Ciotóg Data Protection Policy and GPDR Statement
In accordance with the Data Protection Act of 1998 and the subsequent amendment in 2003, as well as EU’s General Data Protection Regulation (GDPR), effective May 2018, Ciotóg ensures that all data collected by the company will be maintained in accordance with the obligations of that act and the regulations.
Collection of Data
Ciotóg needs to collect and use data for a variety of purposes about its clients, traders, and all other individuals who come in contact with us. The purposes of processing data include organization and administration of events, research activities, recruitment of partners and staff, and processing of payments owed to and by the company. It is also collected to undertake advertising, marketing, direct marketing and public relation exercises.
We are committed to performing our responsibilities in accordance with the following eight Data Protection principles:
- All Data will be obtained and processed fairly and in accordance with statutory and other legal obligations.
- Data will be kept only for reasons that are specific, lawful and clearly stated.
- Data will only be used and disclosed in circumstances that are necessary for the purposes for which it was collected.
- Measures are in place to ensure against unauthorized access to, alteration, disclosure or destruction of data and to safeguard against its accidental loss or destruction.
- Measures are taken to ensure that all data retained is accurate and up to date.
- Data is only retained when it is adequate, relevant and not excessive.
- We only retain data for a clearly specified period, except in the case of financial records where they are retained for the required period of seven years.
- We will comply with any requests from Individuals to access all data we hold in respect of them under the Data Protection legislation.
Data protection is the safeguarding of the privacy rights of individuals in relation to the processing of personal data. The Data Protection Act 1988 and the Data Protection (Amendment) Act 2003 confer rights on individuals as well as responsibilities on those persons processing personal data. The Data Protection Acts also permit individuals to access their personal data on request and confer on individuals the right to have their personal data amended if found to be incorrect.
Personal data, both automated and manual, is data relating to a living individual who is or can be identified, either from the data or from the data in conjunction with other information.
Consent form for filming and photography (Minors)
As directed under the Data Protection Act 1998 We will ensure that we receive written signed consent in relation to Filming and photography of minors for photoshoots and launches prior to events. This consent will cover the use of images in all media formats for both publicity and documentary purposes for the events.
At event time, where possible at family events, verbal & signed consent will be sought from the guardians of accompanied minors.
In relation to School events – all schools will be contacted prior to the event they are attending and a copy of the school’s consent form will be requested. Where a school has not got a general consent policy in place a festival consent form will be sent to the school to be signed by all parents. The schools will be asked to identify any pupils within their own group whose image may not be used.
Ciotóg is committed to protecting your privacy and treats all personal data entrusted to us with the highest degree of security and confidentiality. The purpose of this document is to inform you of the ways in which we process your data and what rights you have in relation to this processing. It is important that you read this document carefully.
Statement of GDPR Compliance
All data is gathered and processed in accordance with data protection legislation, including the EU’s General Data Protection Regulation (GDPR), effective May 2018, and future implementing legislation in Ireland.
Identity of Data Controller
Ciotóg gathers and processes personal data on the basis of consent. Your information is used only to send you the information about Ciotóg which you have agreed to receive, to complete transactions in the manner consented to by you and to improve your experience on our website via cookies. Consent for these operations may be withdrawn at any time.
How Data is Collected on Our Website
Personal data is collected on our website in the following ways:
- Names and email addresses are collected via the “Bí ar an eolas | Sign up for news ” link when users input these details in order to receive announcements, updates and special offers regarding Ciotóg activities
- IP addresses, browser types, domain names, access times and referring website addresses are collected via cookies, which are stored in users’ web browsers
- Names, addresses, email addresses, phone numbers, credit card details and in some cases details regarding users’ accessibility requirements are collected upon the purchase of tickets for Ciotóg events.
Ciotóg allows cookies on its website in order to improve the visitor experience in accordance with normal practice. When visiting the project website, you are given the opportunity to consent to this use via an onscreen pop-up. If you do not wish to consent to this use, consider disabling cookies in your browser settings.
Ciotóg contracts a third-party data processor, whose activities include the use of third party cookies to create remarketing audiences for the project on other digital platforms. This means that personal data obtained via cookies may be automatically processed in order to advertise to you online. The information obtained via cookies is kept as minimal as possible and is processed only as necessary for the tasks listed above. This processing includes the use of Google features such as Google Tag Manager and Google Analytics and Facebook features such as Facebook pixels and custom audiences. In this case, personal data maybe be held and processed for a maximum of ten months.
How Your Data is Used
Ciotóg uses personal data for the purposes of communications, improving the user experience on our website, marketing and processing payments. Data regarding a person’s accessibility requirements may be collected during the ticket purchase process in order to provide for persons with disabilities at events.
Personal data is held and processed until such time as you communicate to us in writing that you wish for them to be removed. Data is retained by Ciotóg except where collection and processing is facilitated by third party data processors. Ciotóg contracts with trusted third parties in order to provide exceptional services which the project is not able to offer on its own. .
Ciotóg never sells or rents personal data to any third parties and will not share your personal information with an unauthorised third party unless required to do so by law.
You have many legal rights when it comes to the personal data you provide. These include the right to withdraw your consent at any time, to know what data is being held about you, to request the removal of your personal data from all Ciotóg records and to have this action completed in a timely manner, to object to certain processing of your data, to restrict how your data is used and to lodge a complaint about the handling of your data with a supervisory authority.
Data Breach Policy
Ciotóg takes the necessary measures to ensure your personal data is protected including encryption, password protection and physical safeguards. In the unlikely event of a significant data breach, Ireland’s Data Protection Commissioner and all affected individuals will be notified within the required legal time frame.
Ciotóg reserves the right to make amendments to this Privacy Statement at any time without notice.