Access All Areas' Privacy Notice

Access All Areas is a registered Charitable Incorporated Organisation, based at Bradbury Studios, 138 Kingsland Road, London, E2 8DY.

This privacy statement confirms our commitment to process, store and look after your personal data carefully.

1.     Personal data

Personal data relates to a living person who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation.

2.     Data controller

Access All Areas’ board of trustees is the data controller. This means it decides how your personal data is controlled and for what purposes. The trustees delegate day-to-day responsibility for data control to the data protection officer (DPO), who is Access All Areas’ Operations Manager. The DPO can be contacted at the address above, on 0207 613 6445 or at hello@accessallareastheatre.org

3.     How do we process your personal data?

At Access All Areas, we are committed to protecting and respecting your personal data and to processing this data fairly and lawfully in accordance with the Data Protection Act 1998 and the General Data Protection Regulations 2018 (GDPR).

Access All Areas seeks to comply fully with its obligations under the GDPR by keeping personal data up-to-date; by storing it securely and, where appropriate, destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We use personal data for the following purposes:

a)    To contact supporters and other interested parties about Access All Areas performances, activities and other events, including fundraising opportunities (though our mailing list or by direct contact, where consent has been given)

b)    Participant records

  • to contact individuals - and, where appropriate, their families/carers – about Access All Areas activities they are taking part in. We may also let them know about other Access All Areas activities if they have given consent for this. All information contained within these records is kept with the consent of the individual concerned, and may include name, address, phone number, e-mail address and any specific needs e.g. access needs.
  • To keep our participants and staff safe – e.g. by recording safeguarding incidents/concerns and creating risk assessments for high risk individuals

c)     To manage employees, freelance members of staff and volunteers

d)    To maintain our financial accounts and records (including the processing of Gift Aid)

e)    Governing bodies – to provide contact details of our trustees to relevant bodies, including the Charity Commission and Companies House

f)      Funders – to provide monitoring information to funders. Usually this will be anonymised; in the case of using a participant’s name (e.g. a case study), consent will be sought and pseudonyms used where appropriate.

4.     What is the legal basis for processing your personal data?

All personal data in Access All Areas’ possession will be processed according to one of the following lawful bases:

a) Legitimate interest – where processing is necessary for carrying out obligations under employment, social security or social protection law

b) Vital interest – where processing is essential to safeguard individuals (such as high risk participants of our activities)

c) Where Access All Areas has received explicit, free consent to use the data

5.     Sharing personal data

We will not normally share personal data with anyone else, but may do so where:

  • There is an issue with a participant or other individual that puts the safety of our staff or that individual at risk
  • We need to liaise with other agencies – we will seek consent as necessary before doing this
  • Our suppliers or contractors need data to enable us to provide services – for example, IT companies. When doing this, we will:
    • Only appoint suppliers or contractors which can provide sufficient guarantees that they comply with data protection law
    • Establish a data sharing agreement with the supplier or contractor, either in the contract or as a standalone agreement, to ensure the fair and lawful processing of any personal data we share
    • Only share data that the supplier or contractor needs to carry out their service, and information necessary to keep them safe while working with us

We will also share personal data with law enforcement and government bodies where we are legally required to do so, including for:

  •          The prevention or detection of crime and/or fraud
  •          The apprehension or prosecution of offenders
  •          The assessment or collection of tax owed to HMRC
  •          In connection with legal proceedings
  •          Where the disclosure is required to fulfil our safeguarding obligations
  •          Research and statistical purposes, as long as personal data is sufficiently anonymised or consent has been provided

We may also share personal data with emergency services and local authorities to help them to respond to an emergency situation that affects any of our participants or staff.

Where we transfer personal data to a country or territory outside the European Economic Area, we will do so in accordance with data protection law.

6.     How long do we keep data?

We retain data on the following basis:

Record type: Retention Period

Participant records: 3 years after last contact

Mailing list contact details: 2 years after last contact

Photographs and videos of Access All Areas performances and events: Indefinitely

Insurance records: Indefinitely

Safeguarding records: Indefinitely, or until advised by the relevant authorities

Complaints (non-safeguarding): 3 years after resolution of complaint (unless further action is anticipated)

Employee records: As required by insurance, currently 30 years

Gift Aid declarations and paperwork: 6 years after the calendar year to which it relates

7.     Your rights and your personal data

Unless subject to an exemption under GDPR, you have the following rights with respect to your personal data:

a)    The right to request a copy of the personal data which Access All Areas holds about you (a Subject Access Request or “SAR”)

b)    The right to request that Access All Areas corrects any personal data if it is found to be inaccurate or out-of-date

c)     The right to request your personal data is erased where it is no longer necessary for Access All Areas to retain such data

d)    The right to withdraw your consent to the processing of your data at any time

e)    The right to request that the data controller provides you with your personal data and, where possible, to transmit that data directly to another data controller

f)      The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing

g)    The right to object to the processing of personal data

h)    The right to lodge a complaint with the Information Commissioners Office

8.     Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice, explaining this new use, prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

9.     Cookies

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. For further information visit www.aboutcookies.org or www.allaboutcookies.org. You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.

10.  Other websites

Access All Areas’ website sometimes contains links to other websites. This privacy policy only applies to our own website, so when you link to other websites you should read their own privacy policies.

11.  Changes to our privacy policy

We keep our privacy policy under regular review and we will place any updates on this web page. This privacy policy was last updated on 20 May 2018.

12.  How to contact us

Please contact us if you have any questions about our privacy policy or information we hold about you.

You can e-mail us at hello@accessallareastheatre.org, call us on 0207 613 6445, or write to: Operations Manager, Access All Areas Bradbury Studios, 138 Kingsland Road, E2 8DY

You can contact the Information Commissioners Office on 0303 123 1113 or via e-mail at https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF