×
Join Book News Donate
   

Privacy Policy

The Lawnmowers Independent Theatre Company Privacy Policy

The Lawnmowers Company

The Lawnmowers Independent Theatre Company (“The Lawnmowers”) is a registered charity (no. 1084229) and a company limited by guarantee (no. 3995521), registered at The Lawnmowers Arts Centre, Former Pelaw Youth Centre, Shields Road, Pelaw, Gateshead, Tyne and Wear, NE 10 0QD

The Lawnmowers is a producing theatre-arts company run by and for people with learning difficulties.  The Lawnmowers offers events and training on our premises and at external events.

Why is Your Data Important?

You have rights on how we use your personal data.  Your personal data is yours.  It belongs to you.  For the purposes of data protection, you have merely loaned The Lawnmowers your data for one or more specific purposes but not to use how we like and not indefinitely.  

Personal information is not anonymous.  Anonymous data, such as statistics, is information where any personal identifiers have been removed.

The General Data Protection Regulations (GDPR)

In May 2018 the law changes about how companies record, store and use individuals’ personal data. Currently the Data Protection Act covers how data is managed, but the new GDPR law means we have to change some of our working practices and we want to tell you why we hold your data, what we can use it for and how long we expect to retain it.  

GDPR includes the following rights for individuals:

  1. Right to be informed;
  2. Right of access;
  3. Right of rectification;
  4. Right to erasure;
  5. Right to restrict processing;
  6. Right to data portability (if obtained through consent or for the performance of a contract);
  7. Right to object; and
  8. Right not to be subject to automated decision making including profiling.

Personal Identifiable Data and Sensitive Data

The Lawnmowers holds data that is personal with some of it defined as personal sensitive data or special categories of personal data.  Personal information, or personal data, refers to any information that can identify you as an individual.  Personal sensitive data falls into special categories that are:

  1. The racial or ethnic origin of the subject;
  2. The subject’s political opinions;
  3. The subject’s religious beliefs or beliefs of a similar nature;
  4. Whether the subject is a member of a trade union;
  5. Information on the subject’s physical or mental health condition;
  6. Information on the subject’s sexual life;
  7. The commission or alleged commission of an offence by the data subject; and
  8. Information relating to the commission or alleged commission of an offence by the data subject.

Data Controller

Lawnmowers is the Data Controller and is the organisation responsible for processing of your data.  As a data controller Lawnmowers is responsible for demonstrating compliance with the GDPR

Principles.  Lawnmowers must make sure your personal data is:

  1. Processed lawfully, fairly and in a transparent manner in relation to individuals;
  2. Collected for specified, explicit and legitimate purposes only;
  3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  4. Accurate and, where necessary, kept up to date;
  5. Kept in a form which permits identification of data subjects for no longer than is necessary;
  6. Processed in a manner that ensures appropriate security of the personal data.

People At Lawnmowers Who Process Your Data

The individual responsible for processing data is Dawn Redhead dawn.redhead@lawnmowerstheatre.com.  

Lawnmowers staff will process data who will include Ian Mackintosh ian.mackintosh@lawnmowerstheatre.com,

Sally Keys sally.keys@lawnmowerstheatre.com, Wendy Patterson wendy.patterson@lawnmowerstheare.com .

Lawful Basis:  Processing Conditions

The Lawnmowers has to make sure it has a lawful basis to process your data either because:

  1. We have consent;
  2. It is necessary for a contractual arrangement;
  3. It is necessary for a legal obligation that applies to us;
  4. It is in an individual’s vital interest (a life or death situation);
  5. It is necessary for administering justice;
  6. We have a legitimate interest to process.

Personal Data We Hold

A data subject is an individual who may have a relationship with Lawnmowers.  Data we may hold will vary according to the relationship we have with you and whether we have obligations under safeguarding and vulnerable adults and children polices.  

We hold data on Core member artists with learning difficulties, care workers and emergency contacts, community volunteers, youth group members, drop-in participants, employees, freelance artists, trustees, networks.  Personal data such as sole trader names and details, project participant data etc. may also be found in our financial and fundraising department.  Some of the data we hold is defined as sensitive data and whether we collect it depends on our relationship.  The tables below indicate the types of data we may hold on you.

