Bradford Literature Festival – Privacy Policy
Culture Squared CIC takes your privacy seriously. This Privacy Policy explains the steps we take to ensure information about you is kept secure and confidential.
Please read this Privacy Policy carefully. Once you use this Website (“this Website”) or our services available via it you will be deemed to have read and consented to the uses of your personal data set out in this Privacy Policy. You will also be deemed to have read and accepted this Privacy Policy and the Website Terms and Conditions of use (terms and conditions).
Please note: we do not post out tickets.
Who We Are
Bradford Literature Festival is managed by Culture Squared, a not-for-profit, Community Interest Company.
Our registered office is Bradford Literature Festival, D0.08 Horton D Building, Richmond Road, University of Bradford, BD7 1DP.
For the purposes of Privacy Legislation, we are the Data Controller.
Privacy Law means the Data Protection Act 1998 (as amended by the Data Protection Act 2018), the EU Data Protection Directive 95/46/EC, the Regulation of Investigatory Powers Act 2000, the Telecommunications (Lawful Business Practice)(Interception of Communications) Regulations 2000 (SI 2000/2699), the Electronic Communications Data Protection Directive 2002/58/EC, the Privacy and Electronic Communications (EC Directive) Regulations 2003, the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011, the General Data Protection Regulation (from 25 May 2018) and all other applicable laws and regulations relating to processing of personal data and privacy in any applicable jurisdiction as amended and replaced, including where applicable the guidance and codes of practice issued by the UK Information Commissioner or such other relevant data protection authority.
Changes to our Privacy Notice
We review this notice regularly as part of our internal processes or as our services, activities, or processes change. It is subject to change at any time, but the most up to date version is published on our website: www.bradfordlitfest.co.uk
This notice is dated 14 April 2023.
Contacting Us
If you’d like to request further information about our privacy policy or exercise any of your rights, you can contact us:
By post to Bradford Literature Festival, D0.08 Horton D Building, Richmond Road, University of Bradford, BD7 1DP.
By email [email protected]
Through our website www.bradfordlitfest.co.uk
By telephone 01274 044140
Complaints
We take any complaints concerning your privacy very seriously. If you think our collection or use of your personal information is unfair, misleading or inappropriate please bring it to our attention and we will be happy to provide any additional information or explanations needed.
We also welcome suggestions for improving our procedures. You can also contact the Information Commissioner’s Office at www.ico.org.uk or write to Wycliffe House Water Lane, Wilmslow, Cheshire SK9 5AF or 0303 123 1113 for information, advice or to make a complaint.
Your Privacy Rights
You have rights relating to your personal information. You can find more information about your privacy rights on the Information Commissioner’s Office website www.ico.org.uk
You have the right to be informed about how and why we process your personal information including why we need it and how we will use it.
You can find most of the information you need in this Privacy Notice.
If you have any questions, please contact us at www.bradfordlitfest.co.uk
You have the right to access your personal information
You can request a copy of information we hold about you at any time.
You may choose to exercise your right of access through any of our contact channels, but we may ask you to provide documented evidence of your identity before we process your request. We may also contact you to clarify your request or to ensure we have all the information we need to fully meet your request.
Privacy law requires us to respond to your request within 30 calendar days of verifying your identity (or within 3 months for more complex cases). You’ll receive a full response as soon as we can reasonably provide one and we aim to resolve all subject access requests within 30 calendar days from confirming your identity. In more complex cases where we cannot provide a full substantive response within that time frame, we will write to you within 30 calendar days to explain why an extension is needed.
We don’t charge for subject access requests.
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
You have the right to ask us to correct inaccurate personal information we hold about you
If you believe information we hold about you to be inaccurate or incomplete, you can ask us to correct it or complete it at any time, through any of our contact channels. Wherever possible, we will correct inaccurate or incomplete information immediately.
In more complex cases we will take reasonable steps to confirm the accuracy of the information we hold. Whilst we investigate the accuracy of the information, we will restrict the processing of the information in question.
We will let you know the outcome of our investigation as soon as we can. Any information we can verify as inaccurate will be corrected within one month of receiving your request.
You have the right to ask us to delete your personal information
In some circumstances, you have the right to ask us to delete information we hold about you. For example, if we have asked for your consent to process the information, and you withdraw that consent.
