Introduction
We believe you should always know what data we collect from you and how we use it, and that you should have meaningful control over both. We want to empower you to make the best decisions about the information that you share with us.
That’s the basic purpose of this Privacy Policy.
You should read this policy in full, but here are a few key things we hope you take away from it:
- We only collect personal data if it is submitted to us.
- We can only contact you if you have contacted us or given us consent to contact you.
- At any time, you can choose to opt-out of communications from us or have your data removed from our systems.
- This policy applies to our websites and contacting us via email (so long as it is from an @cbcf.info address).
If you have questions about this policy, how we collect or process your personal data, or anything else related to our privacy practices, we want to hear from you. You can contact us at any time.
Who are we?
We are the Chelmsford Beer & Cider Festivals (referred to as CBCF).
We are registered with the Information Commissioner’s Office with registration number ZA478683.
Our Data Protection Officer is Thomas Maguire and can be contacted by emailing dpo@cbcf.info or by phoning 01245 526899.
What information do we collect?
| Term | Definition |
| Personal Data | any information relating to an identified or identifiable natural person. |
| Sensitive Personal Data | data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation. |
We collect the following types of personal information:
- Names
- Email addresses
- Postal addresses
- Phone numbers
- Video footage
We collect this data when you submit a contact form to us, send us an email or message, or if you phone any of our contact numbers. As an example, over email, social media message or contact form we collect your name and email address (and optionally a phone number if you provide us with one). When contacting us by phone, we store your phone number for reference along with your name unless you tell us not to. We additionally collect postal addresses of residences near our festival and business addresses of our suppliers and partners.
We only collect video footage at our summer festivals in the interests of public safety and crime prevention.
We do not collect any sensitive personal data and you should never give us any personal data other than the above stated.
Please note that information we collect about our volunteers is governed by our Volunteer Privacy Policy.
How do we use personal information?
We use personal information in the following ways:
- Account set up and administration of our suppliers, partners and volunteers on our information systems.
- Information you provide helps us respond to your customer service requests and support needs more efficiently.
- We may use the email address to respond to their enquiries, questions, and/or other requests.
- To maintain business operations such as keeping in contact with our volunteers and suppliers.
What legal basis do we have for processing your personal data?
| Lawful Basis | Definition |
| Consent | the individual has given clear consent for you to process their personal data for a specific purpose. |
| Contract | the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract. |
| Legal obligation | the processing is necessary for you to comply with the law (not including contractual obligations). |
| Vital interests | the processing is necessary to protect someone’s life. |
| Public task | the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law. |
| Legitimate interests | the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law. |
We process personal data sent to us via contact forms, email and social media messages under the legal basis of consent as we use the information provided to resolve any queries or process any enquires.
We process video footage under the legal basis of legitimate interest for public safety and crime prevention at our summer festivals held in Admirals Park. We provide notices near all areas in which our security cameras are present.
When do we share personal data?
We do not share personal data sent to us via contact forms, email or social media messages with any third parties outside of CBCF or the Campaign for Real Ale (CAMRA).
We will only share video footage from security cameras at our summer festival with the local authorities if we have legitimate interest to do so (if it concerns public safety or criminal behaviour) or if we have a legal obligation to share this data with the police.
Where do we store and process personal data?
We store and process all information in data centres in the United Kingdom.
We ensure that all our third-party data processors and information systems keep data within the United Kingdom.
None of our data is transferred to outside of the European Economic Area.
How do we secure personal data?
To secure personal data, we use a range of technologies and procedures to keep personal information secure.
- We take regular backups of data to protect against accidental loss.
- We use access controls and other security measures to prevent unauthorised access, use, destruction or disclosure of personal data.
- We have business continuity and disaster recovery procedures in place to help facilitate the above.
- We conduct regular bi-annual security audits on our internal and external information systems along with the rest of our websites and services.
- We additionally manage the risk of third-parties handling our data by reviewing them bi-annually through use of contracts and security audits.
- We have in place an IT Security Policy and Data Protection Policy which enforce the above.
How long do we keep your personal data for?
All personal data that we hold can be kept for a maximum of 5 calendar years, after which time it is securely removed from our information systems, mailboxes and social media message inboxes.
Video footage from our CCTV systems is kept for 30 calendar days after the last date of the festival. After this time, it is securely wiped from our servers. Data drives from this system are physically destroyed if they experience a failure or are no longer used.
Information held about our volunteers on the Volunteer Portal is subject to the retention period set out in the Volunteer Privacy Policy.
Your rights in relation to personal data
Under the General Data Protection Regulation (GDPR), we respect your right as a data subject to access and control your personal data. This means that:
- You have a right to have access to personal information that we keep about you.
- You have a right to have your personal information that we keep about you corrected or deleted for previous emails, messages and contact forms that you have submitted to us. We are unable to remove CCTV video footage as we are required to keep this for 30 calendar days after the festival by law.
- You have a right to withdraw consent at any time for previous emails, messages and contact forms that you have submitted to us.
- You have a right to data portability for previous emails, messages and contact forms that you have submitted to us. We are unable to provide data portability of CCTV video footage due to the risk of exposing personal data about another person.
- You have the right to restriction of processing and the right to object from data processing.
- You have the right to lodge a complaint with the Information Commissioner’s Office.
Please note that in all cases we will be required to verify your identity to provide you with any details. This will usually us requesting for two contact methods which we will then verify using a one-time passcode. For more details, please contact the Data Protection Officer (Thomas Maguire) via dpo@cbcf.info or 01245 526899.
How to contact us?
If you have any questions about this Privacy Policy, the practices of CBCF, or your dealings with this site, please contact our Data Protection Officer, Thomas Maguire on dpo@cbcf.info or by contacting 01245 526899.
Use of cookies and other technologies
We use “cookies” to enhance our user experience and our site security.
Your web browser places cookies on your hard drive for record-keeping and tracking purposes. We only use cookies to keep records of device specific information for security purposes and tracking of where you go on our website (and nowhere else).
You may choose to set your browser to refuse cookies or alert you when cookies are being sent. Please note that by doing so some parts of this website and our other services may not function properly.
Changes to this privacy policy
Chelmsford Beer & Cider Festivals has the discretion to update this privacy policy at any time. When we do, we will post a notification on the main page of our Sites. We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of modifications.
This document was last updated on November 17th, 2019 and is effective from November 18th, 2019.