Core Members

Contact Sheets
Health, medical data and specific condition information
Further Personal Information Sheets 
Diversity monitoring data
Consent Forms: Data processing, publicity, transport use
Personal Progression Data
Impact Evidence Data
Managerial and Reporting Data
Expenses Sheets
Attendance Records
Safeguarding and Health and Safety Data
Publicity & promotional material

Carers and Keyworkers

Contact Sheets
Consent Forms: Data processing, publicity
Personal Progression Data
Impact Evidence Data
Managerial and Reporting Data
Safeguarding and Health and Safety Data
Publicity & Promotional Material

Community Volunteers

Contact Sheets
Health, medical data and specific condition information
Further Personal Information Sheets 
Diversity monitoring data
Consent Forms: Data processing, publicity, transport use
Personal Progression Data
Impact Evidence Data
Managerial and Reporting Data
Expenses Sheets
Attendance Records
Safeguarding and Health and Safety Data
DBS and Identity Forms
Publicity & promotional material

Youth Group Members

Contact Sheets
Health, medical data and specific condition information
Further Personal Information Sheets 
Diversity monitoring data
Consent Forms: Data processing, publicity, transport use
Personal Progression Data
Impact Evidence Data
Managerial and Reporting Data
Attendance Records
Safeguarding and Health and Safety Data
Publicity & promotional material

Drop-in Participants

Contact Sheets
Diversity monitoring data
Consent Forms: Data processing, publicity
Personal Progression Data
Impact Evidence Data
Managerial and Reporting Data
Attendance Records
Safeguarding and Health and Safety Data
Publicity & promotional material

Employees

Contact Information
Recruitment Data
Payroll Information
Bank Details
Diversity monitoring data
DBS and Identity Information
Health & Wellbeing, Medical Data and Specific Condition Information
Contract of Employment
Personnel Information & Next of Kin Information
Employment History and Skills Capability
Performance and Development Information
Discipline and Grievance
Working Time Information
Consent Forms: Data processing, publicity
Personal Progression Data
Data sent to 3rd Parties: Pension, Bank Details, Auditors, Software Providers, HMRC
Future References
Impact Evidence Data
Managerial and Reporting Data
Expenses Sheets
Attendance Records
Safeguarding and Health and Safety Data
Publicity & promotional material

Freelance Artists

Contact & Recruitment Data
Invoice Data
PLI Insurance Certification
Bank Details
Next of Kin Information
Health & Wellbeing, Medical Data and Specific Condition Information
Diversity monitoring data
References and Future References
DBS and Identity Information
Contract for Services Information
Appraisal Information
Consent Forms: Data processing, publicity, evaluation and reporting, media
Impact Evidence Data
Managerial and Reporting Data
Expenses Sheets & Invoices Submitted
Attendance Records
Safeguarding and Health and Safety Data
Publicity & promotional material

Trustees

Trustee Contact Information
Applicant Information
Consent to be a Director/Trustee Information
Identification Documentation
Health, medical data and specific condition information
Diversity monitoring data
Consent Forms: Data processing, publicity
Managerial and Reporting Data
Expenses Evidence
Safeguarding and Health and Safety Data
Publicity & promotional material

Finance and Contractual Relationships (including networks, grant fundraising, personal donors and earned income)

Invoices In/Out – Organisations and individuals including organisational contact names
Payment Information (including method)
Bank Details – organisations and sole traders 
Budget Reports and Management Account Information
Earned and Personal Donor Funder Income Information 
Payroll & Expenses data
Managerial and Reporting Data
Funder Bids & Reports
Personal Budget Invoice and Personal Plan Information
Networks – contact details and information records
Suppliers – contact details & contracts
Venues – contact details and contracts

Marketing, Data Sharing and Use of Anonymous Data:

  1. Lawnmowers does not sell individual’s data;
  2. Data may be processed in line with funding agreements/partnerships (the data is generally anonymised); 
  3. Those that consent will receive marketing emails telling viewers of upcoming events at Lawnmowers;
  4. If you have consented to be on our mailing list we will take your first name, last name, email address and location (if you provide it) so that we can send you information about our events.
  5. The Lawnmowers uses Mailchimp to distribute event and marketing information.  We ensure that Mailchimp is GDPR compliant by keeping a copy of their up to date privacy policy at Lawnmowers.

How The Lawnmowers Uses Data:

The Lawnmowers generally anonymises reporting evidence.  We will obtain, store and use data for many reasons depending on our relationship with you.  In particular to:

  1. Promote the organisation and keep interested parties up to date with upcoming events;
  2. Safeguard members and participants with learning difficulties;
  3. Support the effective management and administration of the organisation;
  4. Document activities, training and impact for those taking part in Lawnmowers activities;
  5. Use as evidence in funding bids and evidence of need;
  6. Research projects;
  7. Learn from past plans and programmes and inform future plans;
  8. Record those that have given money or services in support of The Lawnmowers;
  9. Keep in touch with future collaborators;
  10. Employ people, recruit people and manage relationships;
  11. Contract with suppliers;
  12. Evidence need;
  13. Meet our legal obligations.

