Eisteddfod Genedlaethol Cymru (The National Eisteddfod of Wales) is committed to protecting your personal information and being transparent about what information we hold about you.
Under GDPR (General Data Protection Regulation) we are responsible for ensuring that:
Using personal information helps us to better understand our customers and in turn to provide you with relevant and timely information about the work that we do. As a charity, it also helps us to engage with potential donors and supporters.
This notice explains how we use your personal information in accordance with GDPR and all other applicable laws concerning the protection of personal information. This notice explains:
The personal information described in this notice is collected from you through the following channels:
If you have any queries about this notice, please contact the Data Protection Officer at the National Eisteddfod of Wales firstname.lastname@example.org
Who we are
Eisteddfod Genedlaethol Cymru is a registered charity – number 1155539. The registered address is 40 Parc Ty Glas, Llanishen, Cardiff CF14 5DU.
We collect, process and hold various types of information:
Information you give us
For example, when you create an account on our website, buy tickets or make a donation, we will store personal information which will include some of the following:
Information about your interactions with us
When you visit our website, book a ticket or other product for the Eisteddfod, make a donation or receive a marketing communication from us we will make a record. This will include:
Sensitive personal data
Data Protection law recognises that certain categories of personal information are more sensitive such as health information, race, religious beliefs and political opinions. We do not usually collect this type of information about our customers unless there is a clear reason for doing so.
Where is personal information collected and stored?
The National Eisteddfod of Wales is data controller for the data we collect and store. Data is collected and stored through the following systems and platforms
Your personal information will not be subjected to automated processing which would negatively impact on any individual
How do we use your personal data?
There are three bases under which we may process your data:
When you buy tickets or other product from us or make a donation to us, you are entering into a contract with us. In order to perform this contract we need to process and store your data. The instances in which this legal basis will apply are:
We will ask for your consent before using your personal information in the following instances. You can withdraw your consent at any time and you can do this by logging into your account or calling the Box Office. The instances in which consent is the legal basis of our processing are:
Legitimate business interests
In certain situations we collect and process your personal information for purposes that are in our legitimate organisational interests. We only do this if there is no overriding prejudice to you by using your personal information in this way. The situations in which we use legitimate interest as the legal basis for processing are as follows:
In all of the above cases we will always keep your rights and interests at the forefront to ensure they are not overridden by our own interests or fundamental rights and freedoms. You have the right to object to any processing at any time. If you wish to do this please use the contact details at the end of this policy. Please bear in mind that this may affect our ability to carry out tasks that are for your benefit.
In certain circumstances we may need to disclose your personal information to third parties. These circumstances are:To our own service providers who process data on our behalf and on our instructions (for example our Box Office System supplier). In these cases we require that these third parties comply strictly with our instructions and with data protection laws, for example around security of personal data.
Where we are under a duty to disclose your personal information in order to comply with any legal obligation (for example to government bodies and law enforcement agencies).
Please note that we do not share share data and will never ask for your consent to do this.
We use a mixture of essential and non-essential cookies as part of the online booking process in order to ensure you have the best possible experience:
ESSENTIAL COOKIES In order to keep track of your order it is essential that we store a "session cookie" on your computer. This cookie will last for 24 hours.
NON-ESSENTIAL COOKIES We use a few non-essential cookies to customise your booking experience and help make it easier and more enjoyable for you. These extra cookies are used to store thinks like your login details so you will be automatically logged in each time you visit our site.
Before storing any of these cookies for the first time, we will alert you and ask your permission before proceeding. If you do not wish to store these cookies you will not be able to use that particular feature, but the rest of the site will continue to work correctly.
Your debit and credit card information
If you use your credit or debit card to purchase from us or to make a donation, we will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). You can find more information about this standard here. We optionally allow you to store your card details for use in a future transaction. This is carried out in compliance with PCI-DSS and in a way where none of our staff members are able to see your full card number. We never store your 3 or 4 digit security code.
Retention of personal information
Your personal information will only be held for as long as necessary. If you sign up to receive emails from us, we will periodically check with you that you continue to wish to hear from us. The option to unsubscribe is on all of our email communications.
We retain CCTV footage for 30 days.
We will hold any written communications from and with you for 6 years. We delete and destroy all data records which no longer need to be held.
Maintaining your personal information
You can review the personal contact details we hold for you at any time by logging into your online account or by calling the Box Office. You can also update and change your details at any time this way.
Security of your personal information
The security of your personal information is of paramount importance. We have put in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your personal information as secure as possible. We will ensure that any third parties we use for processing your personal information do the same.
Access to your personal information
You have a right to request a copy of the personal information that we hold about you and to have any inaccuracies in this data corrected. You may use the contact details at the end of this policy if you would like to exercise this right.
Under the General Data Protection Regulations you have the following rights:
1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object 8. Rights in relation to automated decision making and profiling.
Contact details and further information
Data Protection, National Eisteddfod of Wales, 40 Parc Ty Glas, Llanishen, Cardiff CF14 5DU
Any objections you make to any processing of your data will be stored against your record on our system so that we can comply with your requests.
This notice was last updated on 24 May 2018.