KDC takes data protection and privacy very seriously. This statement explains how we process and use the personal data we collect about our volunteers, participants and other service users and stakeholders, and the people on our email mailing list.
We are committed to protecting your personal information and being transparent about what information we hold. The following statement sets out how we use your contact information to keep in touch with you, in order to keep you apprised of our activities and developments.
Personal data we hold
We may hold information relating to you from a number of sources. A significant proportion of the information we hold is provided to us by you – for example, you may give us information by filling in a registration form for one of our workshop activities, or you may subscribe to our mailing list using our website contact form.
These records contain:
• your contact details (and we update these whenever you let us know that they have changed)
• details of your interactions with KDC including your attendance at workshops and events
• personal data provided by you for specific purposes (e.g. access requirements for workshops and performances)
• your communication preferences, to help us provide tailored and relevant communications
We do not record, supplement, search for or automatically process any information not provided to us by you (we do not, for example, use your address information for financial screening).
How your data is used
The data we hold is used to communicate our services and to let participants, mailing list members and other stakeholders know about our activities. We use contact information in order to:
• let people know about upcoming performances, workshops and other events (these invitations may be tailored to previous participants and audience members)
• conduct surveys and opinion polls about our work
• let stakeholders know about the progress of our activities
• send occasional appeals and requests for donations
• send you details of volunteering opportunities
• invite you to events
• administer current projects (eg keeping registers and records of attendance)
• manage internal record keeping, including the management of any feedback or complaints
We do not send details of our mailing list to any third parties. We do not sell your personal data to third parties under any circumstances, or permit third parties to sell on the data we have shared with them.
We may be required to send information about workshop participants to our funders and project partners (including address information where funding is restricted by location). If we are required to share personal information as a condition of contract, this will always be clearly indicated at the point of data collection and any third parties involved specified by name.
We do not transfer data outside the European Economic Area.
If you have concerns or queries about any of these purposes, or how we communicate with you, please contact email@example.com.
We will always respect a request by you to stop processing your personal data. To request a copy of the data we hold on you, or to request us to restrict or stop processing your data, please contact firstname.lastname@example.org.
How we protect your data
All personal information stored by us is kept on password-protected computers in accessible only to staff in an office kept locked overnight. Only KDC employees, and approved freelance project staff who need the information to perform a specific job, are granted access to personally identifiable information.
Regular security reviews are held by us to ensure that the site remains safe and secure for your protection.
To read our full Data Protection Policy and procedures, please contact email@example.com.
We will not keep personal data for longer than necessary for the purpose or purposes for which it was collected.
– participant contact information will be retained for a period of two years to allow monitoring and reporting. Participants who wish to remain in touch after this time will be directed to join our mailing list.
– in order to comply with our Public Liability Insurance policy and our company Health and Safety policy, medical information will be retained for a period of six years and then securely deleted.
– audience feedback will be retained indefinitely or until a request is received to cease use, for use in company publicity and for monitoring and evaluation purposes. Anonymised feedback will be retained indefinitely.
– our mailing list will be regularly checked and cleaned to ensure contact data is up to date. Mailing list recipients who have not opened an email or reconfirmed subscription in the past two years will be periodically cleaned.
– financial information from contractors will be retained in order to comply with accounting and tax law (currently this period is seven years).
We will from time to time review the length of time we keep personal data for the above purposes.
When data is no longer required it will be securely deleted.
If you have any other questions concerning how we retain your data, please contact firstname.lastname@example.org.