The Lawnmowers Independent Theatre Company Privacy Policy
The Lawnmowers Company
1. Introduction
We are The Lawnmowers Independent Theatre Company (LITC). We are a registered charity (no. 1084229) and a company limited by guarantee (no. 3995521), registered at The Lawnmowers Art Centre, Sheilds Road, Pelaw, Gateshead, Tyne and Wear, NE10 0QD.
The LITC is a producing theatre-arts organisation run by and for people with learning difficulties. We offer events and training, both on our premises and at external events, to a range of paying members and volunteers.
In order to carry out our business safely and effectively it is necessary to collect data on the different people we interact with. This Privacy Policy gives you detailed information about; what our responsibilities as a data controller are, what your rights are, what data we collect, why we collect data, how we use data, the legal basis for us collecting data how data is kept secure and details about who to contact if you have any queries or grievances regarding your personal data.
1.1 Data Controller
LITC is the Data Controller and is the organisation responsible for processing of your data. The LITC is committed to protecting the right of individuals in line with the Data Protection Act 2018 (DPA 2018) and UK General Data Protection Regulation (UK GDPR) principles.
LITC must make sure your personal data is:
- Processed lawfully, fairly and in a transparent manner in relation to individuals.
- Collected for specified, explicit and legitimate purposes only.
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Accurate and, where necessary, kept up to date.
- Kept in a form which permits identification of data subjects for no longer than is necessary.
- Processed in a manner that ensures appropriate security of the personal data.
1.2 Why Is Your Data Important?
You have rights regarding how we use your personal data. Your personal data is yours and it belongs to you. For the purposes of data protection, you have merely loaned LITC your data for one or more specific purposes, we cannot use it however we wish and cannot keep indefinitely.
1.3 Your Rights Under UK GDPR
UK GDPR regulations include the following rights for individuals:
- Right to be informed.
- Right of access.
- Right of rectification.
- Right to erasure.
- Right to restrict processing.
- Right to data portability (if obtained through consent or for the performance of a contract).
- Right to object.
- Right not to be subject to automated decision-making including profiling.
Personal information is not anonymous. Anonymous data, such as statistics, is information where any personal identifiers have been removed.
1.4 Personal Identifiable Data and Sensitive Data
LITC holds data that is personal with some of it defined as personal sensitive data or special categories of personal data. Personal information, or personal data, refers to any information that can identify you as an individual. Whether we collect sensitive data on you depends on our relationship. Personal sensitive data falls into special categories:
- The racial or ethnic origin of the subject.
- The subject’s political opinions.
- The subject’s religious beliefs or beliefs of a similar nature.
- Whether the subject is a member of a trade union.
- Information on the subject’s physical or mental health condition.
- Information on the subject’s sexual life.
- The commission or alleged commission of an offence by the data subject; and
- Information relating to the commission or alleged commission of an offence by the data subject.
2. Personal Data We Collect
A data subject is an individual who may have a relationship with LITC. Data we collect will vary according to; the relationship we have with you, whether we have obligations under any of our safeguarding policies or any legal obligations we have to funders and regulatory bodies.
We hold data on core member, care workers and emergency contacts, community members, volunteers, youth group members, drop-in participants, employees, freelance artists, trustees, networks and personal data such as sole trader names and details. Project participant data may also be found in our financial and fundraising department. The lists below indicate the types of data we may hold on you depending on our relationship.
