Body & Soul
Privacy Policy

The short version…

 

We uphold the principles of GDPR in full.

We won’t spam you.

We’ll keep any personal data you give us secure.

We’ll only use it for the reasons we say we will.

We won’t share it with anybody that shouldn’t have it.

 

The long version…

Introduction

At Body & Soul privacy and data protection rights are very important to us. Any personal information which you give to us will be treated with the highest standards of security and confidentiality, and strictly in accordance with the Data Protection Acts, 1988 & 2003 and with General Data Protection Regulations which came into effect on 25 May 2018.

Purpose of this privacy policy

This privacy policy sets out how we use and protect any information that you, a valued Body & Soul stakeholder, give us. Stakeholders include artists, volunteers, suppliers, traders, therapists, performers; any and all applicants seeking to engage with the festival or associated events.

Body & Soul is committed to ensuring that your privacy is protected. Should we ask you to provide us with certain information by which you can be personally identified, then you can be assured that it will only be used in accordance with this privacy policy. We may change this policy from time to time by updating this page and you should check this page from time to time to ensure that you are happy with any changes

Who is collecting your information?

Body & Soul Event Creations Limited is the data controller for your personal data in most cases. However, you should be aware that…

• Your personal data may be collected on our behalf by other companies who act as our data processors, for example, ticketing agents and accreditation management. In these instances, Body & Soul Event Creations Limited is the data controller. The other companies have been carefully selected by Body & Soul Event Creations Limited to be GDPR compliant. These companies (including links to their own privacy policies) are:
  • Ticketbooth
  • Eventree (part of TheTicketSellers)
  • Google
  • Facebook
  • Twitter
  • Instagram
  • Mailchimp
  • Audience Tools (part of Intercom)
  • Formidable
• We may collect your personal data on behalf of other companies so that they can provide their service to you, for instance, ad delivery. In these instances, the other company is the data controller and Body & Soul Event Creations Limited is the data processor. We will process your personal data on their behalf and will handle it according to this privacy policy. These companies (including links to their own privacy policies) are:
  • AdRoll (part of NextRoll)
  • Google
  • Facebook
• As part of your dealings with us you may give your personal data to other companies which is needed for that company to provide their service to you and is not shared with us for example, financial information for retail products or services sold. In these instances the other company is both the data controller and the data processor. These companies (including links to their own privacy policies) are:
  • Stripe
  • Ticketbooth

Why is the information being collected?

• As a customer
  • You may be required to give us personal data that enables us to provide you with our services.
  • We may ask you to provide us with your personal data for promotional purposes, so that we can let you know when we have new products, discounts, special offers and competitions we think you’d be interested in.
• As a stakeholder or participant
  • You may be required to give us personal data that enables us to provide you with our services and coordinate our events with you.
  • You may be required to give us personal data that enables us to assess your proposal or suitability for a role.
  • You may be required to give us personal data that enables us to provide you with access to our events, for you and your staff.
  • You may be required to give us personal data that enables us to pay funds to you.
• In general
  • We may ask you to provide us with your personal data in order to keep you up to date with the latest news from us including any important information or alerts about upcoming events you have subscribed to or are involved in.
  • We may ask you to complete anonymous surveys for research and planning purposes allowing us to improve our products and services.
  • We may use your personal data in our internal records for legitimate interests such as organisation and planning. As Body & Soul is a publicly accessible event with a huge amount of logistics and planning required to ensure the enjoyment and safety of everybody present, statistical analysis of data we hold is both necessary and in the public interest.

What information is collected?

We may collect information about you that is personally identifiable. This may include:

• First and last name
• Contact information (such as email address, phone number and address)
• Demographic information (such as postcode, country, and year of birth)
• Financial Information (such as sort code and account number)

We may also collect information about you that is not personally identifiable. Any such information will be stored with your personal data and will be treated in the same way. This may include:

• Ticket purchase information
• Goods or services supplied by you to us, or by us to you.
• Preferences (such as your marketing preferences)
• Previous relationship with us

We may also collect audience data from you which is anonymous and will not be stored with your personally identifiable data. This may include:

• Website usage statistics
• Demographic groupings
• Survey responses

How is the information being collected?

