Protecting your personal data
Canolfan Gerdd William Mathias (CGWM) is committed to protecting your privacy and ensuring all of your personal information is safe and secure keeping within data protection and GDPR legislation.
If you do not agree with this policy, please log off and clear your browser of any cookies which may have been placed in your browser by our site in the interim.
The Types of Data We Process
We may process the following kind of data:
- Personal data you provide to us – you may submit personal data to us through our website (e.g. when you subscribe to our email list or register for an activity), or when you contact us or ask us to contact you via email, post, telephone or in person. This data may include things like your / your child or dependant’s
- email address
- telephone number(s)
- date of birth
- postal address
- details on a CV
- any other information you feel necessary to share with us to ensure the best care of you / your child / your dependant whilst participating in our activities.
- Data relating to any discussions or transactions carried out between you and us.
- Photographing and Filming: We will make you aware if photographs or filming is taking place at an event / activity we are organising which you are attending. We will ask for consent from parents / guardians before photographing / filming any child participating or attending our events and explain how the images / film will be used.
- Technical / statistical information about the type of device you use to visit our website and how you use it, what sites you have visited prior to our site (e.g. if you came to our site through a search engine or via a link from another site), data about the computer being used (eg. IP address), where you are, the type of browser you’re using, how long you use our website and the pages you viewed. This information is generally considered to be anonymous.
- Any other data you send to us.
Data you share with us may be stored on our:
- Email systems
- Website servers
- Cloud based storage
- Password protected computers
- Hard copies stored securely
We will never sell your personal data to third parties. We do use selected third party organisations in order to store, process and analyse data. These include our marketing email service, cloud storage, card payment processing company, website analytics, website server and email accounts. We take steps to ensure that these third party companies comply with data protection and GDPR laws.
Cookies & Google Analytics
A cookie consists of information sent by a web server to a web browser, and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
We use both “session” cookies and “persistent” cookies on the website. We will use the session cookies to: keep track of you whilst you navigate the website. We will use the persistent cookies to: enable our website to recognise you when you visit.
Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date.
Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third party cookies. For example, in Internet Explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector. Blocking all cookies will, however, have a negative impact upon the usability of many websites, including this one.
Linking to Third-Party Websites
Linking to our Festivals Websites
We will give you an opportunity to opt-in to receive emails about our latest news and events. These emails are currently sent using a third party provider MailChimp. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our emails. For more information, please see MailChimp’s Privacy Notice. You can unsubscribe at any time by clicking the ‘unsubscribe’ link at the bottom of these emails or by contacting our office.
Using Personal Data
With respect to the EU’s GDPR, we process personal data on the basis of:
- Consent: the individual has given clear consent for us to process their personal data for a specific purpose.
- Contract: the processing is necessary for a contract we have with the individual, or because they have asked us to take specific steps before entering into a contract.
- Legal obligation: the processing is necessary for us to comply with the law.
- Vital Interest: the processing is necessary to protect someone’s life.
- Public Task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
- Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
- to the extent that we are required to do so by the laws of England and Wales and the EU’s GDPR;
- in connection with any legal proceedings or prospective legal proceedings;
- in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
International Data Transfers
Depending on the nature of your enquiry and relationship with us, personal information that you provide to us may be processed in the UK and or in locations outside the UK and EU in order to deliver our service to you.
We take reasonable technical and procedural precautions to prevent the loss, misuse or inadvertent alteration of your personal data, both digital and hard copies.
Key Rights according to GDPR
Under GDPR you are entitled to view the personal information that we hold on you. You can submit a Subject Access Request to us in relation to your rights above by contacting us using the contact details below. We comply with these requests within one month (unless there are mitigating circumstances e.g. legal reasons not to.)
Giving and Withdrawing your Consent to be Contacted:
In certain circumstances, we may need to have your consent to process your data.
- We may ask for your consent, for example, when you fill in one of our contact forms and you provide your consent by ticking the box on the form.
- We also keep a record of your consent until we no longer need to. You can withdraw your consent at any time by contacting us using the contact details below.
Updating and Deleting your Personal Data:
You should instruct us to correct or update any personal information we hold about you e.g. if you change your name or address for instance.
You may instruct us to delete any and all information we hold about you at any time. We will do this in compliance with the applicable laws of England and Wales and or EU laws and regulations i.e. GDPR.
Please note that we have a legal obligation to retain certain types of customer information for certain time periods e.g. for accounting purposes.
We will only keep information on file for as long as it is needed with respect to the services you have enquired about and or that we have agreed to provide you, or to meet a legal requirement.
You can instruct us to update or delete your personal data at any time by contacting us using the contact details below.
Finding out More About Your Rights under GDPR and the Right to Lodge a Complaint
You can find out more about your rights according to GDPR and how to lodge a complaint by visiting the Information Commissioner’s website (UK).
Changes to this Policy
You should check this page occasionally to ensure you are happy with any changes. If you have any questions about this policy, please contact us as soon as possible and we will endeavour to answer your question as quickly and clearly as we can.
Meinir Llwyd Roberts (Director, Canolfan Gerdd William Mathias)
This policy was updated August 2018