We take our responsibilities seriously and don’t want to cheese anyone off.
When you buy a ticket from us, we have to collect some data from you in order to be able to administer the ticket. This includes name, email and address. This information is stored on the server used by our ticketing system (Ticket Tailor). They have assured us that they are GDPR compliant. We also receive an email notification that you have bought a ticket from us and this will be retained on our Yahoo mail server. We will retain these emails for 3 years after the festival you bought a ticket for i.e. if you buy a ticket for the 2018 festival we will delete the email from Ticket Tailor after the 2021 festival. This allows us to resolve any disputes that may arise about ticket sales. We will not delete the information from the Ticket tailor website as this allows us to do data analysis on where people come from to the festivals. If we download this data for the current festival, we will retain all information in the download but will password protect the file. If we download this data from the Ticket Tailor website for older years we will remove any identifiers from this data such as name, address or emails but may keep postcodes. We will use this data for our own analysis and will not pass it on to any third parties.
After June 2018, anyone who had previously asking to receive our brochure will have their records retained until they tell us to remove them. This can be done using our unsubscription form online.
We are now asking everyone when they buy a ticket if they would like to be added to our postal mailing list. This email newsletter list has been gathered over the years from a mixture of requests via our GDPR-friendly Mailchimp subscription form, via our submissions form, by email or in person at shows or exhibitions. Obvs if you find you are receiving unwanted newsletters at any point, just unsubscribe. The data on our e-newsletter list will be retained until someone unsubscribes.
We use Mailchimp for our newsletter and brochure mailing lists. Mailchimp have assured users that they are giving a GDPR compliant service. We have to believe them.
Data sent in on our submissions form will be retained for 5 years after submitting a film, unless you request otherwise. So if you submit a film for the 2018 festival we will keep your submission email until the end of the 2023 festival. This is because we often contact film makers in subsequent years as we did not have a slot for your film in the year you sent in the film. By submitting your film to the festival we assume that you want it to be considered for screening, therefore we do our best to screen as many films as we can. This means we need to retain film submission information for a few years to try and achieve this aim. If we screen your film then we need to keep your film submission data on file. This is because it acts as a record of you submitting your film to us.
Film submissions come to us in the form of an email via our online form. The above policy applies to the emails that we receive from this form and does not mean that the data has been removed from our database on the web server. If you wish for all records to be removed, let us know and we will do this (though it’s a bit more techy and less straightforward so please only ask us this if you really really need to change your identity / are on the run etc and need these details to be erased forever).
We use Yahoo for our email which means our emails are probably stored on a server in the USA. All we can do about this for now is tell you about this fact and explain that this means emails and submission form entries are possibly stored in the US. As the dust settles from the GDPR scramble, we’ll look further into this and its implications and whether we should be moving to an EU-based email service.
If you email us about being a volunteer, we will keep your email and contact details for 5 years after the festival that you were applying for i.e. if you applied to volunteer at the 2018 festival then we will keep your records until the end of the 2023 festival. This allows us to contact you to offer you another volunteer role in subsequent years.
Our website is hosted by TSOhost and they have details of their own GDPR compliance. Please note that the server we use is based in Slough (no jokes please). The server logs they store contain ip addresses, which are seen as “personal data” by the GDPR gods – particularly static ip adresses. As these are used for security purposes on the server, it falls under Article 6.1 of the GDPR legislation which states that it is legal to process personal data if “processing is necessary for the purposes of the legitimate interests pursued by the controller”. Therefore we do not need your permission for this use of your ip address but we do want to be completely transparent about it.
Any questions about all this, please contact us.