Privacy Policy

Who We Are

The Weston Festival of Music & Drama (the “Festival” or “WFMD”) website, www.wfmd.org.uk, is owned and operated by the Festival Committee. Any questions relating to this privacy policy or exercising your rights under GDPR (General Data Protection Regulation) should be directed to the Festival Data Controller using the email address entries@wfmd.org.uk

What information do we collect via this website?

We may collect and process the following data about you:

  • Contact Data includes name and email address.
  • Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  • Usage Data includes information about how you use our website.
  • Festival Entry Data includes name, address, email address, telephone number(s), teacher/parent status, entrant name(s) and entrant age(s) .
  • Festival Membership Data includes name, telephone number, address and email address.

Please note that we do not collect ANY payment information. Any payments made for either Festival entry or Membership are processed on, and by, Paypal’s secure servers.

How is this data collected?

  • Contact Data This data is provided by you when you fill out the contact form or send us an email directly.
  • Technical Data and Usage Data This data is collected by automated technologies and is currently limited to the use of Cookies (see below details) and server logs.
  • Festival Entry Data This data is provided by you upon submitting a successful entry or entries to the Festival.
  • Festival Membership Data This data is provided by you upon submitting a successful application for Festival Memership.

How do we use this information?

  • Contact Data This data is used to allow us to communicate with you. The legal basis for collecting and processing this Data is consent which is provided by you at the time of sending us a message. You may assert your rights under the GDPR legislation and remove this consent at any time by contacting the Data Controller with your request.
  • Technical Data and Usage Data This data is used to analyse usage of the website and services in order to monitor and improve the website and its services, and to prevent malicious activity (please see the Cookies section for more details). The legal basis for collecting and processing this data is our legitimate interests.
  • Festival Entry Data This data is used to administer and organise the preparation and running of the Festival and delivery of Festival results. The legal basis for collecting and processing this data is consent which is given at the time of Festival entry submission. You may assert your rights under the GDPR legislation and remove your consent at any time by contacting the Data Controller with your request. Please note that removal of consent for storing and processing Festival Entry Data will result in your entry/entries being removed from the Festival programme as we cannot administer your entries without processing the data.
  • Festival Membership Data This data is used to allow us to communicate with you and administer your Membership. The legal basis for collecting and processing this data is consent which is provided by you at the time of submitting your application for Festival Membership. You may assert your rights under the GDPR legislation and remove this consent at any time by contacting the Data Controller with your request. Please note that removal of consent for storing and processing Festival Membership Data will result in your membership being cancelled as we cannot administer your membership without processing the data.

We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.

In addition to the specific purposes for which we may process your personal data set out in this section, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

Disclosure of Personal Information

We will only share your personal data with third parties where we are legally obliged to or for administration or operational reasons (e.g. abiding by photo consent) with a venue where we are holding an event or approved partner (e.g. official Festival photographer) with the following exceptions:

  • Names of Class winners will be published on the website and may also be published in local news outlets or future Festival literature
  • Names of Entrants will be published in the Festival Programme which will be published on the website and freely available to anybody attending the Festival

Data retention

  • Contact Data This data, namely your name and email address, is stored as part of the email communications between yourself and the Festival or its Committee members until such time as it is deemed no longer necessary or you withdraw your consent for storing and processing the data under the GDPR.
  • Technical Data and Usage Data Data collected by Cookies is subject to our Cookie policy (see below). Currently we do not run any analytics or other technologies designed to measure website metrics and usage.
  • Festival Entry Data This data is stored for a maximum of 5 years after the date of submission. The retention is to enable us to respond to historical queries, track Festival entry trends in order to improve the quality and delivery of the Festival, and to allow accurate accounting. As this data is processed under the legal basis of consent, you may exercise your right to withdraw consent at any time.
  • Festival Membership Data This data is retained until such time as you cancel your Membership. After cancellation, any data related to your Membership will be anonymised so it can be used for tracking Membership statistics but will no longer contain any personal information.

Data Access

As part of the GDPR, you have the right to request access to the personal data we hold (commonly known as a “data subject access request”). You will not have to pay a fee to access your personal data. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.

We aim to complete your request within one month. However, in some cases it may take longer than that, in which case we will contact you and keep you informed of the progress.

Incomplete data or requesting changes

Another of your GDPR rights is the right to have inaccurate personal data rectified, or completed if it is incomplete. Please contact the Data Controller with details and we will be happy to amend or update your information.

Right to be forgotten

You have the right (under GDPR) to request the removal and deletion of personal data we hold in relation to you. Please be aware that this is not an absolute right and only applies in specific circumstances. If you request personal data deletion we will act upon your request within one month. Our response will either be to delete the data or to refuse the request, in which case the reason(s) for refusal will be clearly identified.

Please read the ICO guidance for more information.

If you consider that our processing of your personal information infringes data protection laws, or that our response to a request made by you under GDPR legislation was not satisfactory, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

Cookies

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies, and as such, cookies must be regarded as personal data.

We use cookies:

  • to identify you when you visit our website and as you navigate our website
  • to help us to analyse the use and performance of our website and services
  • as an element of the security measures used to protect user accounts, including preventing fraudulent use of login credentials, and to protect our website and services generally
  • to store your preferences in relation to the use of cookies more generally
Managing Cookies

Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:

Blocking all cookies will have a negative impact upon the usability of many websites.
If you block cookies, you will not be able to use all the features on our website