2.1 Core Members
- Contact and personal information sheets
- Health, medical data and specific condition information
- Further personal information
- Diversity monitoring data
- Consent form
- Legitimate interest form
- Personal progression data
- Impact evidence data
- Managerial and reporting data
- Expense sheets
- Attendance registers
- Safeguarding and health and safety data
- Publicity and promotional material
- Security data
2.2 Carers and Emergency Contacts
- Contact and personal information sheets
- Personal progression data
- Impact evidence data
- Managerial and reporting data
- Safeguarding and health and safety data
- Publicity and promotional material
- Security data
2.3 Community Members
- Contact and personal information sheets
- Health, medical data and specific condition information
- Further personal information
- Diversity monitoring data
- Consent form
- Legitimate interest form
- Personal progression data
- Impact evidence data
- Managerial and reporting data
- Expense sheets
- Attendance registers
- Safeguarding and health and safety data
- Publicity and promotional material
- Security data
2.4 Youth Group Members
- Contact and personal information sheets
- Health, medical data and specific condition information
- Further personal information
- Diversity monitoring data
- Consent form
- Legitimate interest form
- Personal progression data
- Impact evidence data
- Managerial and reporting data
- Attendance registers
- Safeguarding and health and safety data
- Publicity and promotional material
- Security data
2.5 Drop-in Participants
- Contact and personal information sheets
- Health, medical data and specific condition information
- Further personal information
- Diversity monitoring data
- Consent form
- Legitimate interest form
- Personal progression data
- Impact evidence data
- Managerial and reporting data
- Expense sheets
- Attendance registers
- Safeguarding and health and safety data
- Publicity and promotional material
- Security data
2.6 Volunteers
- Contact and personal information sheets
- Health, medical data and specific condition information
- Further personal information
- Diversity Monitoring
- Consent form
- Legitimate interest form
- Impact evidence data
- Managerial and reporting data
- DBS and identity forms
- Expense sheets
- Attendance registers
- Safeguarding and health and safety data
- Publicity and promotional material
- Security data
2.7 Employees
- Contact and Personal Information Sheets
- Health and Wellbeing, Medical Data and Specific Condition Information
- Further Personal Information
- Consent Forms
- Legitimate \interest Form
- Diversity and Monitoring
- Recruitment Data
- Payroll Information
- Contact and Training Data
- Performance and Development Data
- Discipline and grievance
- Health and Wellbeing Data
- Working Time Data
- Employee Surveys
- Information sent from 3rd Parties: Pension, Bank Details, Auditors, Software Providers, HMRC
- Impact Evidence Data
- Managerial Reporting Data
- Safeguarding and Health and Safety Data
- Security data
- Publicity and Promotional Material
2.8 Freelance Artists
- Contact and personal information sheets
- Health, medical data and specific condition information
- Further personal information
- Recruitment Data, DBS and Identity Information
- Diversity monitoring information
- References and future references
- DBS and identity information
- Contract and Training Data
- Consent form
- Legitimate interest form
- Impact evidence data
- Managerial and reporting data
- Safeguarding and health and safety data
- Publicity and promotional material
- Security data
2.9 Trustees
- Contact and personal information sheets
- Health, medical data and specific condition information
- Further Information
- Consent form
- Legitimate interest form
- Applicant information
- Director and Trustee Information
- Identification documentation
- Diversity monitoring information
- Impact evidence data
- Managerial and reporting data
- Safeguarding and health and safety data
- Publicity and promotional material
- Security data
2.10 Finance and Contractual Relationships (including networks, grant fundraising, personal donors and earned income)
- Invoices in/out – organisations and individuals including organisational contact names
- Payment information (including method)
- Bank details – organisations and sole traders
- Budget reports and management account information
- Earned and personal donor funder income information
- Payroll and expense data
- Managerial and reporting data
- Funder bids and reports
- Personal budget invoices and personal plan
- Networks- contact details and contracts
- Suppliers – contact details and contracts
- Venues – contact details and contracts
3. Why and How LITC Uses Data:
LITC will obtain, store and use data for many reasons depending on our relationship with you. We collect data to:
- Promote the organisation and keep interested parties up to date with upcoming events.
- Safeguard members and participants with learning difficulties.
- Support the effective management and administration of the organisation.
- Document activities, training and impact for those taking part in LITC activities.
- Use as evidence in funding bids (this is generally anonymised where possible).
- Research and evaluate projects.
- Learn from past projects and programmes to inform future plans.
- Record those that have given money or services in support of the organisation.
- Keep in touch with future collaborators.
- Employ people, recruit people and manage relationships.
- Contact suppliers and contractors.
