Hebridean Celtic Festival - Website Privacy Notice
1. Identity and Contact Details
This privacy notice details how we use information collected by our website hebceltfest.com. It was approved on 23 May 2018, and will be reviewed regularly.
These sites are managed in accordance with the relevant data protection legislation in the UK. The data controller is Hebridean Celtic Festival Trust of PO Box 9909, Stornoway, Isle of Lewis, HS2 9DW.
You can contact our privacy officer at the address above or by emailing office@hebceltfest.com.
2. The Data
Whilst you use our website we may collect information that is personally identifiable. The table below describes the information we collect and why we do so.
Information Collected | Purpose | Legal basis |
---|---|---|
|
|
Legitimate interests |
|
|
Consent |
|
|
Necessary for contract |
Please note that this list only applies to your use of our website. If you interact with us in other ways, then additional privacy notices detailing other information and purposes will also apply.
3. Data Sharing
We may share your information with other companies in line with the purposes listed above. In all cases, we have contracts and agreements in place to ensure that your information is protected and is not used for any other purpose than those listed above. Companies that we share information with are:
- Companies involved with the design, hosting and maintenance of the website and our email and IT systems
- Companies providing us with marketing services
- Companies involved in fulfilling your order
4. International Transfer
Some information is stored and processed outside of the EEA. Specifically, we hold data in cloud-based information and accounting systems which may store data in the USA (Dropbox, Xero)
Where information is transferred outside of the EEA, we ensure that appropriate safeguards are in place to protect your information to the same or an equivalent level as would be found in UK and EU data protection legislation. The safeguards we use are:
- Ensuring the country is the subject of an EU adequacy decision; or
- Ensuring the company is a member of an adequate. Legally-binding scheme such as EU-US Privacy Shield; or
- Ensuring the contract includes ICO-approved model contract clauses; or
- Ensuring the organisation is subject to ICO-approved binding corporate rules or an ICO-approved code of conduct.
5. Retention
In accord with relevant data protection legislation, we will not retain your information for longer than is necessary for the purposes listed above and to deal with any complaint or dispute you may have. If you require further information about our information retention policies, please contact us.
6. Your rights
Under UK and EU data protection legislation, you have a number of rights with respect to your information. These include:
- The right to be informed about the information we hold about you
- The right of access to the information we hold about you
- The right to have any errors rectified
- The right to withdraw consent (where consent is the basis of processing)
- The right to object to processing
If you have any questions about the information we hold, how we use it or how to exercise these rights, please contact us using the contact details above or contact your account manager if you have one. You can also use the opt-out facilities provided in our marketing emails and in the settings on our website to change your preferences and consents at any time.
7. Complaints
If you have any cause for complaint about the way we care for your information, please do contact us and we will do our best to resolve the situation for you. You also have the right to complain directly to the Information Commissioner’s Office. You can find details of how to contact them here: https://ico.org.uk/concerns/ or by calling their helpline on 0303 123 1113.