Due to the new General Data Protection Regulations (GDPR) which have replaced the UK Data Protection Act 1998, we’re required to clarify what personal information we hold about you, why we store it and how we store it. As a “data controller” Creu Cymru is responsible for making sure that any personal data that we hold is secure and is used in ways that are in accordance with GDPR. This privacy notice provides information on when, how and why we collect personal information and how we keep it secure. You can opt out of any or all of our communications at any point simply by contacting [email protected].

Whose contact details do we hold on file and for what purpose?

We may keep your details on file if you’re one of the following:

The organisational, programming, marketing, technical, participation, CEO or front of house representative for a theatre, arts centre, performing arts company, freelancers, individual member or associate member in our membership so that we can send you information that relates directly to our role of supporting performing arts organisations in Wales and the services we offer to our members.
An independent producer, director, performer or other arts professional who either has, or is looking to establish, a relationship with the presenting sector in Wales. 
A representative of an arts industry body, for example Arts Marketing Association, Federation of Scottish Theatre, Association of British Theatre Technicians.
A trust or foundation that supports arts activities.
A representative of an Arts Council or equivalent organisation in the United Kingdom.
An arts festival.
A member of our staff, or a freelance professional working with us, or applying to work with us.
A Creu Cymru board member.
A nominated next of kin or reference contact.
We need your data so that we can provide an effective and efficient service and so that we can undertake appropriate evaluation and reporting processes. Data used in this way is anonymised unless explicit consent is given by you.

What information of yours do we hold, and where?

We only hold the following detail about you:

Your first name and surnames
The company for whom you work (if relevant]
Your job title/role
Your postal address
Your email address[es]
Your contact telephone number
A record of correspondence with you relating to Creu Cymru’s activities and/or interests
Feedback received from you.
These details are retained on an electronic file which is only accessible to the Administrator, Project Administrator and Director of Creu Cymru. As with all contact details, you can request that these be deleted at any time. (To do this contact [email protected]). 

Will we ever share your contact details with a third party?

We will never share your contact details with a third party outside our membership without prior written consent from you. However, as we are a collaborative network of theatres and arts centres we show the full list of contacts on communications sent out to groups.

When will your contact data be updated or deleted?

If you email us to request being deleted from our database and/or unsubscribe from receiving further communication from us, we will delete your contact details from our database. If you cease to be in the professional role within which we had contact with you as a professional industry peer we will delete your contact details from our database as soon as we are aware of this. You are entitled to ask for a copy of the information we hold on record about you at any time. (Please contact [email protected]). Such a request must be made in writing, with proof of identity, and may take up to one calendar month to be fulfilled, although we will respond as promptly as staff capacity allows.

Website visitors

We do not collect information about people visiting our website.

Our website may contain links to other websites that are outside our control and are not covered by this Privacy Policy. If you access other sites using the links provided, the operators of these sites may collect information from you that will be used by them in accordance with their privacy policy, which may differ from ours.

What Rights do I have?

Individuals have eight rights under GDPR: 

Right to be informed: Individuals can be informed of how their data is collected, stored and processed in a clear, accessible way.
Right of access: Individuals can request access to a copy of their data in electronic form and details of how it is processed.
Right to rectification: Individuals are entitled to have their data corrected if it is inaccurate or incomplete.
Right to erasure: Also known as ‘the right to be forgotten’, this permits individuals to request the deletion of their data.
Right to restrict processing: Individuals can request a halt on processing if they object to accuracy or purpose.
Right to data portability: Individuals can request their data in a suitable digital format, sent either directly to them or to a third party.
Right to object: Individuals can, in certain cases, object to the processing of their data, eg. in direct marketing.
Rights relating to automated decision making including profiling: Individuals are protected against the risk that a potentially damaging decision is taken without human intervention.
This privacy notice is subject to review and amendments – the current draft was last updated May 2018.

Creu Cymru is registered in England and Wales under company number 05125040 at HSJ Accountants, Severn House, Hazell Drive, Newport, South Wales, United Kingdom, NP10 8FY
Log in | Powered by White Fuse