top of page

Privacy Policy

1. Introduction

​Riot Youth Arts Festival (hereinafter referred to as "the organisation") is committed to ensuring the protection and privacy of personal data collected, used, and processed in the course of its operations. This Data Protection Policy outlines the organisation's commitment to compliance with the UK Data Protection Act 2018 (DPA 2018), the General Data Protection Regulation (GDPR), and other relevant data protection laws.

2. Scope

This policy applies to all personal data processed by Riot Youth Arts Festival regardless of the format in which it is held. It covers data processing activities carried out by employees, contractors, volunteers, and any other individuals acting on behalf of the organisation.

3. Principles

The organisation is committed to upholding the following principles with regard to the processing of personal data:
​

  • Lawfulness, fairness, and transparency: Personal data shall be processed lawfully, fairly, and in a transparent manner.

  • Purpose limitation: Personal data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

  • Data minimization: Personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

  • Accuracy: Personal data shall be accurate and, where necessary, kept up to date.

  • Storage limitation: Personal data shall be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

  • Integrity and confidentiality: Personal data shall be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

4. Responsibilities

  • The Data Protection Officer (DPO), appointed by the organization, is responsible for overseeing compliance with data protection laws and policies, and for ensuring that personal data processing activities are conducted in accordance with this policy.

  • All employees, contractors, volunteers, and other individuals acting on behalf of the organization are responsible for familiarizing themselves with this policy and complying with its requirements.

5. Data Collection and Processing

  • Personal data shall only be collected for specified, explicit, and legitimate purposes.

  • Personal data shall be processed lawfully and in accordance with data subjects' rights.

  • Consent shall be obtained from data subjects before collecting and processing their personal data, where required by law.

  • The organization shall maintain accurate records of all personal data processing activities.

6. Data Security

  • The organisation shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

  • Access to personal data shall be restricted to authorized individuals on a need-to-know basis.

7. Data Subject Rights

  • Data subjects have the right to access, rectify, erase, restrict processing of, and port their personal data, subject to certain limitations and exceptions under applicable law.

  • Data subjects may exercise their rights by contacting the organisation's Data Protection Officer.

8. Data Breach Response

  • The organisation shall promptly investigate any suspected or actual data breaches and take appropriate steps to mitigate any adverse effects.

  • Data subjects shall be notified of any data breaches affecting their personal data without undue delay, where required by law.

9. Data Transfer

  • Personal data shall only be transferred to third parties or to countries outside the European Economic Area (EEA) where adequate safeguards are in place to ensure the protection of personal data.

10. Training and Awareness

  • The organisation shall provide regular training and awareness programs to employees, contractors, and volunteers on data protection laws, policies, and procedures.

11. Review and Revision

  • This Data Protection Policy shall be reviewed and, if necessary, revised on a regular basis to ensure its continued suitability, adequacy, and effectiveness.

12. Compliance

  • Non-compliance with this policy may result in disciplinary action, up to and including termination of employment or contract.

13. Contact Information

  • For questions or concerns regarding this Data Protection Policy or the organisation's data protection practices, please contact the Data Protection Officer at stamforddramaandmusic@gmail.com 

bottom of page