Privacy  Policy

The St Endellion Festivals Trust ("SEFT") is committed to protecting your data and to upholding your privacy. Here, we explain what information we collect and how we store and process it. We will use information about you only in accordance with the UK GDPR (General Data Protection Regulation) and the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).  For the purposes of the Data Protection Act 2018, the data controller is SEFT at our registered address: 16 Burgh Street, London, N1  8HF.  Our privacy policy is set out below.  If you have any questions or comments please contact privacy@endellionfestivals.org.uk. SEFT is registered with the Information Commissioners Office (ICO.org.uk), reg. no. ZA258873.

By using this website you agree to be bound by our "Terms and Conditions of Use"

Our Lawful Basis for Processing

UK GDPR requires us to identify a lawful basis for each type of personal data processing we undertake. Our lawful bases are as follows:

  • Contract: where you purchase a ticket or register to participate in a Festival, processing your data is necessary to fulfil that contract with you.
  • Consent: where you have opted in to receive news and marketing communications from us.
  • Legitimate interests: where we process data to manage our charity’s operations, maintain records, and to communicate with donors and supporters where this is reasonably expected.
  • Legal obligation: where we are required by law to process data (for example, for Gift Aid administration).

Information We Collect.

By disclosing your personal information to us, via our website, by phone, email or in writing, you are giving us your consent to collect, store and process your personal information in the manner described in this policy.  We collect and process the following data:

•  Information that you provide us in order to register interest in participation in our Festivals, to buy a concert ticket, or sign up to an event, whether that is done online, by phone, email or post, which we need in order to effectively provide our products and services to you.

•  Information that you provide us in order to sign up to receive information from us about our activities, via the 'Sign Up' page on our website, or by phone, email or post.

•  Records of communication, whether in electronic or hard copy format, which may include general correspondence, participation or purchase history and responses to any surveys or questions we ask you.

•  Personal information you supply to us in connection with any donation you make to us, including that which enables us to claim Gift Aid on your donation.

What We Do With  It

We process your personal information in order to:

•  Conduct and supply the services for which you have registered.

•  Conduct and supply any additional products and services that you request.

•  Plan, organise and manage the St Endellion music festivals, including provision for accommodation and catering.

•  Let you know about other SEFT events and services in which we think you may be interested, unless you have asked us not to.

•  Let you know about any changes to SEFT, our products, events and services.

•  Communicate in accordance with the Privacy and Electronic Communications Regulations, 2003.

• Sometimes, the information that we send to you may contain links to other websites. Please note that these websites will have their own privacy policies and you should review these before supplying any data.

Third Party Providers:

We may engage third party tools or providers:

•  to deliver regular e-news updates to subscribers and Friends on topics in which they have declared a specific interest via the relevant opt-in on our website. This is presently managed by our sister charity Endelienta Arts and you can view the relevant privacy notice here: https://endelienta.org.uk/privacy-policy/. We use the Mailchimp platform to deliver these updates, and to gather statistics around e-news opening and engagement using industry standard technologies to help us monitor and improve our e-newsletter. For more information, please  see the privacy policy of our chosen provider, Mailchimp, here: https://mailchimp.com/legal/privacy/.

to conduct surveys, to gather information from you that helps us to provide better information to you, or that we need in order to fulfil our obligations to you as a member

to assist us with IT requirements. We are careful in our choice of supplier, and only work with those that themselves take data protection seriously.

·Any such providers are acting on our behalf, but we retain full responsibility for your data, which will only be used according to our instructions.

What we don't do

  • Use your data for anything other than the purpose for which it was supplied to us, unless the new purpose is similar and fair.
  • Sell or transfer your data to any third party for their own marketing purposes.  We will never sell your data. 

Exceptions

We may disclose personal data without your consent in the following exceptional circumstances only: 

  • If we were legally obliged to do so, for example by the police or a court order.
  • If it was necessary to do so in order to ensure compliance with any financial agreement into which you have entered with SEFT.
  • If it was necessary to protect our staff, members or other persons.

