Privacy Policy

Introduction

The University of Chester is committed to protecting the rights and freedoms of individuals as detailed in relevant Data Protection legislation including looking after any personal data that it collects, uses or hold.  This Data Processing and Privacy Notice describes how and why we collect and use personal information about you.  It is issued under your right to be informed about how the University collects, uses and stores your personal data. 

The Festival of Ideas is a programme of free, inclusive, and accessible public events on a wide range of themes in and around Chester, co-created by the University of Chester and external stakeholders and city partners. Events may include speakers, discussion panels, theatre, pop-up exhibitions, interactive events, music, readings, guided walks, and more. 

Data Protection Principles

We will comply with data protection legislation, which says that the personal information we hold about you must be: 

  • Used lawfully, fairly and in a transparent way 
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes 
  • Relevant to the purposes we have told you about and limited only to those purposes 
  • Accurate and kept up to date 
  • Kept only as long as necessary for the purposes we have told you about 
  • Kept securely 

What Personal Data does the University collect? 

The University collects personal data through: 

  1. “Be Part of the Festival” form, used to request proposals for events:
    1. Name, email, telephone, organisation. 
    2. Event details, with preferred dates/times. 
    3. Any reasonable adjustment requests. 
    4. Photography consent. 
    5. IP address.
  2. “Get in Touch” form, used for general enquiries: 
    1. Name, email, subject, message.
    2. IP address.
  3. Event bookings via The Events Calendar:
    1. Name and email of attendee for each booking.
    2. Optional requests for reasonable adjustments to help with attending an event.
    3. Optional (opt in) marketing consent for communication about future festivals and other events.
  4. Feedback form sent after the end of the festival:
    • Age range, which is collected anonymously and is used to support planning of future festivals.

Source of data:

  • Directly from event proposers, attendees, and enquirers proactively choosing to engage with the Festival of Ideas. 
  • Event bookings submitted through The Events Calendar plugin.
  • Respondents that reply to the Feedback from sent after the end of the festival. 

What Special Category Data does the University Collect? 

The University does not collect and process special category data unless provided by you with your explicit consent for supporting your accessibility to events and providing reasonable adjustments, which may include details about your health. This information will be stored securely, access restricted, only disclosing the minimum information required with venues and deleted when no longer required.

Why does the University need this data and how will the University use this data?

The personal data is used to:

  • Review and manage event proposals.
  • Communicate with event proposers.
  • Respond to general enquiries.
  • Manage event bookings.
  • Send event reminders and updates to attendees.
  • Administer events on the day, including check-in and attendance tracking.
  • Ensure accessibility and reasonable adjustment requests are met.
  • Collect marketing opt-in consent and send marketing emails when consent is given.
  • Send event feedback survey link to people who booked on an event.
  • Inform venues of attendees to comply with Health and Safety regulations.

What is the Legal Basis for processing the data?

Your Consent – for event proposals, event bookings, and marketing communications and when information is shared by you for purposes of:

  • Accessibility to provide reasonable adjustments.
  • Where it is necessary to comply with a legal or regulatory obligation e.g. health and safety, insurance, crime prevention or detection.
  • We may also use your data where this is necessary to protect your vital interests, or someone else’s vital interests, typically in an emergency. 
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

For how long will the University keep this Data?

The University will only retain your data for as long as is necessary to fulfil the purposes for which it was collected after which it will be permanently deleted.

  • Event proposals: Kept for up to 12 months after the festival ends.
  • General enquiries: Kept for up to 12 months.
  • Event bookings: Kept for up to 12 months after the festival.
  • Marketing opt-in data: Data is kept for 18 months, then removed, unless consent is provided in a future booking.
  • Limited marketing opt out information (suppression data) will be kept as long as necessary to ensure that your marketing preferences are retained to prevent future contact.

Who has access to the data and with whom will the University share this data?

Access to the data will be limited to University staff responsible for the administration of the Festival. Limited data will be shared only where necessary externally with Event Leaders and venues to facilitate and host the event.

  • Internal:
    • Festival organising team.
    • The IT team at the University of Chester.
    • Faculty or academic staff running specific events.
  • External:
    • Event leaders may be informed of the names of attendees when the event is held outside the primary venues.
    • Event leaders may be made aware of accessibility information where reasonable adjustments can be made.
    • Venues may be made aware of attendee information to comply with Health and Safety regulations.

We do not, and will not, sell your data to third parties.

The University uses third-party service providers for certain services, including Freethought Internet for database hosting and The Events Calendar (including its Promoter tool) for event bookings and related email communications. Further information is available in their respective privacy policies: Freethought Internet’s Privacy Policy and The Events Calendar Privacy & GDPR information.

All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes.  We only permit them to process your personal data for specified purposes (as written in the contract between us) and in accordance with our instructions.

How will the University keep this data secure?

The University takes the security of your data very seriously and has internal policies and controls in place to try and ensure that your data is not lost, accidentally destroyed, misused or disclosed. In support of this policy the University publishes an Information Security Framework which is based on ISO 27001:2005 and uses ISO/IEC 27002:2005 Information Security Techniques – Code of Practice for Information Security Management.

We ensure that any third-party data processors provide sufficient safeguards and guarantees in relation to the processing of personal data as detailed in data protection legislation.

The festival applies the following security measures:

Access restricted to authorised University staff.

What Rights do you have as a Data Subject?

Under the Data Protection legislation, you have a number of rights with regards to your data, dependent upon the legal basis for processing that data. As such you have the right to:

  • Withdraw consent – where the University has used consent as the legal basis for processing;
  • Be informed – about how the University, collects and uses your data;
  • Access your personal data that the University holds and process;
  • Rectify or correct any inaccuracies in your personal data that we hold;
  • Be forgotten by requesting that your details are removed from the University systems;
  • Restrict the processing of your data whilst it is being verified or corrected;
  • Port your data in a machine readable and commonly used format; 
  • Object to certain processing by the University including direct marketing, automated decision making, profiling, scientific/historical research and statistics;

The above rights are not absolute and may only apply in some circumstances such as being dependent upon which lawful process has been used or whether an exemption may apply.

Who is the Data Controller and who is the Data Protection Officer?

Should you have any questions, comments, concerns or complaints regarding the use of your personal data you should contact the University’s Data Protection Officer as detailed above. 

If you wish to opt out of marketing communications, or having your data used to inform future festivals, you may do so at any time by emailing ideasfestival@chester.ac.uk or by getting in touch with us.

You may also raise any concerns or complaints with the Information Commissioner’s Office who may be contacted as follows:

Information Commissioners Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
www.ico.org.uk

Changes to this Notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

Version: Draft
Date: 05/01/2025