top of page

Tilford Bach Society – Data Protection Policy

1. Introduction and scope

1.1 This is the Data Protection Policy of Tilford Bach Society – Registered charity number 230601 – also known as Tilford Bach Festival (hereinafter “TBF”).

1.2 TBF is committed to collecting, storing and using personal data in accordance with the General Data Protection Regulations (GDPR) and other relevant legislation.  This policy applies to data relating to individuals held by TBF, including subscribers to our mailing list (“subscribers”), contractors, volunteers, musicians and artistes, donors, audiences and potential audiences.

 

1.3 This policy applies to all those handling personal data on behalf of TBF, including Trustees of TBF, volunteers, members and contractors.

 

1.4 This policy applies to all personal data that TBF holds relating to individuals, which may include names, email addresses, addresses, telephone numbers, photographs, booking and financial information, and access requirements.

 

1.5 This policy uses three key definitions to describe people mentioned in this policy. These are definitions used by the Information Commissioner’s Office (ICO), the UK’s independent body that upholds rights in personal data (www.ico.org.uk):

 

1.5.1 ‘Data controller’: this is TBF. TBF determines why and how personal data is used, retained and destroyed as described in this policy.

1.5.2 ‘Data processor’: this is a person or organisation which processes personal data on behalf of TBF.

1.5.3 ‘Data subject’: this is the individual whose personal data is held by TBF.

2.Responsibilities

2.1 Overall and final responsibility for data protection sits with the Trustees.

2.2 Day to day responsibility for ensuring this policy is put into practice is delegated to the Chairman. After due consideration and in accordance with ICO guidance, TBF has decided not appointed a Data Protection Officer.

2.3 In addition to the Chairman, there are various Data Processors who process personal data in order to carry out the following activities: (i) website maintenance and development (ii) bookings and seat allocation (iii) payments (iv) membership and other contacts (v) accounts and financial (vi) social media and marketing. Every Data Processor has a responsibility to ensure that they adhere to this policy.

2.4 The Chairman is responsible for ensuring that the Data Processors (including any contractors) perform their duties in line with this policy.  Any questions relating to the collection or use of personal data should be directed to the Chairman at info@tilfordbachfestival.org.

3. Data Protection Principles

TBF will:

3.1 Fairly and lawfully process personal data in a transparent way. TBF will only collect data where it is lawful to do so and where it is necessary for the legitimate purposes of the organisation as set out below.

3.1.1 A subscriber’s name and contact details will be collected when they first sign up to buy a ticket or receive marketing information. Other data may also subsequently be collected, such as their payment history for membership fees and concert tickets.

3.1.2 The name and contact details of volunteers and contractors will be collected when they take up a position, and will be used to contact them regarding administration related to their role. 

3.1.3 An individual’s name and contact details will be collected when they make a booking for an event. This will be used to contact them about their booking, to allow them entry to the event, and to enable us to collect GiftAid on the value of their purchase where the individual is willing for us to do so.

3.1.4 An Individual’s image and likeness may be captured in photographs for promotional purposes on the TBF website and social media accounts where it would not be necessary, appropriate or practicable to obtain specific consent from each individual featured (for example, we may seek specific consent for prominent or impactful uses, but typically not for group shots or background inclusion). We will only use photographs of children identifiable close up if we have explicit parental consent.

3.2 Only collect and use personal data for specific, explicit and legitimate purposes and will only use the data for those specified purposes.

 

3.3 Ensure any personal data collected is relevant and not excessive. 

 

TBF will not collect or store more personal data than the minimum information required for its intended purpose.

 

3.4 Ensure personal data is accurate and up-to-date. 

 

Any individual will be able to update their personal data at any point by contacting us via info@tilfordbachfestival.com.

 

3.5 Ensure personal data is not kept longer than necessary. 

 

TBF will keep personal data for no longer than is necessary in order to meet the intended use for which it was gathered (unless there is a legal requirement to keep it for longer).  The storage and intended use of personal data will be reviewed in line with TBF data retention policy: see Section 8 ‘Data retention and disposal’ below. When the intended use is no longer applicable, the personal data will be amended or deleted accordingly. 

 

3.6 Keep personal data secure.

3.6.1 Electronically-held personal data will be held within a password-protected and secure environment. 

3.6.2  Access to personal data will only be given to trustees, Committee members, contractors or others where it is clearly necessary for the activities of TBF.  

3.7 Review and revise this policy as necessary and at least annually.

4. Individual Rights

4.1 When TBF collects, holds and uses an individual’s personal data that individual has the following the rights over their data. TBF will ensure its data processes comply with those rights.

4.1.1 Right to be informed: whenever TBF collects personal data it will provide a clear and specific statement explaining why it is being collected and how it will be used: see Section 6 ‘How we get consent’.

4.1.2 Right of access: individuals can request to see the personal data TBF holds on them and confirmation of how it is being used. Requests should be made in writing to the Chairman at tilfordbachfestival@outlook.com and will be complied with free of charge.

