Fable Workshop Privacy Notice
Fable Workshop is committed to protecting your personal information and being transparent about the information we hold, whether you are a collaborator, audience member, job applicant, customer, website visitor, or a participant in one of our workshops.
The purpose of this policy is to provide a clear explanation about how Fable Workshop collect, hold process and store your information and the measures we have in place to keep it safe and secure, whether it is collected or provided online, by phone, email, in person, by letter or through social media.
Contacting Fable Workshop
For the purpose of the GDPR (General Data Protection Regulation, 2018) the data controller is Fable Workshop LTD, trading name Fable Workshop, and we are a Registered Limited Company in England. If you want to know what information we hold about you or if you have any other queries in relation to this Privacy Notice, our contact details are as follows:
2. Personal Information
Fable Workshop collects, holds and processes personal data from our employees, collaborators, applicants, workshop participants, customers and audience members.
When we say personal data or personal information, we mean the details that you may provide about yourself and any information which identifies you, such as your name, address, email address, telephone number, country of residence or any photographs.
We do hold some sensitive information when there is a clear reason for doing so, for example if you participate in our workshops, we may need to know about your health. Certain funders may require us to collect information about gender, ethnicity, religious beliefs, socio-economic background or sexuality, which we will also collect anonymously from job applicants. We will keep this information securely in password protected locations, only accessible to relevant staff members. We only retain this information for as long as required to report on our work to our funders, before destroying/deleting. While holding this information, we will also anonymise it wherever possible
3. Collecting your Information
We may collect personal information about you when you ask about our activities, register and participate in workshops or events, make a donation, volunteer for us, sign up for our newsletter, contact us online, by phone or in writing or collaborate with us on any of our productions or projects.
Most of the personal information we hold is provided directly from the person themselves, but some data could be provided by third parties such as fellow collaborators, referees, workshop leaders or managers or partner venues.
We will occasionally share personal data with other organisations where it is of legitimate interest, such as sharing production contact lists with venues hosting our shows or attendee lists for venues hosting Fable Workshop events.
Third party services may also collect information on our behalf such as Just Giving, Big Give (for processing donations), Eventbrite (for administering events), Ticket Tailor and Paypal for purchases made. These companies will also have their own privacy statements.
Fable Workshop have social media accounts on Facebook, Instagram, Twitter, Spotify, YouTube. Depending on your settings or the privacy policies for these sites, by connecting with us on any of these channels you might give us permission to access your information on those accounts or services.
4. How we use your information
We will only use your information for the following purposes:
To provide you with information about our online content or activity that you have agreed to receive.
For marketing purposes where you have specifically consented to receive marketing communications from us.
For recruitment purposes.
To produce and facilitate touring theatre productions and workshops with host venues and co-producers.
For fundraising purposes.
To process online payments and set up direct debits.
To communicate with participants of our events and workshops about event details.
For internal record keeping.
To invite you to participate in surveys or research.
To develop aggregated data for analysis and reporting to funders.
To analyse and improve the activities and content offered.
Additional information for job applicants, employees and collaborators:
If you apply for a role with Fable Workshop, we will hold the personal information you provide to process your application and we may undertake monitoring of recruitment statistics as required by employment and data protection law.
If we want to disclose information to a third party, for example where we want to take a reference up or obtain “disclosure” from the Disclosure and Barring Service, we will not do so without asking you beforehand, unless the disclosure is required by law.
If you apply to work with us we’ll only hold your data for the purposes of that application. We won’t hold your personal information for any longer than is necessary for the purposes of that application, unless you give us permission to do so.
5. Security Measures
We take the security of your data seriously. All digital personal information has appropriate technical controls in place to protect your data; any sensitive information is kept encrypted or password protected locations and personal information is deleted when no longer required for the original purpose.
Hard copies of personal information are stored in locked locations with access limited to relevant staff only.
Our network is protected and routinely monitored. We regularly undertake reviews of who has access to what information to ensure that access to personal information is restricted and appropriate.
Where we use external companies that may process data on our behalf we will check that these companies comply with the law and our policy before working with them.
We will only share your data where we have your explicit and informed consent, unless we are required to disclose your details to the police, regulatory bodies or legal advisors for a lawful basis.
If Fable Workshop are responsible for personal data which is lost, stolen or hacked, we have a duty to report this breach to the ICO within 72 hours of becoming aware of it. If the breach is “high risk” and likely to have an impact on the individuals affected, we will inform them as soon as possible.
6. Retention of your data
We regularly review the length of time we keep personal data, and will
only keep your information for as long as required to complete the original purpose of collection. If required to report on employees, attendees of workshops or productions for funding purposes, we will retain the information up to the point where we have reported the relevant information to our funders.
Unsuccessful job applicants will have their data deleted after three months after the appointment has been made. If a candidate was second choice for a role, we may retain their information until the probation period has been completed by the candidate appointed.
7. Your Right to Access your Data
You have the right to request the information we hold about you at any time by submitting a written Data Subject Access Request. We will require proof of ID before releasing any information and will charge an administration fee of £10.
We will provide you with a description or copies of your information held by Fable Workshop within 30 days, unless your request is particularly complex, in which case it may take up to 3 months.
8. Your Right to Correct Incorrect Information and Your Right to Be Forgotten
You have the right to keep your personal data accurate and up to date. If you have reason to believe that Fable Workshop holds incorrect or out of date information about you, please make a written request by contacting firstname.lastname@example.org and we will respond within 30 days regarding your request to rectify, erase or destroy that data.
You have the right to be forgotten. If you would like your personal data held by Fable Workshop to be erased, please make a written request by contacting email@example.com. We will respond within 30 days.
We will erase the data as requested if it is no longer necessary for the purpose it was originally collected, or if you initially consented to us holding the information and have now withdrawn consent, if the information was collected and retained on a legitimate interest basis which no longer applies or we need to comply with a legal obligation.
The right to be forgotten does not apply when the information needs to be retained to perform a task in the public interest, comply with a legal obligation, or to exercise the right of freedom of expression and information, or for the establishment, exercise or defence of legal claims. The right will also not apply in cases where processing is required for public health purposes in the public interest.
Other reasons why a request to be forgotten may be denied is if it is manifestly unfounded or excessive or whether the request is repetitive in nature.
9. Your Right to Complain to the ICO
If a request is denied, we will inform you of this within 30 days and tell you the reasons we are not taking action. We will also inform you of your right to make a complaint to the ICO, and your ability to seek to enforce the request through legal action.
10. Privacy Notice Review
We regularly review this Privacy Notice to ensure that it is up to date and fit for purpose. We will notify you about any significant changes to the way we treat personal information by sending a notice to the primary email address you have provided or by placing a prominent notice on our website.
Last reviewed March 2020