General Data Protection Regulation
As of the May 25th, 2018, every company that deals with European customers has to comply with the new European General Data Protection Regulation or GDPR in short.
In simple terms, it:
- Applies to personal data — any data that relates to or can be used to identify a person in any way
- Controls what can be done with personal information
- Requires that consent is given or there is a good reason to process or store personal information.
- Gives a person a right to know what information is held about them.
- Allows a person to request information about them is erased and that they are ‘forgotten’ — unless there is a reason not to do this — e.g. a loan account.
- Makes sure that personal information is properly protected. New systems must have protection designed into them (Privacy by Design). Access to data is strictly controlled and only given when required (Privacy by Default).
- If data is lost, stolen or is accessed without authority, the authorities must be notified and possibly the people whose data has been accessed may need to be notified also.
- Data cannot be used for anything other than the reason given at the time of collection.
- Data is securely deleted after it is no longer needed.
- Allows national authorities to impose fines on companies breaching the regulation. These fines can be up to €20 million or 4% of the businesses global turnover — whichever is higher.
What information do you hold on me?
Whenever you use one of the forms on this website to contact us or send us other information we keep a record of these form transmissions in our secure online database and in our email inbox. We may collect your personal details as name, email, and any other information you sent to us by either using a form on this website or by using a direct email link in other offline ways such as an Excel spreadsheet or custom made database.
Why do you keep my personal data?
We keep record of your personal data to be able to contact you now or in the future. We only contact you in relation to your original request. We will not use your personal data for any other purposes like newsletters (unless you explicitly told us to do so) or sell/give your personal data to third parties.
Who has access to my personal data?
Anyone who works at Ennis Street Arts Festival can have access to your personal data.
What happens in case of a security breach?
In the unlikely event your data is lost, stolen or accessed without authority you and the Data Protection Commissioner will be notified within 72 hours.
How can I control my personal data?
To see the exact information we hold on you, use the form and we will send you a copy of all data we have stored in our database. You can also use the form to request us to completely remove your data from our database. Note that we might ask you to verify your identity before we send you your personal data.
Please provide us with the email address you used to register/contact us. We cannot remove your data or send you a copy of your data if we don’t have the exact same email address.