Our website address is: http://www.ewhurstplayers.com.
Current data protection regulations – GDPR
The Ewhurst Players are committed to taking all reasonable steps to ensure that we comply with the new EU data protection regulations and, as such, are required to inform you of your rights.
The EU GDPR describes how organisations must collect, store and handle personal data. There are a number of fundamental principles upon which the GDPR is based. These state that personal data should be:
collected and processed legally, fairly and the individual should be aware what data is collected, for how long and for what purpose;
collected only for the purpose specified and agreed and not used for any other purpose, with some exceptions, for example public interest;
“minimised”, i.e. no more data should be collected than is required to fulfil the purpose for which they were obtained;
accurate and kept up to date, completed and corrected;
not retained for longer than they are required, with some exceptions in public interest;
protected, through the appropriate systems and procedures, against unauthorised or unlawful processing or accidental loss, modification, destruction or damage;
not transferred to a country outside the EU-approved list of nations, unless the appropriate security and contractual clauses are in place.
The individual has a number of rights under the GDPR. These consist of:
The right to be informed that data is held, why, where and for how long; and of their rights
The right of access to their data
The right to rectification (correction, completion)
The right to erasure
The right to restrict processing of data
The right to data portability
The right to object to processing of their data
Rights in relation to automated decision making and profiling
These rights must be respected and responded to, through implementation of the appropriate systems and procedures.
Legal basis for holding your personal data
Members of the Ewhurst Players and subscribers to Ewhurst Players email updates, either directly via our website or via TicketSource, will have either completed a consent form on paper OR on the website and as such have opted in our updates by email. The lawful basis for holding your data for this purpose is therefore – Consent.
What personal data we collect and why we collect it
When visitors leave comments on the site, we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you leave a comment on our site, you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed. If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Personal contact details
We may collect your personal contact details – including but not limited to your name, email address, postal address and contact telephone numbers when you complete a membership for or subscribe to receiving email updates from us via the website
Who we share your data with
We do not share your data with any third parties for marketing purposes.
If you are subscribed to to the Ewhurst Players as a ‘Member’ then we will need to share your personal data with our automated box office ticket provider – TicketSource. The reason for this is to ensure that as a member, the details that TicketSource hold about you contain information to identify you as a paid-up member of the Ewhurst Players. The information that we will need to share with TicketSource includes but is not limited to your Name, email address and membership number.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
When you subscribe to receive information by email from the Ewhurst Players about future events / shows and box office information, your personal data will be kept until you decide to unsubscribe which you can do at anytime by clicking on the unsubscribe or manage subscription options at the bottom of each email we send to you. Once unsubscribed, we will stop sending you emails about the Ewhurst Players and your personal data will be deleted from the Ewhurst Players data base after a period of one year unless you decide to re-subscribe.
What rights you have over your data
If you have an account on this site, or are a Member of the Ewhurst Players, or have subscribed to our email list, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where is your data stored?
Your personal contact information of our members is stored on secure servers within the EEA and Google Drive.
Security and protection of your data
Our subscribers and members' personal contact information is stored on a secure cloud-based storage platform – Gdrive (Google Drive). Access to this data is limited to authorised personnel only (The Ewhurst Players Committee) and securely password protected. This data is not stored locally on any personal computer unless required temporarily. If it is necessary to store such data temporarily then any such files will be encrypted with password protection.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
What data breach procedures we have in place
We will take all reasonable steps to ensure the security of your data. In the event of an identified breach then we will report this to the ICO within the required period of time (72 hours). We will also contact all affected individuals to inform them that a breach may have occurred and exactly what if any of their personal data may have been compromised.
Who to contact
Subject access requests (SAR)
You have the right to see what personal data we hold about you (A Subject Access Request) To obtain a copy of the personal information we hold about you, please write to us by email at firstname.lastname@example.org and we will respond with the information within 30 days.
If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated. Please email email@example.com
If you are not satisfied with our response, or believe we are not processing your personal data in accordance with the law, you can complain to the UK Information Commissioner’s Office: https://ico.org.uk/