Donate Button

GDPR Data Protection Policy

1. Purpose

This policy outlines how Diverse Artists Network (DAN) collects, uses, stores, and protects personal data in accordance with the General Data Protection Regulation (GDPR). We are committed to safeguarding the rights of all individuals whose data we collect, including community members, artists, volunteers, and partners.

2. Scope

This policy applies to:

  • All staff, volunteers, and contractors of Diverse Artists Network
  • All personal data processed by the organisation, including data relating to community members, artists, event participants, and other individuals we engage with

3. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Processing: Any operation performed on personal data (collection, storage, use, etc.).
  • Data Subject: The individual to whom the personal data relates.
  • Data Controller: The entity that determines the purposes and means of processing personal data.
  • Data Processor: A third party that processes data on behalf of the data controller.

4. Data Protection Principles

We adhere to the following GDPR principles:

  • Lawfulness, fairness, and transparency
  • Purpose limitation
  • Data minimization
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality
  • Accountability

5. Lawful Basis for Processing

Diverse Artists Network ensures all data processing is based on at least one lawful basis:

  • Consent
  • Contract
  • Legal obligation
  • Vital interests
  • Public task
  • Legitimate interests

6. Data Subjects’ Rights

We support the following rights of data subjects:

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure (“right to be forgotten”)
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights in relation to automated decision-making and profiling

7. Data Security

We implement appropriate technical and organisational measures including:

  • Secure storage of physical and digital records
  • Access control and password protection
  • Regular training for staff and volunteers
  • Incident response planning and review

8. Data Retention

Personal data will be retained only as long as necessary for the purposes for which it was collected. We maintain a retention schedule to ensure data is not held longer than required.

9. Third Parties

All third parties processing personal data on our behalf must provide guarantees that they comply with GDPR. This includes partners, sponsors, and service providers.

10. Data Breach Notification

In the event of a data breach, we will notify the appropriate supervisory authority within 72 hours. We will also inform affected individuals where there is a high risk to their rights and freedoms.

11. Contact

For questions or requests related to this policy, contact:

Deborah Baddoo
Email: manager@diverseartistsnetwork.com

Leave a Reply

Your email address will not be published. Required fields are marked *