in the course of providing services to you. We do not share personal information to third parties.
9 How long we keep your personal information for
How long we keep your personal information for depends on your relationship with us. We will never retain your personal information for any longer than is necessary. We generally follow the retention periods recommended by the Information Commissioner detailed in our Data Protection Policy available on our website.
10 How we will communicate with you
10.1 We may communicate with you about the services we are delivering using any contact details you have given us – for example by post, email, text message, social media, and notifications on our website.
10.2 Where you have given us consent to receive information updates, newsletter mailings, event mailings, you can withdraw consent at any time.