Data Protection Policy

Last Updated: 9th Sept 2024

1. Introduction

Poetry Prescribed is committed to protecting the privacy and security of personal data we collect, process, and store. This Data Protection Policy outlines our approach to ensuring compliance with the UK Data Protection Act 2018 and the General Data Protection Regulation (GDPR).

2. Scope

This policy applies to all personal data collected by Poetry Prescribed through our website and services, including information collected from users, participants, volunteers, staff, and any other individuals whose data we handle.

#3. Definitions

- Personal Data: Any information that relates to an identified or identifiable individual.

- Data Subject: An individual whose personal data is being processed.

- Processing: Any operation or set of operations performed on personal data, including collection, recording, storage, and sharing.

- Data Controller: The entity that determines the purposes and means of processing personal data.

4. Data Controller

Poetry Prescribed acts as the Data Controller for personal data processed through our website and services. For any inquiries regarding this policy or our data processing activities, please contact:

Data Protection Officer (DPO)

Esi Yankey
poetryprescribed@gmail.com

5. Data Collection

We collect personal data through various means, including:

- Direct interactions (e.g., when users register for services, workshops, or mailing lists)

- Automated technologies (e.g., cookies, analytics)

- Third-party sources as permitted by law

The types of personal data we may collect include, but are not limited to:

- Name

- Contact details (e.g., email address, phone number)

- Demographic information

- Feedback and comments

- Any other information necessary to provide our services

6. Purpose of Processing

We use personal data for the following purposes:

- To provide and manage our services and events

- To communicate with users and respond to inquiries

- To enhance user experience through personalised content

- To conduct surveys and gather feedback

- To comply with legal obligations

- To keep users informed about our activities and services (if consented)

7. Legal Basis for Processing

We rely on the following legal bases for processing personal data:

- Consent: Where individuals have provided consent for us to process their personal data for specific purposes.

- Contractual Necessity: Where processing is necessary for the performance of a contract with the individual.

- Legal Obligation: Where processing is necessary for compliance with a legal obligation.

- Legitimate Interests: Where processing is necessary for our legitimate interests, provided that those interests are not overridden by the interests or rights of the data subject.

8. Data Sharing and Disclosure

We do not share personal data with third parties unless necessary for fulfilling our services, complying with legal obligations, or with the explicit consent of the data subject. When sharing data, we will ensure that appropriate agreements are in place to protect the data.

9. Data Security

We implement appropriate technical and organisational measures to protect personal data from unauthorised access, loss, destruction, or alteration. These measures include:

- Secure servers

- Data encryption

- Access controls

- Regular security assessments

10. Data Retention

We will retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Once data is no longer required, we will securely delete or anonymize the data.

11. Data Subject Rights

Data subjects have the following rights under the UK Data Protection Act 2018 and GDPR:

- The right to be informed about the collection and use of their personal data

- The right of access to their personal data

- The right to rectification of inaccurate data

- The right to erasure (the "right to be forgotten")

- The right to restrict processing

- The right to data portability

- The right to object to processing

To exercise these rights, individuals should contact the Data Protection Officer.

12. Cookies

Our website uses cookies to enhance user experience. Cookies are small text files placed on your device by websites you visit. For detailed information on the cookies we use and how to manage your preferences, please refer to our Cookie Policy.

13. Changes to this Policy

We may update this Data Protection Policy from time to time. Any changes will be posted on this page and will become effective immediately upon posting. We encourage users to review this policy periodically for any updates.

14. Complaints

If you believe that we have not complied with your data protection rights, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK. You can find more information on their website: [www.ico.org.uk](https://www.ico.org.uk).

15. Contact Information

For any questions or concerns regarding this Data Protection Policy, please contact our Data Protection Officer at poetryprescribed@gmail.com