Privacy & Data Protection
Last Updated 21 May 2019
The Alderney Literary Trust (the Trust) is committed to protecting your privacy. We are a controller under the definitions of the General Data Protection Regulation (GDPR). All personal information is processed in accordance with the General Data Protection Regulation 2016/679 and the The Data Protection (Bailiwick of Guernsey) Law, 2017 – Registered No: 12854.
This privacy notice explains how the Trust processes your personal information when you visit our website, or if we collect, store or share your personal data as part of the legitimate interests of our business. It also explains how we will protect your information and personal data, and the controls and safeguards we provide for this data. This includes understanding, at all times, precisely what data we are storing for and about you, who (if anyone) can see that data, and whether you give permission for that data to be shared with third-parties.
The processing of personal data, such as the name, address, e-mail address, or telephone number shall always be in line with the General Data Protection Regulation 2016/679 and the Data Protection (Bailiwick of Guernsey) Law, 2001.
By means of this data protection declaration, we would like to inform you of the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, this data protection declaration provides data subjects (you) information on the rights to which they (you) are entitled.
Your Privacy is Important to Us
To protect your privacy, the Trust aims to observe the following fundamental principles:
We don’t ask you for personal information unless we have a genuine need for it.
We don’t share your personal information with anyone except to comply with the law or protect our rights.
We don’t store personal information on our servers unless it is required for us to manage our website and/or business.
What Personal Data We Collect and Why We Collect It
The Trust collects individually identifiable information from subscribers and others for administrative and financial purposes; to facilitate communication; deliver reports; and meet regulatory requirements. In most cases, the personal data we collect is limited to your name, address (for online ticket customers), and email address .
Most of the information we collect is provided by the data subject themselves in the form of emails and other forms of correspondence, as well as registering to receive the newsletter, and buying tickets online. Where such information is provided on a voluntary basis, it is deemed to have been provided with the data subject’s consent.
This is not an eCommerce website and we do not collect any transactional data. As part our normal operations, the Trust uses financial institutions, such as NatWest Bank, and PayPal to provide various services which may involve processing data on our behalf. The Trust takes all reasonable endeavours to ensure all our subscribers and customers’ data is secure and is committed to only engage with third-parties who can offer us equal assurance.
Who We Share Your Data With
The Trust does not share any of the personal data we collect. It is also careful not to disclose/distribute any personally-identifying and/or potentially personally-identifying information other than on a need to know basis. This includes disclosing personally-identifying and/or potentially personally-identifying information in response to a subpoena, court order or other governmental request, or when the Trust believes, in good faith, that disclosure is necessary to protect third parties, or the public at large.
The Trust does not receive personal data from third parties nor do we send the personal data we hold to third parties.
All the personal information we hold is stored on computers and servers in the Bailiwick of Guernsey (UK). However, the alderneyliterarytrust.com website is located on servers within the European Union and United States of America.
How We Protect Your Data
The Trust is committed to protecting your privacy. Access to such information is limited to a ‘need to know’ basis and, wherever possible, we encrypt and back-up any personal data we hold on data subjects. We also take steps to protect any non-digital documents that contain personal information.
As, in most cases, the personal data we collect is limited to your name, address, and e-mail address, it is unlikely that a data breach is likely to result in a high risk to the rights and freedoms of any individuals. However, as soon as we become aware of a data breach, we will immediately take steps to inform those data subjects who may be impacted by the breach.
Contacting Us About Your Data
If you have subscribed to our Newsletter or bought tickets online, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
We will endeavour to respond within 48 hours. However, in the event that we fail to respond, or you wish to make a formal complaint, you should address this to:
The Office of the Data Protection Commissioner
Guernsey Information Centre
St Peter Port
Guernsey, GY1 2LQ