We will only collect your personal data on an ‘informed choice’ and ‘explicit consent’ basis. This means…

• We will be very clear about the reasons why we are asking you to provide your personal data.
• We will only use your personal data for these reasons.
• We won’t collect personal data that is not necessary for these reasons.
• Where a reason for collecting your personal data is not a contractual reason (so that we can provide our services to each other) or for our legitimate interests, we will also ask for your consent to process it.
• We will not use tactics like pre-filled checkboxes to coerce your consent.

Who will the information be shared with?

Except as required to do so by law, your personal data will only be shared with the companies listed in ‘Who is collecting your information?’ and only for the purposes mentioned in ‘Why is the information being collected?’. Additionally, we will only share anonymous information with other entities.

How will the information be protected?

Except as required to do so by law, your personal data will only be shared with the companies listed in ‘Who is collecting your information?’ and only for the purposes mentioned in ‘Why is the information being collected?’. Additionally, we will only share anonymous information with other entities.

How will the information be protected?

The security of your personal data is of great importance to Body & Soul and so we have put in place robust physical, electronic and managerial procedures to safeguard and secure any personal data collected. In particular…

• We use secure protocols with our website so that your browser’s connection to our servers is encrypted. (Look for the padlock icon in the address bar)
• We use secure services to collect and store your personal data
• We use secure devices to access your personal data

There are some small steps you can take to help us protect your personal data…

• If a password is needed, don’t use the same one you use everywhere else, and keep it confidential.
• Keep your browser fresh with the latest updates from the developer, especially security patches.

What are your rights to the information?

Personal data that you give to us is still yours and you have certain rights to it. You should use our contact form if you want to contact us about these rights.

Right to withdraw

If you have previously given your consent you can change this preference at any time by using an unsubscribe link in an email or by contacting us.

• We will do this within one month of receiving your request.
• We may need to ask you to provide us with some verifying information to ensure accuracy.
• ‘Unsubscribe’ links in emails will be dealt with on the same day.

Right to portability

Where we collect your personal data for contractual reasons and reasons where you have given your consent, you can request a copy of the data that we hold and we will provide it to you in an easily reusable format.

• We will do this within one month of receiving your request.
• We may need to ask you to provide us with some verifying information to ensure accuracy.
• We will usually provide this as a Microsoft Excel spreadsheet

Right to erasure

Where we collect your personal data for contractual reasons, reasons where you have given your consent and for our legitimate interests, you can request that we delete the information we hold for you.

• We will do this within one month of receiving your request.
• We may need to ask you to provide us with some verifying information to ensure accuracy.
• Right of erasure does not apply where we have collected your personal data for contractual reasons and you still want us to fulfil the contract. For instance, if you have paid for goods or services from us and you still want us to supply those goods or services.

Right to object

You have a right to object to your personal data being processed. However…

• If you choose to exercise this right, we can no longer do anything with the data we hold for you and so we will delete it in line with your ‘Right to erasure’.

• Where we have collected your personal data for our legitimate interests, you may not have the right to object. If you want to object to your personal data being used for these purposes, you should contact us anyway so that we can discuss your position.

Changes of business ownership and control

We may, from time to time, expand or reduce our business and this may involve the sale or the transfer of all or part of Body & Soul.

• We may disclose data to a prospective purchaser.
• Only personal data relevant to the part of the business being transferred will be included.
• The new controller of your personal data will only be permitted to use it for the reasons you originally supplied it to us.

• We will take steps to ensure that your personal data remains secure and your privacy protected by the terms of this privacy policy.
• If we cannot ensure the continuing protection of your personal data, we will not include it with any sale or transfer