The General Data Protection Regulation (GDPR) provides protection of the personal data of all UK and EU citizens and replaces previous Data Protection legislation as of May 2018. Definitions and descriptions of the GDPR can be found using the links to Resources below.
We collect information during your sessions on our websites for a number of reasons but if you are not actually logged in to one of our sites then the information relates only to the "session" that you are in and will not include any personal data. We do not collect information on behalf of other organisations or directly from other organisations.
Definitions and descriptions of the GDPR can be found using the links to Resources below.
You have the right to find out what personal information we are holding about you and the right to have that information "forgotten" (erased).
You can request either of these actions by contacting the Data Controller, however, that will require you to prove that you either are the person in question or are acting as their authorised agent.
The onus of that proof actually lies with you, the Data Controller is not required to seek further information in order to prove your identity (Art. 15-22) and in the event that your identity cannot be proved then the Data Controller is exempt from taking these actions (Art. 11, 12(2)).
Our obligations include collecting only such data as is required by our business, processing and using that data only in ways that are required, being transparent about what is stored and how it is processed, protecting all stored personal data, reporting any breaches into, or thefts of, that data to the relevant authorities and those affected and responding to information and removal requests as appropriate.
Personal information is not held in plain text, csv, word, pdf or excel files.
Databases are held on-line on a virtual private server at Heart Internet. Databases use mySQL.
Backups are held only as required on servers at Heart Internet.
You have the right to request a report on what information we are storing about you and what the uses of that information are. To request such information, please contact the Data Controller (see notes under "Your Rights"). We are obliged to respond within one month of receiving an authorised request.
If we are storing personal information about you then you have the right to be forgotten by our websites. Entries which fall into this category will include anything with an associated email address, physical address or personal information such as date of birth from which an individual may be identified. The IP address you access our services from would not normally fall into this category if stored in isolation as most access is from dynamic IPs.
Note that Information relating to your appearance in, or association with, a show or event in our database would not normally be considered "personal information" as it originally appeared in the public domain and falls into the GDPR exception of "archiving purposes in the public interest, scientific research historical research or statistical purposes". Our information is gathered from promotional materials for shows and does not relate to personal information (such as gender, date of birth, address etc.). Indeed, as Equity rules on names do not apply in general, the use of a name such as "John Smith" could apply to any number of people as we do not tag the names with further information.
None the less, the right exists and will be honoured where appropriatee - we will require proof, as for personal information, that you have the authority to request the removal.