1: Who We Are
Opera Caledonia – Isle of Cumbrae Opera Retreat Festival (the “Festival”) is an opera festival staged on the Isle of Cumbrae, Scotland UK with associated concerts and recitals throughout Scotland. The Festival has been established to attract musical talents from across the world to Scotland, working alongside some of the UK’s leading professional musicians.
2: How You Can Contact Us
3. The Data We Collect and How We Use It
Below are outlined the different ways in which we collect and process data from people engaging across our activities and services. Whenever we process data for these purposes we will ensure that we always keep your personal data rights in high regard and take account of these rights.
Our Customers (including Friends of the Festival and Sponsors)
We collect information that you provide when you request our services, such as your name, telephone number, postal address and email address. We will only process your data in the following ways where you have given us explicit consent to do so by agreeing to the terms of this privacy notice. The information that you provide forms a “person record” that is stored securely on our computer system. We use this information to manage the services provided by the Festival to you and contact you using the telephone number, email address and/or postal address you provided. We will retain this information for up to 10 years following the end of your engagement with the Festival in case further service provision opportunities arise in the future.
Our Service Providers (including singers, performers, venues etc)
We collect information that you provide such as your name, date of birth, nationality, telephone number, postal address, email address, bank details and, if applicable, scans of photo identification, criminal record check certificates, curricula vitae and references. We will only process your data in the followings ways where you have given us explicit consent to do so by agreeing to the terms of this privacy notice. The information that you provide forms a “person record” that is stored securely on our computer system. We use this information to manage the services you provided to the Festival and/or the Festival’s customers, contact you using the telephone number, email address or postal address you provided, ensure that you are capable of providing the relevant services and pay for your services using the bank details you provided. We will retain this information for up to 10 years following the end of your engagement by the Festival in case further service provision opportunities arise in the future. We may collect equal opportunities data (eg. your nationality, gender and your ethnicity). We may use this data in an anonymised form for the following purposes: to analyse the demographics of contractors whom we engage in order to improve how we market our opportunities and to increase the accessibility of our activities and/or in business reports and proposals, to share our progress towards accessibility targets. We will never process this data in a way that allows you to be personally identified. If you are unsuccessful in securing work with the Festival, we may ask if you would like your details to be retained for a period of 5 years. If you say yes, we may proactively contact you should any further suitable opportunities arise. If you are successful in securing work with the Festival, the information you provide will be retained by us for the duration of your engagement plus 10 years following the end of your engagement.
Third Party Affiliations (including journalists)
We collect information that you provide in relation to the Festival such as your name, telephone number, postal address and email address. We will only process your data in the following ways when you have given us explicit consent to do so by agreeing to the terms of this privacy notice. The information that you provide forms a “person record” that is stored securely on our computer system. We use this information to manage the services provided by you for the Festival and/or the Festival’s customers and to contact you using the telephone number, postal address and/or email address you provided.
Recipients of our e-Newsletters and Other Circulars
Visitors to our Website
Those who use our website are, in doing so, agreeing to the bound by the terms of this privacy notice. We may collect log data about you whenever you visit our website. We will only use this data in order to troubleshoot problems with your use of the website (eg. if a form will not load) and never to do any individual profiling of you for marketing purposes. The information that we may collect includes: originating IP addresses, internet service providers, the files views on our site (eg. HTML pages, graphics etc.), operating system version, device type and timestamps. We may collect standard internet log information and details of visitor behaviour patterns. We do this in order to find out things such as the number of visitors to the various parts of our website and to make improvements to the ways in which we market our opportunities and how people interact with our website. This information is only processed in a way which does not identify anyone.
We use third-party tracking services that employ cookies to collect data about visitors to our website. This data includes usage and user statistics.
People Who Email Us
To encrypt and protect email traffic, we use Transport Layer Security (TLS) by default, but when a secure connection isn’t available (both sender and recipient need to use TLS to create a secure connection), messages will be delivered over non-secure connections. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit. We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send it within the bounds of the law.
We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary. The information we ask for may be used to assess your suitability for employment. You do not have to provide what we ask for but it might affect your success in working with us if you do not. Information that we collect might include: your personal details including name and contact details, your previous experience, education, referees and answers relevant to the role you have applied for, pre-employment checks (such as proof of your identity and your right to work in the relevant jurisdiction), a standard or enhanced Criminal Record check via the Disclosure and Barring Service. A questionnaire about your health may be required to establish your fitness to work and to ensure that we can provide any support or reasonable adjustments required by you. Further information that we collect might include: bank details to process salary payments and emergency contact details so that we know who to contact in case you have an emergency whilst working for us. We might also contact your referees, using the details you provide in your application, directly to obtain references. If you are unsuccessful following assessment for a position you have applied for, we may ask if you would like your details to be retained for a period of 5 years. If you say yes, we would proactively contact you should any further suitable opportunities arise. If you are successful in obtaining a position within the Festival, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus 10 years following the end of your employment. This could include the following: criminal records declaration, fitness to work, records or any security checks and references.
4. How We Share and Transfer Your Personal Data to Other Organisations
We will never sell, rent or trade your personal data. We may disclose your data to service providers who render services to use or on your behalf (eg. Gmail), all of which are obliged to operate in accordance with applicable laws, including GDPR. We may also disclose your information if required by law or to enforce our legal rights. Some of our service providers lie outside of the EEA (eg. Gmail). Therefore, sometimes we transfer your data outside of the EEA. If we do, we ensure your data is processed only in countries that provide an adequate level of protection for your data of where the recipient provides appropriate safeguards, such as mechanisms like the EU-US Privacy Shield Framework. You can read more about how Gmail complies with GDPR here: Google & GDPR.
5. What Your Rights Are
You are not required to provide any personal data to us. However, your failure to do so may affect our ability to provide you with the services, engagement or employment, as applicable, that you request. For example, we are unable to contact you with information about an activity if you do not provide your email address. We respect your privacy rights and provide you with reasonable access to the personal data that you may have provided us. If you wish to access or amend any personal data we hold about you, or to request that we delete any information about you, you may contact us at: firstname.lastname@example.org. Please note that while any changes you request will be reflected in our databases immediately or within a reasonable time period, we may retain all information you submit for back-ups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so. At any time, you may object to the processing of your personal data by contacting the above email address, on legitimate grounds, except if otherwise permitted by applicable law. If you believe your right to privacy granted by applicable data protections laws has been infringed upon, please contact us at the above email address. You also have a right to lodge a complaint with data protection authorities.
6. How We Retain Your Personal Data and Keep It Secure
Internally, your data is shared between members of the Festival’s management team responsible for delivering the services you have requested and/or the activities with which you are involved. Your data may also be shared with individuals selected as interns on temporary work placements who will be asked to sign non-disclosure agreements. Data is only shared with individuals who require access in order to provide the services or activities to which you have signed up. We review our retention periods for personal information on a regular basis. We will hold your personal information on our systems for as long as is necessary for the relevant activity. Please see Section 3 above for more information on how long we hold your information for. We use reasonable organisational, technical and administrative measures to keep any information collected and/or transmitted to us secure however no data transmission or storage system can be guaranteed to be 100% secure.
7: How Often This Policy is Reviewed and Updated