Storing Data:

To protect individual’s privacy The Lawnmowers ensures it uses secure processes, procedures and databases to hold data.  Privacy notices will outline how each type of data is secured. General practice should include:

  1. Use of locked filing cabinets or similar where data is stored on paper, memory sticks or other physical items;
  2. Shredding of paper data that is no longer required;
  3. Computer log in passwords that are strong, not shared and changed regularly;
  4. Restrictions on access levels and use of passwords where data is stored on a cloud-based system or network;
  5. Use of portable, password protected hard drives with authorised access procedures;
  6. Password protected company mobile phone for contact with carers and members during events;
  7. Password protected company email;
  8. Only using third party processors, which includes cloud-based systems, who comply with data protection principles;
  9. Not saving data to personal computers or similar devices;
  10. The Lawnmowers will retain and process data to fulfil the purposes for which it is collected only; 
  11. Destruction or archiving will be conducted securely.

Children/young people:

The Lawnmowers designs and runs projects for young people with learning difficulties.  This will involve collecting data about the young participants.  Parents and guardians will be required to provide consent and information for children under the age of 16.

The Lawnmowers works with schools and other youth groups and providers.  In these circumstances the collaborating organisation or partner will retain information.  Lawnmowers will only collect information from participants if we host an event such as a young people’s workshop.  In these instances, information may include (but not be limited to):

  1. Names;
  2. Ages;
  3. School information;
  4. Evaluation comments and feedback;
  5. Access requirements.

Data used for reporting purposes is anonymised.

Third Party Providers

Where 3rd party providers, such as pension providers, process individual’s data, we will obtain privacy policies to ensure they are GDPR compliant.

Examples of 3rd parties include:

  1. HMRC;
  2. Social Services (Individual Budgets);
  3. Accountants and Auditors;
  4. Stakeholders and Funders;
  5. Software Finance System Providers;
  6. Bank (BACS);
  7. Companies House Returns;
  8. Charity Commission Returns.

Cookies

Cookies log what visitors do on our website, as well as information provided by visitor’s computers, i.e. browser type. This data is anonymised and The Lawnmowers will not attempt to find out the identities of those visiting its website.  Lawnmowers uses Google Analytics to collect website hits and page clicks.

For information about cookies, including how to turn them off, visit www.aboutcookies.org .

Privacy notices:

The Lawnmowers aims to ensure that individuals are aware that their data is being processed and that they understand:

  1. The types of data held;
  2. What is held and the necessity for holding data;
  3. The purpose of collection;
  4. Who can access specific data;
  5. The security arrangements for data;
  6. The lawful basis for which we hold specific data;
  7. The retention limit or how long we hold specific data.

Privacy notices will be shared with individuals at the point of contact and made available online.

Subject Access Requests and Contact Information:

All individuals who are the subject of data held by The Lawnmowers are entitled to:

  1. Ask what information the company holds about them and why;
  2. Ask how to gain access to it;
  3. Be informed how to keep it up to date;
  4. Be informed how the company is meeting its data protection obligations.

If you would like a copy of some or all of the data The Lawnmowers hold about you – please contact the person responsible for processing your request (Dawn Redhead dawn.redhead@lawnmowerstheatre.com), 0191 4789200.

On the receipt of a subject access request The Lawnmowers will respond within 30 days.  We will inform you of the procedure for access requests (formally called a Subject Access Request or SAR).  

The Right to Be Forgotten or the Right to Erasure:

Data subjects have the right to be ‘forgotten’.  If requested The Lawnmowers will erase data held on individuals as far as reasonably or legally possible.

To request The Lawnmowers delete data please contact Dawn Redhead dawn.redhead@lawnmowerstheatre.com

Ongoing review of measures to ensure compliance:

Meeting the obligations of the GDPR to ensure compliance will be an ongoing process. The Lawnmowers will regularly review its policy and processes to ensure compliance.  

Any Questions?

If you have questions about your personal data or our privacy policy please contact our Dawn Redhead dawn.redhead@lawnmowerstheatre.com or phone 0191 4789200. 

Information Commissioners Office

You may also contact the Information Commissioners Officer at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or at www.ICO.org.uk .