- Meet our legal obligations.
- Safeguard members and staff
3.1 Who We Share Data With
LITC categorically DOES NOT sell individual’s personal data. However, data may be shared with relevant members of staff at LITC for safe and effective running of operations. We also may share your data with 3rdparty providers who process data on our behalf. Where this is applicable, we will obtain privacy policies of these 3rd parties to make sure they are GDPR compliant.
Examples of 3rd parties include:
- HMRC.
- Social Services (Individual Budgets).
- Accountants and Auditors.
- Stakeholders and Funders.
- Software Finance System Providers.
- Bank (BACS).
- Companies House Returns.
- Charity Commission Returns.
- Marketing and Sales Systems.
- Building Security Providers
3.2 Cookies
What are cookies?
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.
For further information, visit allaboutcookies.org
How do we use cookies?
The Lawnmowers uses cookies to help us understand how you use our website to help us find ways to improve your experience on our website.
What types of cookies do we use?
There are several different types of cookies, however, our website uses:
- Functionality – LITC uses these cookies so that we recognise you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.
- Advertising – LITC uses these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address. LITC sometimes shares some limited aspects of this data with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our website.
How to manage cookies
You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.
4. Lawful Basis: Processing Conditions
LITC must make sure it has a lawful basis to collect and process your data. LITC collects and processes your data either because:
- We have consent.
- It is necessary for a contractual arrangement.
- It is necessary for a legal obligation that applies to us.
- It is in an individual’s vital interest (a life-or-death situation).
- It is necessary for administering justice.
- We have a legitimate interest to process.
5. Storing Data:
To protect individual’s privacy LITC ensures it uses secure processes, procedures and databases to hold data. Individual Privacy Notices will outline how each type of data is secured. General practices include:
- Use of locked filing cabinets or similar where data is stored on paper, memory sticks or other physical items.
- Shredding of paper data that is no longer required.
- Computer log in passwords that are strong, not shared and changed regularly.
- Restrictions on access levels and use of passwords where data is stored on a cloud-based system or network.
- Use of portable, password protected hard drives with authorised access procedures.
- Password protected company mobile phone for contact with carers and members during events.
- Password protected company email.
- Only using third party processors, which includes cloud-based systems, who comply with data protection principles.
- Not saving data to personal computers or similar devices.
- The Lawnmowers will retain and process data to fulfil the purposes for which it is collected only.
- Destruction or archiving will be conducted securely.
6. Privacy Notices
The Lawnmowers aims to ensure that individuals are aware that their data is being processed and that they understand:
- The types of data held.
- What is held and the necessity for holding data.
- The purpose of collection.
- Who can access specific data.
- The security arrangements for data.
- The lawful basis for which we hold specific data.
- The retention limit or how long we hold specific data.
Individual Privacy Notices will be shared with individuals at the point of contact and made available online. The Individual Privacy Notices will differ depending on your relationship with LITC, so the information is specific and relevant to you.
7. Subject Access Requests and Contact Information
All individuals who are the subject of data held by LITC are entitled to:
- Ask what information the company holds about them and why.
- Ask how to gain access to it.
- Be informed how to keep it up to date.
- Be informed how the company is meeting its data protection obligations.
If you would like a copy of some or all the data LITC hold about you – please contact us via [operations@lawnmowerstheatre.com]
On the receipt of a subject access request LITC will respond within 30 days. We will inform you of the procedure for access requests (formally called a Subject Access Request or SAR).
8. The Right to Be Forgotten or the Right to Erasure:
Data subjects have the right to be ‘forgotten’. If requested The Lawnmowers will erase data held on individuals as far as reasonably or legally possible.
To request LITC to delete data please contact [operations@lawnmowerstheatre.com]
9. Ongoing review of measures to ensure compliance:
Meeting the obligations of the GDPR to ensure compliance will be an ongoing process. LITC will regularly review its policy and processes to ensure compliance.
10. Information Commissioners Office
You may also contact the Information Commissioners Officer at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or at www.ICO.org.uk .