We will respond to your request as soon as we can, and we will act on any requests granted within one month of your request.
We can’t delete some information where we have a legal or regulatory obligation to keep it. We may also refuse your request if we believe it to be excessive. If your request for deletion is refused, we will explain the reasons for refusal.
You have the right to ask us to restrict the use of your personal information
In some instances, you have the right to ask us to restrict the use of your personal information (for example if you have challenged the accuracy of the information we hold or have objected to our processing). We will restrict our use of your information whilst we investigate your objection or request to correct your information.
We will respond to your request as soon as we can, and we will act on any requests within one month of your request.
If your objection is unsuccessful, we will only continue processing once we’ve let you know the outcome of the investigation.
When processing is restricted, we are still permitted to store your personal data, but not use it. Information related to these requests will not be automatically deleted unless you expressly ask us to.
You have the right to data portability
Where we process your personal information with your consent or for the performance of a contract, and our processing is automated, you have the right to move, transfer or copy that data to another system for your own purposes. If we do in the future, you can make a request and this data can be exported from our systems for you.
You have the right to ask us not to process your personal information
We process most of the information we collect about you under the lawful basis of ‘legitimate interest’. You have the right to object to our processing your personal information under this lawful basis, or for marketing purposes (including profiling).
We will respond to your objection as soon as we can, detailing any actions we can reasonably make. If we believe there is an overriding compelling reason to continue the processing, we will explain why we think this is.
We will action any requests to stop direct marketing as soon as we receive your objection.
You can object to us using your data at any time through any of our contact channels.
Lawful Basis for Processing
Privacy Law states we must have a lawful basis for processing your information; the legal basis will vary depending on the circumstances of how and why we have your information. Usually we will do this in the following instances:
- the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests;
- you have given consent for us to process the information i.e. in relation to certain marketing activities;
- the processing is necessary for a contract we have, or because we have been asked to take specific steps before entering into a contract;
- the processing is necessary for compliance with a legal obligation to which we are subject i.e. we are required to provide certain information to HMRC;
- the processing is necessary for us to comply with the law.
Information We Collect From You and What We Do With It
To provide our services to you, we need to collect, process and store information about you. We use your information to administer, support, improve and develop our business generally, to provide statistical information to meet our lawful requirements and to enforce our legal rights. If we intend to use your information for a different purpose, we will do so in ways consistent with Privacy Law or, wherever possible, by notifying you in advance.
We will only use your information for the specific purpose(s) for which it has been provided to or collected.
We collect and process a variety of information from you and about you. In most cases, the information we collect about you is provided by you directly. This helps us to confirm the information we collect is accurate and as up to date as possible. We will usually do this when you first contact us, though we may ask you to confirm your details on subsequent contacts from time to time.
The type of information collected from you and obtained about you will vary depending on your association with us. However, in almost all cases we are likely to ask you to provide name, address and contact details (including phone number, email address or social media identifiers) – to contact you about your enquiry, or membership, and keep you up to date about the services you have requested or receive from us, inform you about any service interruptions, or contact you with other information related to our business.
We will only collect sensitive personal information about you with your explicit consent, and for a specified purpose which will be explained to you at the time.
If you contact us by post or email we will keep a record of the contact.
If you use our website, we will keep a record of the contact and we may collect additional information about you to provide a better digital service and website functionality.
More detailed information on what we collect in different circumstances and how it will be used is set out below to ‘what to expect when you contact us’.
Information We Collect or Obtain from Others About You
We prefer to collect information about you directly. This helps us to confirm the information we collect is accurate and as up to date as possible.
We may receive information collected by our business partners or sub-contractors relating to services they are delivering to you, or to respond to a complaint you have made.
We also work closely with trusted partners (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, local authorities, credit reference agencies and debt collection agencies) and may receive information about you from them.
If you contact us by phone or in writing (including email, social media or via our website) we will record, monitor or keep copies of the correspondence. We keep this information for several reasons (including fraud prevention and crime recording/investigation) but the main reasons are to:
- assist our response to any queries you may have;
- ensure we continue to offer you the best possible service;
- maintain standards and help train our staff;
- demonstrate our compliance with any regulatory obligations; and
- keep our records up to date so that we don’t offer you services that you don’t need.
