This policy details how The Tent People (TTP) collects, processes, stores and secures personal data. We will always aim to be clear and transparent regarding all our requests for personal data and are legally bound to only use that data for the express purpose(s) agreed at the point the data is submitted to us.
Individuals are under no obligation to share personal data with us. However, the provision of certain pieces of personal data will help us to provide the best possible service we can.
This policy was last updated in June 2021 and was designed in accordance with the EU General Data Protection Regulation (GDPR).
What is personal data?
Personal Data is anything that can be used to identify an individual directly or indirectly.
In many situations, this can be as simple as their name and contact details (such as address, phone number or email) but may sometimes include more detailed information depending on the nature of their engagement with us.
When and how do we collect personal data?
All of the following are common situations where we might request personal data from individuals:
We will always make it clear what data we are collecting from an individual during these transactions and why we are requesting it.
Customer experience data
We may also store conversations that occur via TTP email channels. These emails would be stored securely and only used to improve the customer experience and for training and monitoring purposes.
TTP does not currently record or store any conversations by telephone. We may in the future decide to use call recording technologies for the sole purpose of training, monitoring and improving the overall customer experience. Should this be adopted, sensitive information (e.g. credit card information) would be completely anonymised.
We may also capture an individual’s image in the photography or video recording of an event for promotional purposes, including for print and social media. If an individual would prefer not to be included in any image recording, they should speak to a member of TTP staff.
All images will be stored on our secure cloud-based system and fall under the remit of our data retention policy. In certain instances, we may ask for consent using a form or agreement to be signed by the individual, which will be kept on file for as long as the resulting footage/image is in circulation. These instances will include: Images/videos of tents and event participants. When it is our own event, we will be clear from the outset that image capture may be taking place and customers should speak to a member of staff if they do not want their image captured.
Why we use personal data
We process personal data to
How we use personal data
All personal data collected, processed and stored by TTP is only collected with the prior notification of the scope and nature of the processing activity (i.e. how it will be used).
In relation to the personal data listed above, this will include ‘opt in’ and/or ‘permission’ on online forms regarding mailing lists, participation sign up or the provision of details on a job application or engagement with us contractually.
Security and storage of personal data
TTP operates a secure, cloud based IT system with controlled access. We also have both IT and reporting processes in place to comply with breach notification obligations to the Information Commissioner’s Office (ICO).
We have set a retention limit on personal data for when a data subject has not engaged with us after 5 years. Each year we will audit those who fall outside of this period, and either erase or anonymise that data.
The only exception to this is Employee records (which we are obliged by law to maintain for seven years).
In addition, the following data may also be collected automatically when you visit our website:
· IP address
· Referring website (if you followed a link to get to our website)
· Web browser and device
· Cookies (see below)
· Time and date of visit
· Web pages visited
· Geographical location
This statistical data is collected with the express purpose of aiding our understanding of the areas of interest on our site and is kept only for as long as is required for this purpose.
A cookie is a small file which asks for permission to be placed on the individual’s device’s hard drive. If the individual agrees, the file is added and the cookie helps analyse web traffic or records when they visit a particular site. Cookies allow web applications to respond to the individual. The web application can tailor its operations to their needs, likes and dislikes by gathering and remembering information about their preferences.
An individual can choose to accept or decline cookies. Most web browsers automatically accept cookies, but individuals can usually modify their browser setting to decline cookies if they prefer. This may prevent them from taking full advantage of the website.
All of the above are standard online identifiers which can be detected by Google Analytics – which, like many other organisations we use to monitor the activity on our website. Please visit Google Analytics Terms Of Service for further details.
Third party website links
Our website and associated electronic communications may contain links to other websites not operated or controlled by us (“Third Party Sites”). The policies and procedures detailed in this policy do not apply to such sites. TTP takes no responsibility for the content or data processing activities and policies of third-party sites.
As a Data Subject, individuals have legal rights regarding the information we hold about them
If an individual would like to request Access, Rectification, Portability or Erasure of information we hold about them, they should contact us using the details in the ‘Contact’ section at the end of this policy. The individual will need to provide us with a description of the information they would like to see, together with proof of their identity.
If they are unhappy with the way we have processed their personal data, they also have the right to lodge a complaint with the Information Commissioner’s Office.
Exclusions (legal & regulatory)
On rare occasions we may disclose Personal Data if required to do so by law in order to (for example) respond to a legal challenge, a court or government agency, or in the good faith belief that such action is necessary to:
Third party contractors
In some instances, we use established and accountable third party service providers who work on our behalf for the fulfilment of a contract we enter into. Examples include:
Only in situations where an individual has actively given consent for us to do so, we may pass on their data to partner organisations. In these instances, if they wish to opt-out of their communications in future or to request Access, Reification, Portal or Erasure of their data, they should contact the partner organisation directly.