We are committed to protecting and respecting your privacy. In addition, we have legal obligations to use your personal data in line with applicable laws, including the General Data Protection Regulation, the Data Protection Act 2018 and any successor legislation (“Data Protection Legislation”).
Please read the following carefully so you can understand:
Pestival CIC (“Pestival”) is a Community Interest Company limited by guarantee (company number 10356668). Pestival’s registered office is 1 Alfred Place, London WC1E 7EB
Within the context of this privacy statement, “we” means Pestival.
Pestival is a data controller in relation to the collection and processing of your personal data.
We don’t, and promise not to, sell or swap any details that our supporters provide to us to or with any other organisation for their own purposes.
Please read this privacy statement to understand how we use your personal data.
We may collect and process the following data about you.
You may give us information about yourself by signing up for emails, entering competitions, engaging in our social media channels.
The information you give us may include your name, address, email address, phone number and, where you work for an organisation, the name and address and other details of that organisation.
Depending on your use, settings and the privacy policies for social media sites such as Facebook, Twitter, Instagram or LinkedIn, we may obtain information from those services for example if you publicly tag us in a photo, leave a comment, or request that we send you further information. To change your settings on these services, please refer to their privacy policies which will tell you how to do this.
We use information held about you in the following ways:
To invite you to events or to request your support for particular campaigns that we are running.
We do not usually collect “special categories of personal data” (such as information about health, political affiliations, race or ethnic origin) about our supporters and others with whom we work. We will only do so where there is a clear reason for obtaining this information.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We need a lawful basis for collecting and processing all personal data we receive from you. The law allows us to do this in a number of different ways. Below we list those that are the ones that we rely on when collecting personal data.
We will always ask for explicit consent to send our supporters marketing and fundraising communications by email, SMS text and contacting you via social media. We will also ask for your consent to be contacted by phone. You can always withdraw your consent to being contacted or you can change the communication channels we refer to above at any time.
When we use your personal data under the legitimate interest basis we will always consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal data in ways that are not unduly intrusive or unfair. If your personal data is being processed under the legitimate interest ground and you do not wish us to continue to do this you have the right to object under this lawful basis. If so, please contact us.
We never intentionally share, sell or exchange information about our supporters or other individuals with whom we engage with other organisations for their own marketing purposes.
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). This is because our mailing list service provider is Mailchimp and their servers are US based. All data transfer occurs over SSL protected domains.
The storage and protection of your personal data is managed by Mailchimp. They are one of the most well-known mail service providers in the world and have a strong record of protecting user data.
You have the right to be told how your personal data will be used. This privacy statement and other statements that we use in our communications with you, are intended to be a clear and transparent description of how your information may be used.
You have the right to obtain confirmation that your personal data is being processed, access to your personal data and certain other information about how we capture and process your data.
You have the right to request that we correct and update factually inaccurate information that we may hold about you or complete it if it is incomplete.
You have the right to request that your information be deleted from our systems and databases.
The right is not an absolute one and only applies in certain circumstances as follows:
You have the right to request that we restrict the processing of your personal data in the following circumstances:
You have the absolute right to stop the processing of your personal data in the following circumstances:
You have the right to object to automated decisions where we are using your personal data in a computerised model or algorithm to make decisions “that have a legal effect on you” or where they are profiling you, for example for wealth screening purposes.
You have the right to data portability. This means that you can obtain and reuse your personal data for your own purposes across different services. It has been designed to allow citizens to copy or transfer their information from one IT environment to another e.g. from one banking service to another, or utility provider to another.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your personal data are available in our document and record retention and destruction procedures. You can request that we send you extracts relevant to your query if you contact us.
Any changes we may make to our privacy statement in the future will be posted on this page and, where appropriate, notified to you by email or post. Please check back frequently to see any updates or changes to our privacy statement. Historic versions of our previous privacy statements can be obtained by writing to the Legal Department using the contact details above.
In the first instance, please talk to us directly so we can help resolve any problems or query. Our supporter care team can help if you are a supporter. Please see Contact Us. Alternatively, you can write to us using this email address firstname.lastname@example.org
You also have the right to contact the Information Commissioners Office (ICO) if you have any concerns about how your personal data has been handled. You can use the link above or call them on 0303 123 1113.