Marketing-Communications (E-Newsletter, Marketing Emails and Post)
If a customer joins the BLF mailing list via the BLF website, they are asked to give their consent to being contacted for marketing purposes via email, and to receiving the printed festival programme via post. When a customer gives their consent, their data is forwarded to our third-party customer relationship management provider, Mailchimp, to deliver some of our e-communications. We gather statistics around email opening and clicks using industry standard technologies. For more information, please see Mailchimp’s Privacy Policy.
We also use Ticketsolve to deliver e-communications relating to the event you purchased a ticket for, please see Ticketsolve’s Privacy Policy.
Contacting Us by Telephone
When you contact us by telephone, your telephone number may be added to your records so that we can contact you in future to provide further services or information.
We may use a telephone number listed on your account to contact you to discuss matters relating to the event you purchased a ticket for.
Contacting Us by Post
Post is stored and processed in a secure area of the building. The retention of hard-copy documents and electronic images of post received is detailed in our data retention rules.
Emailing Us
If you email us, we will respond to you using the email address you gave us. We may add your email address to your account and it may be used for future communications.
Please note that email isn’t considered to be a secure communication method. If you have any concerns over the security of your information in transit, please raise this with us so that we can suggest alternative methods of contact.
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with our own policies. Emails are stored, archived and deleted in line with our information security and data retention policies.
Contacting Us Via Social Media
We strongly advise not to post your personal contact or other sensitive information on a public social media site. If you contact us using social media to report an issue, we will ask you to private message us to gather suitable information. We may suggest an alternative contact method if we think this is more appropriate.
Making a Complaint
If you make a complaint to us, we will follow our complaints process.
We may need to share details about your complaint internally to fully investigate. If you escalate your complaint to the Information Commissioners Office, we may share information with them in order to resolve your complaint.
If the complaint relates to a service provided by a third party, we will share information with them to resolve your complaint. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
We will only use the personal information we collect to process the complaint and to examine the level of service we provide. We may compile and publish statistics showing information (for example the number of complaints we receive), but not in a form which identifies any individuals.
We will keep complaints in line with our data retention policy. This means that information relating to a complaint will be retained for seven years from closure.
Visiting Our Website
Each time you visit our website we will automatically collect the following information:
Technical information – this includes the Internet protocol (IP) address used to connect your device to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
Session information – information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
We use information gathered through cookies and similar technologies to measure and analyse information on visits to our websites, to tailor the websites to make them better for visitors and to improve technical performance (see below for more information). We will not use the data to identify you personally or to make any decisions about you.
WordPress
We use a third-party service, WordPress, to publish our website. The site is built on WordPress as a CMS and is hosted with Digital Ocean on UK servers. We use a standard WordPress service to collect anonymous information about users’ activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. For more information about how WordPress processes data, please see Automattic’s privacy notice.
Purchasing Tickets Through the BLF Website
We use a third-party box office service, Ticketsolve, to sell tickets through the BLF website. Ticketsolve stores relevant customer information such as title, name and email/postal address in order to improve the service that can be offered to repeat customers. This includes the option to set up a customer account on the Ticketsolve site. Customers are asked to provide a name and email address in order to set up an account, however this can be deleted/ cancelled upon request at any time.
When a customer makes a purchase, or sets up an account, they are asked whether they give their consent to be contacted for marketing purposes via post, email and telephone. This works on an opt-in basis; customers are not automatically subscribed and are under no obligation to subscribe. These preferences can be updated at any time.
More information can be found by reading the Ticketsolve Privacy Policy. When a customer gives their consent to being contacted via email or post, their data is forwarded to our third-party e-communication provider, MailChimp.
Purchases are handled via the third-party payment gateway Realex and merchant bank Elavon. Personal banking information such as card/ account numbers are not stored on the BLF site or Ticketsolve at any time, under any circumstances. However, relevant transactional information such as name, billing address and amount will be stored by both Ticketsolve and Realex for banking purposes only. Personal banking information such card details and account numbers are not retained by Bradford Literature Festival. This information is not used by BLF for any purpose other than for monitoring sales and balancing accounts. For more information please see Realex’s Privacy Statement.