1. Introduction
We are The Lawnmowers Independent Theatre Company (LITC). We are a registered charity (no. 1084229) and a company limited by guarantee (no. 3995521), registered at The Lawnmowers Art Centre, Sheilds Road, Pelaw, Gateshead, Tyne and Wear, NE10 0QD.
The LITC is a producing theatre-arts organisation run by and for people with learning difficulties. We offer events and training, both on our premises and at external events, to a range of paying members and volunteers.
In order to carry out our business safely and effectively it is necessary to collect data on the different people we interact with. This Privacy Policy gives you detailed information about; what our responsibilities as a data controller are, what your rights are, what data we collect, why we collect data, how we use data, the legal basis for us collecting data how data is kept secure and details about who to contact if you have any queries or grievances regarding your personal data.
1.1 Data Controller
LITC is the Data Controller and is the organisation responsible for processing of your data. The LITC is committed to protecting the right of individuals in line with the Data Protection Act 2018 (DPA 2018) and UK General Data Protection Regulation (UK GDPR) principles.
LITC must make sure your personal data is:
- Processed lawfully, fairly and in a transparent manner in relation to individuals.
- Collected for specified, explicit and legitimate purposes only.
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Accurate and, where necessary, kept up to date.
- Kept in a form which permits identification of data subjects for no longer than is necessary.
- Processed in a manner that ensures appropriate security of the personal data.
1.2 Why Is Your Data Important?
You have rights regarding how we use your personal data. Your personal data is yours and it belongs to you. For the purposes of data protection, you have merely loaned LITC your data for one or more specific purposes, we cannot use it however we wish and cannot keep indefinitely.
1.3 Your Rights Under UK GDPR
UK GDPR regulations include the following rights for individuals:
- Right to be informed.
- Right of access.
- Right of rectification.
- Right to erasure.
- Right to restrict processing.
- Right to data portability (if obtained through consent or for the performance of a contract).
- Right to object.
- Right not to be subject to automated decision-making including profiling.
Personal information is not anonymous. Anonymous data, such as statistics, is information where any personal identifiers have been removed.
1.4 Personal Identifiable Data and Sensitive Data
LITC holds data that is personal with some of it defined as personal sensitive data or special categories of personal data. Personal information, or personal data, refers to any information that can identify you as an individual. Whether we collect sensitive data on you depends on our relationship. Personal sensitive data falls into special categories:
- The racial or ethnic origin of the subject.
- The subject’s political opinions.
- The subject’s religious beliefs or beliefs of a similar nature.
- Whether the subject is a member of a trade union.
- Information on the subject’s physical or mental health condition.
- Information on the subject’s sexual life.
- The commission or alleged commission of an offence by the data subject; and
- Information relating to the commission or alleged commission of an offence by the data subject.
2. Personal Data We Collect
A data subject is an individual who may have a relationship with LITC. Data we collect will vary according to; the relationship we have with you, whether we have obligations under any of our safeguarding policies or any legal obligations we have to funders and regulatory bodies.
We hold data on core member, care workers and emergency contacts, community members, volunteers, youth group members, drop-in participants, employees, freelance artists, trustees, networks and personal data such as sole trader names and details. Project participant data may also be found in our financial and fundraising department. The lists below indicate the types of data we may hold on you depending on our relationship.
