About Rainbow Theatre
Rainbow has been working continually now for over thirty five years, building up a unique relationship with schools and adult audiences. The Company combines enormous theatre experience and expertise, with enthusiastic, talented young professional actors. Everyone is committed to the idea of making live-theatre truly magical – making audiences of all ages feel they are seeing and participating in a unique happening – the performance.
Rainbow’s Schools Work always involves the crucial element of children and young people participating totally in the final performance or workshop. Rainbow actors are trained to work with their young participants, so that all are a crucial part of the final event. Children are not patronised – they are as important as the professional players.
Rainbow has always thrived on feed-back from its audiences – so let us have all your comments so that we can continue to develop and expand – and share with you our joy in live theatre. We can usually accommodate any special needs you have. Rainbow actors will adapt their performances to the ages of the audience. DO PHONE & LET US HELP YOU!
Rainbow Theatre tours a wide-ranging programme of plays and workshops throughout schools in the South of England, London and the West Country.
Rainbow Shakespeare, their sister company, produces two acclaimed Shakespearean productions each summer. Their belief in the ability of Shakespeare to be enjoyable and exciting and understandable for all ages – from 6 – 16 is seen every year in Worthing beautiful Highdown Gardens. Theatre at its most inspirational.
RAINBOW PRIVACY STATEMENT
1. POLICY STATEMENT
1.1 Everyone has rights with regard to the way in which their personal data in handled. During the course of our activities we will collect, store and process a limited amount of personal data and we recognise that the correct and lawful treatment of this data is essential to our operation. Data users and processors are obliged to comply with this policy when processing personal data on our behalf.
2. ABOUT THIS POLICY
2.1 The types of personal data that Rainbow Shakespeare (‘RS’or ‘we’) may be required to handle includes: information names; email addresses; sometimes postal addresses, telephone numbers and ad hoc ticket purchase information.The personal data, which may be held on paper or on a computer or other media, is subject to certain legal safeguards specified in the General Data Protection Regulation (The Regulation or GDPR), in effect from 25 May 2018, superseding the Data Protection Act 1998).
2.2 This policy, and any other documents referred to in it, set out the basis on which we will process any personal data we collect from data subjects, or that is provided to us by data subjects or other sources.
2.3 This policy and sets out rules on data protection and the legal conditions that must be satisfied when we obtain, handle, process, transfer and store personal data.
2.4 Rainbow Shakespeare is a charity, the Trustees are responsible for ensuring compliance with the relevant legislation and with this policy. Any questions about the operation of this policy or any concerns that the policy has not been followed should be referred in the first instance to firstname.lastname@example.org.
3. DEFINITION OF DATA PROTECTION TERMS
3.1Datais information which is stored electronically on a computer, or on paper.
3.2 Data subjectsfor the purpose of this policy include all living individuals about whom we hold personal data. A data subject need not be a UK national or resident. All data subjects have legal rights in relation to their personal information. Data subjects are also referred to as members in this policy.
3.3 Personal datameans data relating to a living individual who can be identified from that data. For RS, personal data is purely factual. RS does not collect any special category data (within the meaning of the Regulation), nor any financial data other thenad hoc ticket purchases.
3.4 Data controllersare the people who, or organisations which, determine the purposes for which, and the manner in which, any personal data is processed. They are responsible for establishing practices and policies in line with the relevant legislation. The committee of RS Trustees is the data controller of all personal data used in our organisation.
3.5 Data usersare those of our Trustees or volunteers whose activity involves processing personal data. Data users must protect the data they handle at all times in accordance with this policy and any applicable data security procedures.
3.6 Data processorsinclude any person or organisation that is not a data user who or which processes personal data on our behalf and on our instructions. Employees of
data controllers are excluded from this definition but it could include suppliers which handle personal data on behalf of the RS.
3.7 Processingis any activity that involves use of the data. It includes obtaining, recording and holding the data, or doing anything with the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties.
4. DATA PROTECTION PRINCIPLES
4.1 Article 5 of the GDPR generally requires that personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
5. LAWFUL BASIS FOR PROCESSING
5.1 Article 6 of the GDPR sets out the lawful bases for processing of personal data.
5.2 Three categories of lawful basis apply to the data held by the WSS:
- Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
- b) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party (this might be Worthing Theatres for example)unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
6. DATA PROCESSING (SEE 4.1A ABOVE)
6.1 We will only process personal data for the specific purpose of communicating with you about RS’s activities and productions and in accordance with section 5 of this policy. This includes the possible but unlikely purpose set out in clause 12.1 of this policy and mayinclude approaches regarding fundraising to support RS.
6.2 We will notify those purposes to the member when we first collect the data and require that members give their positive consent to the data being collected and processed in the ways described.
6.3 We will process all personal data in line with data subjects’ rights, in particular their right to:
- Request access to any data held about them by a data controller (see also section 13).
- Prevent the processing of their data for direct-marketing purposes.
- Ask to have inaccurate data amended (see also section 9).
- Prevent processing that is likely to cause damage or distress to themselves or anyone else.
7. DATA COLLECTION (4.1B)
7.1 This is only collected directly for example, by completing a forms at a performance or by corresponding with us by mail, phone, email or otherwise.
7.2 When we collect this data, we will inform the member about:
- The purpose or purposes for which we intend to process that personal data.
- The types of third parties, if any, with which we will share, or to which we will disclose, that personal data.
7.3 We will also explain that we are the data controller with regard to that data, and who to contact in case of any query.
8. NECESSARY DATA (4.1C)
8.1 We will only collect personal data to the extent that it is required for the specific purposes notified to the member.
9. ACCURATE DATA (4.1D)
9.1 We will ensure, so far as is possible, that personal data we hold is accurate and kept up to date. We will take all reasonable steps to destroy or amend inaccurate or out-of-date data. Data can be deleted at any time upon request.
10. DATA RETENTION (4.1E)
10.1We will not keep personal data longer than is necessary. We will take all reasonable steps to destroy, or erase from our systems, all data which is no longer required.
11. DATA SECURITY (4.1F)
11.1We will put in place procedures to maintain the security of all personal data from the point of collection to the point of destruction. Personal data will only be transferred to
a data processor if they agree to comply with those procedures, or if they put in place adequate measures.
11.2We will maintain data security by protecting the confidentiality, integrity and availability of the personal data, defined as follows:
- Confidentialitymeans that only people who are authorised to use the data can access it.
- Integritymeans that personal data should be accurate and suitable for the purpose for which it is processed.
- Availabilitymeans that authorised users should be able to access the data if they need it for authorised purposes.
11.3Security procedures include:
- Secure access to computer files containing data.Specifically for RS, membership lists will be password-protected.
- Methods of disposal.Relevant paper documents will be shredded. Digital files will be deleted when no longer required.
- Data users will ensure that their own equipment is appropriately protected both physically and in software.
11.4If any breach in security is detected, appropriate steps will be taken to seek rectification and to prevent a recurrence.
12. DISCLOSURE AND SHARING OF PERSONAL INFORMATION
12.1The only possible but unlikely sharing of personal data by RS is the provision of names and addresses with Worthing Theatres for the purpose of dealing with any ticket queries. There is currently no intention for any other sharing of data.
13. DATA SUBJECT ACCESS REQUESTS
13.1Aformal request can be made at any time for details of the information we hold about you. This must be made in writing (which includes email), addressed to the email@example.com
14. CHANGES TO THIS POLICY
14.1We reserve the right to change this policy at any time. Where appropriate, we will notify you of those changes.
14.2We will keep up to date with developments in regulations and implement good practice advice as far as practical.