We retain customer details and ticketing booking history to provide the necessary service and assist in any problems, such as refunds or cancellations that may occur. However, we only use these details to provide the service the person has requested and for other closely related purposes. For example, we might use information about people who have purchased tickets to carry out a survey to find out if they are happy with the level of service they received. When people do subscribe to our marketing communications, they can cancel their subscription at any time and are given an easy way of doing this.
Third Parties
Our website may also contain links to and from other websites including our partner networks and affiliates. If you follow a link to any of these websites, please note that we do not have control over these websites or their content. These websites have their own privacy policies and we will not accept any responsibility or liability for you visiting these. We recommend that you review the website terms and conditions that are applicable to the third-party website.
Information We Share with Others
In most circumstances, we will not disclose your personal information without your consent. However, there are circumstances where we need to share some of your information to meet our compliance obligations or where we are permitted to under Privacy Law.
We may share your personal information with any member of the Bradford Literature Festival team. We do this to ensure we offer you a consistent service across our products.
We share your personal information with our Bradford Literature Festival employees; all access is controlled in accordance with our IT Security Policies.
We have legal obligations to share data with some third parties identified in law. We may disclose your personal information to third parties if we are under a duty to disclose or share your personal information to comply with any legal obligation. We do not require your consent to process your information in this way.
We may be contacted by HMRC, the Department for Work and Pensions DWP, the police, fraud agencies or Immigration UK Visas and Immigration asking for information about our individual members and customers. Under Privacy Law, we are permitted to share this data with them without your consent and you will not be notified that this has been done. This is in the support of the prevention and detection of crime.
Agreements We Have with Other Organisations For Sharing Information
We use trusted partners and sub-contractors to process some of your personal information.
We have in place some data sharing agreement for mutual benefits. For example, we have data sharing agreements with some partners to help keep our customer data accurate. This may involve the sharing of names and addresses of customers.
Trusted Partners We Use Who May Have Access To Your Data
We use trusted partners to help us process your personal information and provide services to you. All of our data processors have a binding contract with us that restricts their access to and handling of your personal information to only what is necessary in performance of their contract.
We use:
- third-party IT and software providers for different systems, like our social media and email management, our WordPress content management platform for publishing content on our websites, and others to support us with processing the large amounts of data that we need to manage.
Occasionally these providers store or back-up information on servers outside the European Economic Area. We have sought assurances that those arrangements comply with Privacy Law requirements for the transfer of personal data outside the EEA.
- companies to help us process payments including card payments and to process cheques;
- from time to time we require legal advice and may need to share your personal data with our legal advisers or our insurance companies or other professional advisors to obtain advice or make a claim.
Where We Store Your Information and How We Keep It Safe
All customer personal information is stored on our corporate systems on secure IT servers. We operate a suite of IT and security policies to ensure your information is kept secure, including appropriate access and auditing controls.
We use anti-virus software and fire walls to protect against cyber-attack. Unfortunately, the transmission of information via the internet isn’t completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of information you send to us that is outside of our security arrangements; any transmission is at your own risk.
We may store your personal information on your local device, such as your computer or mobile phone to assist you in your repeated use of our services. We have no control over inappropriate access to this information. You can delete this information at any time using the facilities of your Internet browser or by removing our application from your mobile device.
Where we transfer information to third parties to enable them to process it on our behalf (see the information about Trusted Partners above), we ensure that the providers meet or exceed the relevant legal or regulatory requirements for transferring data to them and keeping it secure.
Photography & Video Footage Taken at BLF Events
Individuals attending BLF events may be photographed and / or recorded and these images may be used for marketing purposes. BLF will display privacy notices throughout event venues advising individuals, parents and carers on what to do if they do not wish to be recorded. BLF will also make the fact filming / photography is taking place at the event apparent and clearly visible on the event page on the festival website.
In the event that BLF wishes to photograph school events or events attended by school groups, BLF will contact the school in advance to obtain the necessary school / parental consent.
Stickers and lanyards will be easily accessible at all of our venues and can be worn by any individual who wishes to have their identity removed/ blurred from public recordings. Our events will also have clear signage to let visitors know filming / photography is taking place, with information on where to get a sticker or lanyard.