2.1 Core Members
- Contact and personal information sheets
- Health, medical data and specific condition information
- Further personal information
- Diversity monitoring data
- Consent form
- Legitimate interest form
- Personal progression data
- Impact evidence data
- Managerial and reporting data
- Expense sheets
- Attendance registers
- Safeguarding and health and safety data
- Publicity and promotional material
- Security data
2.2 Carers and Emergency Contacts
- Contact and personal information sheets
- Personal progression data
- Impact evidence data
- Managerial and reporting data
- Safeguarding and health and safety data
- Publicity and promotional material
- Security data
2.3 Community Members
- Contact and personal information sheets
- Health, medical data and specific condition information
- Further personal information
- Diversity monitoring data
- Consent form
- Legitimate interest form
- Personal progression data
- Impact evidence data
- Managerial and reporting data
- Expense sheets
- Attendance registers
- Safeguarding and health and safety data
- Publicity and promotional material
- Security data
2.4 Youth Group Members
- Contact and personal information sheets
- Health, medical data and specific condition information
- Further personal information
- Diversity monitoring data
- Consent form
- Legitimate interest form
- Personal progression data
- Impact evidence data
- Managerial and reporting data
- Attendance registers
- Safeguarding and health and safety data
- Publicity and promotional material
- Security data
2.5 Drop-in Participants
- Contact and personal information sheets
- Health, medical data and specific condition information
- Further personal information
- Diversity monitoring data
- Consent form
- Legitimate interest form
- Personal progression data
- Impact evidence data
- Managerial and reporting data
- Expense sheets
- Attendance registers
- Safeguarding and health and safety data
- Publicity and promotional material
- Security data
2.6 Volunteers
- Contact and personal information sheets
- Health, medical data and specific condition information
- Further personal information
- Diversity Monitoring
- Consent form
- Legitimate interest form
- Impact evidence data
- Managerial and reporting data
- DBS and identity forms
- Expense sheets
- Attendance registers
- Safeguarding and health and safety data
- Publicity and promotional material
- Security data
2.7 Employees
- Contact and Personal Information Sheets
- Health and Wellbeing, Medical Data and Specific Condition Information
- Further Personal Information
- Consent Forms
- Legitimate \interest Form
- Diversity and Monitoring
- Recruitment Data
- Payroll Information
- Contact and Training Data
- Performance and Development Data
- Discipline and grievance
- Health and Wellbeing Data
- Working Time Data
- Employee Surveys
- Information sent from 3rd Parties: Pension, Bank Details, Auditors, Software Providers, HMRC
- Impact Evidence Data
- Managerial Reporting Data
- Safeguarding and Health and Safety Data
- Security data
- Publicity and Promotional Material
2.8 Freelance Artists
- Contact and personal information sheets
- Health, medical data and specific condition information
- Further personal information
- Recruitment Data, DBS and Identity Information
- Diversity monitoring information
- References and future references
- DBS and identity information
- Contract and Training Data
- Consent form
- Legitimate interest form
- Impact evidence data
- Managerial and reporting data
- Safeguarding and health and safety data
- Publicity and promotional material
- Security data
2.9 Trustees
- Contact and personal information sheets
- Health, medical data and specific condition information
- Further Information
- Consent form
- Legitimate interest form
- Applicant information
- Director and Trustee Information
- Identification documentation
- Diversity monitoring information
- Impact evidence data
- Managerial and reporting data
- Safeguarding and health and safety data
- Publicity and promotional material
- Security data
2.10 Finance and Contractual Relationships (including networks, grant fundraising, personal donors and earned income)
- Invoices in/out – organisations and individuals including organisational contact names
- Payment information (including method)
- Bank details – organisations and sole traders
- Budget reports and management account information
- Earned and personal donor funder income information
- Payroll and expense data
- Managerial and reporting data
- Funder bids and reports
- Personal budget invoices and personal plan
- Networks- contact details and contracts
- Suppliers – contact details and contracts
- Venues – contact details and contracts
3. Why and How LITC Uses Data:
LITC will obtain, store and use data for many reasons depending on our relationship with you. We collect data to:
- Promote the organisation and keep interested parties up to date with upcoming events.
- Safeguard members and participants with learning difficulties.
- Support the effective management and administration of the organisation.
- Document activities, training and impact for those taking part in LITC activities.
- Use as evidence in funding bids (this is generally anonymised where possible).
- Research and evaluate projects.
- Learn from past projects and programmes to inform future plans.
- Record those that have given money or services in support of the organisation.
- Keep in touch with future collaborators.
- Employ people, recruit people and manage relationships.
- Contact suppliers and contractors.
- Meet our legal obligations.