4.1.3 Right to rectification: individuals can request that their personal data be updated where it is inaccurate or incomplete. 

4.1.4 Right to object: individuals can object to their personal data being used for a particular purpose by contacting the Chairman at info@tilfordbachfestival.org. Where a request to stop using personal data is received TBF will comply unless it has a lawful reason to keep and use the data for its legitimate interests or to fulfil a contractual obligation.

4.1.5 Right to erasure: individuals can request that all personal data held on them by TBF is deleted by contacting us via tilfordbachfestival@outlook.com. If a request for deletion is made TBF will comply with the request unless there is a lawful reason to keep and use the data for its legitimate interests or to fulfil a contractual obligation, or there is a legal requirement to keep the data.

4.2 Though unlikely to apply to the personal data processed by TBF, TBF will also ensure that rights related to portability and automated decision making (including profiling) are complied with where applicable.

5. Third parties

TBF will never sell personal data or allow third parties to use personal data for their own purposes. 

 

6. How we get consent

 

6.1 TBF only retains personal data for the purpose expressed.

 

6.2 Regular marketing communications will only be sent to subscribers who choose to join our mailing list.   Subscribers can withdraw their consent via an ‘unsubscribe’ link included in marketing emails.

 

7. Web site and cookies

 

7.1 TBF uses cookies on its website. The data protection statement for the website is set out in the schedule to this policy.

8. Data retention and disposal

8.1 TBF is continuously reviewing the currency of its personal data.  The personal data of members is subject to on-going review by the Data Processors in carrying out the day to day activities of TBF.  In the event of any issues or anomalies, checks and corrective action are performed promptly.

 

8.2 TBF stores personal data in digital documents (e.g. spreadsheets) held on personal devices owned by the Chairman and Data Processors.  Digital personal data is also stored by third party online services. 

 

8.3 The Chairman and Data Processors are all aware of the need for up to date and adequate anti-virus and firewall protection.  The Chairman shall ensure that there are adequate data back-up and disaster recovery processes in place for each Data Processor.

 

8.4 Personal data stored digitally will be deleted and erased from all the devices on which it is stored when appropriate.  

 

8.5 TBF is permitted or required by statute to retain personal data for specific purposes.  For example (i) Gift Aid declarations records (ii) details of payments made and received (e.g. bank statements and accounting records) (iii) minutes of Trustee meetings (iv) contracts and agreements with contractors and others (v) insurance details (vi) tax and employment records.  Where deleting personal data would mean deleting other data that TBF has a valid lawful reason to keep then the relevant personal data may be retained safely and securely but not used.

 

8.6 The following criteria will be used to make decisions about which data to keep and which to delete:

 

8.6.1 Is the data stored securely?   If not, update the storage protocol in line with the Data Protection policy.

8.6.2 Does the original reason for having the data still apply?   If so, continue to use it;  if not, delete or remove the data.

8.6.3 Is the data being used for its original intention?   If so, continue to use it;  if not, either delete/remove or record the lawful basis for use and get consent if necessary.

8.6.4 Is there a statutory requirement to keep the data?   If so, keep the data at least until the statutory minimum no longer applies;  if not, delete or remove the data unless we have reason to keep the data under other criteria.

 

8.6.5 Is the data accurate?   If not, ask the subject to confirm/update details.

8.6.6 Where appropriate - do we have consent to use the data?   This consent could be implied by previous use and engagement by the individual.   If not, get consent.

Data Protection: Website

We use cookies on this website. Some cookies are essential for the correct operation of the website. For other types of cookies, we need your permission. Analytical data obtained by the cookies will not identify you personally.

 

We will collect personal data on this website only if it is directly provided to us by you, the user, e.g. your name, email address and telephone number, and therefore has been provided by you with your consent. Normally you will only provide such details if you enquire with us using our contact form or make a purchase.

 

We also use analytical and statistical tools that monitor details of your visits to our website and the resources that you access, including, but not limited to traffic data, location data, weblogs and other communication data (but this data will not identify you personally).

 

The analytical data is obtained by placing Cookies on your viewing device. A Cookie is a small file of letters and numbers which we store in your browser or the hard drive of your computer (with your agreement). These Cookies may be necessary for the function of the website or they may be for website analytics or for marketing purposes.

 

The law states that we can store cookies on your device if they are strictly necessary for the operation of this website. For all other types of cookies we need your permission.

 

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.

All our online payments are processed by Square.   We do not have access to any of the credit card information or other financial details you enter when making a purchase, however we do receive a summary of the items you purchase so that we can complete the order.   To view the how Square processes your data on our behalf please visit – Square

 

For additional general information, including how to control and disable cookies, please visit - https://cookiesandyou.com

 

Last Reviewed: 20 March 2026

Next Review: 1 March 2027

bottom of page