By attending a BLF event and not collecting a sticker / lanyard in order to identify yourself, or your child, as having opted out of being recorded, BLF reserves the right to include children in both photography and video recordings.
If at any point an individual would like to request copies of the images/ footage in which they, or their child, are present they may do so by contacting the festival team on the contact information detailed at the start of this document. Individuals also have the right to request that they, or their child, be removed/ blurred from any photographs or video footage at any point, and can do so by contacting BLF. BLF may have to request information about which events an individual attended in order to investigate the request.
If at any point an individual, parent, guardian or school would like to request copies of the images/ footage in which they, their children, or their students, are present, they may do so by contacting the festival team on the contact information detailed at the start of this document.
How Long We Will Keep Your Information
We only keep your information for as long as we need it. We will retain certain information (i.e. contact information and bank details) for as long as you have a relationship with us.
Generally, we keep:
- customer members subscription, correspondence, complaints, financial details and contact histories – we will retain this data whilst you continue to engage with us for our services and thereafter for up to seven years;
- data subject requests (i.e. subject access requests and objections) for up to two years;
- social media posts (in third party systems) for up to twelve months, unless related to a complaint;
After which time your personal information will be either deleted or anonymised.
These retention periods may be extended in certain limited cases as prescribed or permitted by law – i.e. because of an accident at one of our events or to bring or defend a legal claim.
Job Applicants, Current and Former BLF Employees
BLF is the data controller for the information you provide during the process unless otherwise stated. If you have any queries about the process or how we handle your information please contact us at [email protected].
What will we do with the information you provide to us?
All of the information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.
We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.
We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for, and to inform you of future opportunities. If you don’t wish to receive such information please email [email protected]
What information do we ask for, and why?
We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.
The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for, but it might affect your application if you don’t.
Application stage
We ask you for your personal details including name and contact details. We will also ask you about your previous experience, education, referees and for answers to questions relevant to the role you have applied for. Our recruitment team will have access to all of this information.
You may also be asked to provide equal opportunities information. This is not mandatory information – if you don’t provide it, it will not affect your application. This information will not be made available to any staff outside of our recruitment team, including hiring managers, in a way which can identify you. Any information you do provide, will be used only to produce and monitor equal opportunities statistics.
Shortlisting
Our hiring managers shortlist applications for interview. They will be provided with your name or contact details but not with your equal opportunities information if you have provided it.
Assessments
We might ask you to participate in assessment days; complete tests or occupational personality profile questionnaires; and/or to attend an interview – or a combination of these. Information will be generated by you and by us. For example, you might complete a written test, or we might take interview notes. This information is held by BLF.
If you are unsuccessful following assessment for the position you have applied for, we may ask if you would like your details to be retained in our talent pool for a period of one year. If you say yes, we will proactively contact you should any further suitable vacancies arise.
Conditional offer
If we make a conditional offer of employment we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We are required to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability.
You may therefore be required to provide:
- Proof of your identity – you will be asked to attend our office with original documents, we will take copies.
- Proof of your qualifications – you will be asked to attend our office with original documents, we will take copies.
- We will contact your referees, using the details you provide in your application, directly to obtain references.
- We will also ask you to complete a questionnaire about your health. This is to establish your fitness to work. This is done through a data processor (please see below).
- If we make a final offer, we will also ask you for the following:
- Bank details – to process salary payments.
- Emergency contact details – so we know who to contact in case you have an emergency at work.
Use of data processors used for recruitment purposes
Data processors are third parties who provide elements of our recruitment service for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct. Current third-part recruitment organisations include:
Arts Council England/ Arts Jobs – Privacy Policy
The Guardian/ Guardian Jobs – Privacy Policy
Indeed.com – Privacy Policy
Michael Page – Privacy Policy
LinkedIn – Privacy Policy
How long is the information retained for?
If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus 3 years following the end of your employment. This includes your criminal records declaration, fitness to work, records of any security checks and references.
If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for 1 year from the closure of the campaign.
Information generated throughout the assessment process, for example interview notes, is retained by us for 1 year following the closure of the campaign.
Equal opportunities information is retained for 1 year following the closure of the campaign whether you are successful or not.