Scottish Youth Theatre (SYT) is committed to the protection and correct use of the personal data of anyone who is involved with us, including participants, their parents or carers, staff, freelancers, donors and volunteers. We make it our utmost priority to meet the standards and stipulations previously set out in the Data Protection Act and those in the General Data Protection Regulation (GDPR), which is effective from 25 May 2018.
We strive to only collect data that is absolutely necessary and store it securely for an appropriate amount of time. We will not contact you with marketing material unless you have explicitly asked to receive updates. At anytime you can request to have your details erased or amended.
This notice provides general information about what data we collect, why we collect it, how long for and how it is used and stored.
If you require more information on GDPR then please visit ICO’s website www.ICO.org.uk
WHO IS COLLECTING YOUR DATA?
Scottish Youth Theatre collects your data through the following methods:
• Online registration forms, sign-ups, ticket purchases, CVs and covering letters
• Hard copy or electronic copy of a registration form, CV or application letter
WHAT DATA IS BEING COLLECTED AND WHY?
We only collect data which is required for the lawful purposes of administering the business of SYT. These purposes are:
• Child protection
• Provision of the correct type of theatre activity for the participant
• Provide legal consent
• Funding applications and reports
• Staff administration including payroll
• Advertising, marketing and public relations (if consent granted)
WHAT TYPES OF PERSONAL DATA DO WE COLLECT?
We process personal information to enable us to support the provision of theatre activity for children and young people, maintain our own accounts and records, promote our activity and to support and manage our employees. We also process personal information about staff who deliver our services.
The types of personal information we use include:
• Personal details such as names, addresses, telephone numbers, age
• Emergency contact details
• Employment details, for example for those that work for us either directly or are employed by us to provide a service
• Financial details, where we provide or take payment for services
• Visual images for use in marketing and PR
• Responses to surveys, where individuals have responded to marketing questions
We also process sensitive information that may include:
• Medical information or additional needs
• Employment tribunal applications, complaints, accidents, and incident details
HOW WE USE INFORMATION ABOUT YOU?
• To ensure activity is planned and delivered to meet participants’ needs
• To contact you with important information
• To review the activity provided to ensure it is of the highest possible standard
• To report to our funders on our activity
• To maintain health and safety for staff and participants
• To process incoming payments for activity or outgoing payment for work, services or refunds
IS DATA SHARED WITH ANY THIRD PARTIES?
Data is only used by the members of SYT staff who need to process it or use it to lead activity safely and correctly.
If permission is granted then we may share images or film footage of participants with press or funders.
Employee details are shared with Cahill Jack who process our payroll.
There are a number of reasons why we share information. This can be due to:
• Our obligations to comply with current legislation
• Our duty to comply with a Court Order
• You have consented to disclosure
HOW LONG IS YOUR DATA STORED?
• Participant data is kept for 2 years after their last attendance
• Job applications and records are kept in a secure file for 6 months
• Marketing databases will be refreshed every 3 years
• If consent is provided, then images and videos will be kept for an indefinite amount of time for Marketing and PR purposes
All data is kept in a secure place – digital or hard copy.
We will not use information that identifies you unless there is a lawful reason to do so.
All appropriate staff will receive training to ensure they maintain the standards set out in data protection and GDPR.
We have a Data Officer (Caroline Cosgrove) to ensure high standards of security are maintained.
In the unlikely event of a data breach – we will report the incident to ICO within 72 hours.
WHAT RIGHTS DO YOU HAVE WITH REGARDS TO YOUR PERSONLA DATA?
Under GDPR, every individual has the right to:
• Erasure – also known as the right to be forgotten
• Have inaccurate personal data rectified or completed if it is incomplete
• Prevent their data from being processed for marketing purposes
You can make a request in writing or in person and we will get back to you within 1 month to confirm your request has been addressed.
If you have any questions or feedback on how we manage your data then please get in touch in the following ways
• by email email@example.com
• by phone 0141 552 3988
• by letter. Send to Scottish Youth Theatre, The Old Sheriff Court, 105 Brunswick St, Glasgow, G1 1TF
If you wish to complain about the way we have used your data then you are advised to get in touch with us in the first instance. If you are unsatisfied with how we have responded, then you can report it to the ICO (Information Commissioner's Office).