• Home |
• Location |
• Contact Us |
• Links || TICKETS £4, COUPLES £6

Data Protection Policy

General Data Protection Regulation (GDPR) Compliance Statement and Privacy Policy

The EU General Data Protection Regulation (GDPR) is in force from 25 May 2018.

The GDPR provides a set of ‘digital rights’ and protections for EU citizens in terms of the data that individuals and organizations hold about them, and applies new responsibilities to those organizations on what data they can hold, how they can process and use those data, and how individuals can access or request changes to or deletion of the data held about them.

This GDPR Compliance Statement explains what data we hold, what we use it for, and the legal basis on which it is used. The statement has been prepared using the checklists in the ICO document, “Preparing for the General Data Protection Regulation – 12 Steps to Take Now” and the guidance given on the ICO website https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/, and represents our GDPR Impact Assessment.

1. Awareness

This Compliance Statement applies to data held and processed by Pilton Cinema, an informal group of people who organise and run Pilton Cinema. These people are aware of the impact of and responsibilities for the GDPR compliance, and have read this Compliance Statement.

It is available publicly on the website http://www.piltoncinema.org. Additionally, links to this Statement have been sent in an email to every individual whose data we hold.

2. Information we hold

• Email addresses of people who have emailed us and to whom we have replied – automatically saved in mail server software.
• Individuals who have been or are group members or have expressed a wish to help with Pilton Cinema. These data comprise Email Address, First Name and Family Name.

Both paper and electronic copies of information are stored securely by individual group members. Consent for our use of information can be withdrawn at any time.

How we use your data

• To give notice of our film screenings.

Every mailing includes an ‘unsubscribe’ option that allows each recipient to request their details be removed.

We aim to act on these requests as rapidly as practically possible.

3. Privacy information

The privacy information required under the GDPR Regulations are as follows:
Identity and contact details of the controller:  Mark Cartmell for the Pilton Cinema at email piltoncinema@gmail.com.

Purpose of the processing and the legal basis for the processing:  Data are collected and retained for the purposes of informing individuals of films. These data are collected and processed under the legal basis of ‘Legitimate Interests’.

Categories of personal data:  The categories of personal data collected and processed are as indicated in the section on ‘Information we hold’, above.

Any recipient or categories of recipients of the personal data: Data are used only by the Pilton Cinema group for the purposes outlined above.

Retention period or criteria used to determine the retention period:  Data are retained for as long as it still has relevance; for example, individuals who wish to be informed about Pilton Cinema screenings will have their data retained as long as the Pilton Cinema continues, or until they request to be unsubscribed.

The existence of each of data subject’s rights:  The data subject’s rights are acknowledged and best efforts will be used to respond to any and all requests for access to or deletion of data records.

The right to withdraw consent at any time, where relevant:  Every mailing includes an ‘unsubscribe’ option that allows each recipient to request their details be removed.

The right to lodge a complaint with a supervisory authority:  The Pilton Cinema is based in the UK and the relevant supervisory authority is the Information Commissioner’s Office (ICO) – see https://ico.org.uk/

The source the personal data originates from and whether it came from publicly accessible sources:  The sources the personal data originates from are as indicated in the section on ‘Information we hold’, above.

Whether the provision of personal data is part of a statutory or contractual requirement or obligation and possible consequences of failing to provide the personal data:  There are statutory requirements to provide data in line with our licensing conditions.

The existence of automated decision making, including profiling and information about how decisions are made, the significance and the consequences:  No automated decision making is used.

4. Individuals’ rights

We acknowledge individuals’ rights as specified in the GDPR and will make best efforts to respond to any requests from individuals in association with these rights, as follows:

• the right to be informed
• the right of access
• the right to rectification
• the right to erasure
• the right to restrict processing
• the right to data portability
• the right to object
• the right not to be subject to automated decision-making including profiling

5. Subject access requests

We will make best efforts to respond to any requests from individuals in association with these rights as quickly as possible, and in all cases within the one month timescale required by GDPR. 

6. Lawful basis for processing personal data

Data are collected and processed under the legal basis of ‘Legitimate Interests’, using the three-part test:

Identify a legitimate interest: By joining our mailing list or volunteering individuals have expressed a legitimate interest in the Pilton Cinema.

Show that the processing is necessary to achieve it: Communication via email is fundamental to the operation of the Pilton Cinema.

Balance it against the individual’s interests, rights and freedoms: the individual has the absolute right to request deletion of their data at any time.
Data are used in ways which the individuals would reasonably expect and which has a minimal privacy impact. Only data necessary for the operations stated is collected and processed.

7. Consent

Consent is requested from each individual on contacting the Pilton Cinema group for use of their data in the ways outlined above.

8. Children

Children may attend our screenings. We will only collect personal information about children to enable them to take part where their parents have given permission for us to do so. This information will be destroyed once their part has ended.

9. Data breaches

We acknowledge the requirement to notify the ICO in certain instances of data breaches. Reasonable steps are taken to prevent data breaches.

10. Data Protection by Design and Data Protection Impact Assessments

We acknowledge the content of the ICO’s Guide to Data Protection Impact Assessments (https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-impact-assessments/) and have implemented to the limited extent required for our current operations.

11. Data Protection Officer

Any issues pertaining to the GDPR and data protection in general will in the first instance be addressed by Mark Cartmell.

Copyright © Pilton Church Hall Cinema | Data Protection Policy
Website design by Martin Haddrill, Validation by W3C