- Safeguard members and staff
3.1 Who We Share Data With
LITC categorically DOES NOT sell individual’s personal data. However, data may be shared with relevant members of staff at LITC for safe and effective running of operations. We also may share your data with 3rdparty providers who process data on our behalf. Where this is applicable, we will obtain privacy policies of these 3rd parties to make sure they are GDPR compliant.
Examples of 3rd parties include:
- HMRC.
- Social Services (Individual Budgets).
- Accountants and Auditors.
- Stakeholders and Funders.
- Software Finance System Providers.
- Bank (BACS).
- Companies House Returns.
- Charity Commission Returns.
- Marketing and Sales Systems.
- Building Security Providers
3.2 Cookies
What are cookies?
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.
For further information, visit allaboutcookies.org
How do we use cookies?
The Lawnmowers uses cookies to help us understand how you use our website to help us find ways to improve your experience on our website.
What types of cookies do we use?
There are several different types of cookies, however, our website uses:
- Functionality – LITC uses these cookies so that we recognise you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.
- Advertising – LITC uses these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address. LITC sometimes shares some limited aspects of this data with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our website.
How to manage cookies
You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.
4. Lawful Basis: Processing Conditions
LITC must make sure it has a lawful basis to collect and process your data. LITC collects and processes your data either because:
- We have consent.
- It is necessary for a contractual arrangement.
- It is necessary for a legal obligation that applies to us.
- It is in an individual’s vital interest (a life-or-death situation).
- It is necessary for administering justice.
- We have a legitimate interest to process.
5. Storing Data:
To protect individual’s privacy LITC ensures it uses secure processes, procedures and databases to hold data. Individual Privacy Notices will outline how each type of data is secured. General practices include:
- Use of locked filing cabinets or similar where data is stored on paper, memory sticks or other physical items.
- Shredding of paper data that is no longer required.
- Computer log in passwords that are strong, not shared and changed regularly.
- Restrictions on access levels and use of passwords where data is stored on a cloud-based system or network.
- Use of portable, password protected hard drives with authorised access procedures.
- Password protected company mobile phone for contact with carers and members during events.
- Password protected company email.
- Only using third party processors, which includes cloud-based systems, who comply with data protection principles.
- Not saving data to personal computers or similar devices.
- The Lawnmowers will retain and process data to fulfil the purposes for which it is collected only.
- Destruction or archiving will be conducted securely.
6. Privacy Notices
The Lawnmowers aims to ensure that individuals are aware that their data is being processed and that they understand:
- The types of data held.
- What is held and the necessity for holding data.
- The purpose of collection.
- Who can access specific data.
- The security arrangements for data.
- The lawful basis for which we hold specific data.
- The retention limit or how long we hold specific data.
Individual Privacy Notices will be shared with individuals at the point of contact and made available online. The Individual Privacy Notices will differ depending on your relationship with LITC, so the information is specific and relevant to you.
7. Subject Access Requests and Contact Information
All individuals who are the subject of data held by LITC are entitled to:
- Ask what information the company holds about them and why.
- Ask how to gain access to it.
- Be informed how to keep it up to date.
- Be informed how the company is meeting its data protection obligations.
If you would like a copy of some or all the data LITC hold about you – please contact us via [operations@lawnmowerstheatre.com]
On the receipt of a subject access request LITC will respond within 30 days. We will inform you of the procedure for access requests (formally called a Subject Access Request or SAR).
8. The Right to Be Forgotten or the Right to Erasure:
Data subjects have the right to be ‘forgotten’. If requested The Lawnmowers will erase data held on individuals as far as reasonably or legally possible.
To request LITC to delete data please contact [operations@lawnmowerstheatre.com]
9. Ongoing review of measures to ensure compliance:
Meeting the obligations of the GDPR to ensure compliance will be an ongoing process. LITC will regularly review its policy and processes to ensure compliance.
10. Information Commissioners Office
You may also contact the Information Commissioners Officer at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or at www.ICO.org.uk .You may also contact the Information Commissioners Officer at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or at www.ICO.org.uk .