How  We Store  It

•   Securely  in a manner which complies with the Data Protection  Act 2018, the Privacy and Electronic  Communications  Regulations 2003. and the General Data Protection Regulations 2018.

•  Occasionally, when we use third party tools such as those mentioned above, your data may be collected and stored outside the UK.  Where this occurs, we ensure that any such transfer is protected by appropriate safeguards under UK GDPR, such as adequacy regulations, International Data Transfer Agreements (IDTAs) or equivalent mechanisms.  

•   No system is 100% secure.  However, we take every care to ensure the security of your data  with  robust procedures,  up to date technology and software, virus and malware protection  and staff training to prevent security  breaches.

•  We destroy it in  a secure way once we no longer need it.

How Long We Keep It

We will retain your personal data only for as long as necessary to fulfil the purpose for which it was collected or as required by law.  As a general guide:

  • Ticketing and participation records are retained for up to seven years following the relevant Festival in line with our financial record-keeping obligations. 
  • Donation and Gift Aid records are retained for seven years from the date of the donation, as required by HMRC.
  • Marketing contact details are retained for as long as you remain opted in, and for a reasonable period thereafter in order to honour any suppression or opt-out request.
  • On expiry of the relevant retention period, data are securely deleted or anonymised.

Website Visitors:  Cookies

When you use our website, our ISP  may collect and store  information  about you, such  as your IP  address, which  internet browser you're using, geographical location  and how you use our website. This information  is not linked  to any personal details and cannot identify you. Our website uses only necessary cookies to assist its functionality.   If you would prefer not to accept cookies, you may wish to change the settings in your internet browser so that they are refused. This should not affect your experience of using our website.  To find out more about cookies, including  how to see what cookies  have been stored  and how to manage and delete them visit

http://www.allaboutcookies.org.uk.

Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access: you may request a copy of the personal data we hold about you by making a subject access request in writing.  We may ask you to verify your identity.  We will respond within one month.
  • Right to rectification:  if any data we hold about you is inaccurate or incomplete, you may ask us to correct it.
  • Right to erasure: in certain circumstances, you may ask us to delete the personal data we hold about you (the "right to be forgotten"). This right is not absolute and may be subject to our legal obligations. 
  • Right to restriction: you may ask us to restrict our processing of your data in certain circumstances, for example while a query about its accuracy is being resolved.
  • Right to data portability: where we process your data on the basis of consent or contract, you may ask us to provide it to you in a structured, commonly used machine-readable format.
  • Right to object: you have the right to object to processing based on legitimate interest, and an absolute right to object to processing for direct marketing purposes.
  • Right to withdraw consent: where processing is based on consent, you may withdraw that consent at any time.  Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at privacy@endellionfestivals.org.uk.  We will respond within one month.  We endeavour to keep your personal information accurate and up to date.  If you become aware of errors or inaccuracies, please let us know. 

Right to Complain to the ICO
You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe that we have not handled your personal data in accordance with the law.  The ICO can be contacted at www.ico.org.uk or by telephone on 0303 123 1113.  We would, however, appreciate the opportunity to address any concerns you may have before you contact the ICO, so please feel free to contact us in the first instance at privacy@endellionfestivals.org.uk

Opting out of Communications

We make it easy for you to tell us how you want us to communicate, in a way that suits you.  Our forms have clear marketing preference questions and we include information on how to opt out when we send you marketing.  If you don't want to hear from us, that's fine.  Just let us know when you provide us with your information.  You can opt out of communications by following the instructions included on the email, or by selecting "unsubscribe" at the bottom of an email, or by replying to the email with "STOP" in the subject line, or by emailing privacy@endellionfestivals.org.uk.

Changes to This Policy

If we make any changes to this privacy policy the updated  policy will appear on our website.

Queries

If you have any queries regarding this policy,  please feel free to contact  us on privacy@endellionfestivals.org.uk

This policy was last reviewed in June 2026