Data Privacy Statement
1. General Provisions
By gathering and analysing evidence, by listening to people’s experiences and by getting improv organisations to unite in pursuit of shared goals, we aim to drive changes across the improv industry to make things work better for individuals and communities. We build partnerships with and train improv community leaders, to make sure that the changes are long-lasting.
Keeping people informed and connected on the issues improvisers are facing is a key part of what we do, and we work with a strong commitment to privacy and security.
You have the right to remain anonymous when you submit an entry via the reporting form on our website and in that case you will always be treated anonymously for any further processing.
Safe Play will not inform improv organisations or individuals that we have received a report about them, unless we have your explicit consent to do so. Anonymity also applies if improv organisations or individuals approach Safe Play and ask whether there have been reports about them.
If you wish to be contacted by Safe Play, you might include your name and email address in the report. Your information will be treated confidentially and in accordance with this Privacy Statement.
Under the General Data Protection Regulation (EU Directive 2016/680 and Regulation EU/2016/679, henceforth “GDPR”), our Privacy Statement explains how we handle, store, retain, and use your data. This statement sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. For the purposes of the GDPR, Safe Play is an unincorporated organisation that acts as a data controller.
Please read the following carefully to understand our views and practices regarding your personal information and how we will treat it. In compliance with the GDPR, we are making it easier for you to understand how we use your data through greater transparency, particularly but not limited to:
- How does Safe Play collect your data?
- How and where does Safe Play store your data?
- How does Safe Play use your data?
- How long does Safe Play retain your data for?
- Does Safe Play share your data with other relevant professional bodies/other third-parties?
- What are your rights?
2. How we collect your data
Personal data we hold about you may include your name, email address, and location of improv event(s) you have participated in. We may collect identification information regarding both individuals and companies.This could be information concerning people committing harassment or abuse, a person who is being harassed or abused, and about the company/organisation where this is taking place. We may also hold information from when you have interacted with one of Safe Play members regarding your written or oral reports, attended one of our training events, provided us with feedback on our services and events, subscribed to our newsletters, contacted us by email or on social networks, and from when you have visited our website.
When you visit our website, the following information will automatically be collected:
- Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your browser type and version, time zone setting, and operating system and platform;
Lawful basis for Safe Play to collect and process your personal data
In compliance with the overarching principles of the GDPR, particularly in terms of transparency, we determine our basis for processing your personal data in line with Safe Play’s purpose and our relationship with you as follows:
A. Legitimate interests
We collect and process your personal data under ‘legitimate Interests’, proportionately and balanced to fulfil our organisational purpose. Our reason for using this basis is considered either to be in your or our interests, or wider societal benefit. We will ensure that we use your data under this basis only in ways that you may expect and that are easily explainable such as collecting and analysing individual stories, creating reports about the state of psychological safety in improv, marketing, events, or training.
Your consent for us to collect and process your data must be unambiguous and involve a clear affirmation action (opt-in) and specifically excludes pre-ticked opt-in boxes. All of our materials, including the reporting form on our website, comply with this and demonstrate that we will do everything possible to maintain your trust and your engagement with us through enabling you to control what information you share with us, what information you receive from us, how we contact you and subsequently how we process your data. We shall also document accordingly the consent you have provided, how and when you provided it, and the information we have provided you with regard to your consent. We will also advise you as to how and when we may contact you, if applicable, to either reconfirm or update your consent.
We will collect and process your personal data under the legal basis of ‘Contract’ to fulfil our contractual obligations to you, including our training, events, or other such activities leading up to entering into a full contractual agreement with you.
3. How and where we store your data
Unfortunately, the transmission of information via the internet is never completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
All information you provide to us is stored securely and any payment transactions will be encrypted using SSL technology.
4. How we use your data
We use your personal data we have collected from and hold about you in the following ways:
- to collect evidence and document the development of safe (and unsafe) practices in improv organisations and communities, including from the direct reports submitted through the reporting form on our website;
- to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
- to provide you with information about other goods and services we offer that are similar to those that you have already enquired about and, in so doing, will give you the opportunity to explicitly opt-in;
- to notify you about changes to our services;
- to ensure that content on our website is presented in the most effective manner for you and for your computer;
- to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to allow you to participate in our services, when you choose to do so;
- as part of our efforts to keep our website safe and secure;
- to make suggestions and recommendations to you about activities or services that may interest you;
- to work on campaigning and influencing changes in the improv industry;
- to share the findings of our research and analysis;
- to request donations to fund our work;
- to invite people to attend events about developments in our work;
- to distribute information about our activities and services.
5. How long we retain your personal data
We commit to retaining your personal data for no longer than is necessary and in line with legal requirements. As feasible, we will erase your personal data as soon as possible; for example, if you have signed up to attend one of our events we shall delete most of the personal information you have shared with us once that event has taken place.
Where it is appropriate for us to retain information, such as surveys and research purposes, the data we collect will be anonymised. As such, we shall only retain the details and statistics needed to support us in our organisational purpose to continue making improvements for individual improvisers, improv organisations and communities.
As with all our processes and practices, we will ensure all our members have a comprehensive understanding of our Privacy Statement and to ensure any changes to it are communicated efficiently. Similarly, we will ensure that any other third party processors understand our Privacy Statement and commit to our expectations of their treatment of your personal data, including how they are stored and for how long they are retained.
6. How we share your data with other relevant third parties
We are committed to only sharing the personal data we have collected from you with third parties when we have obtained your explicit consent (opt-in) and when required in line with our organisational purpose.
We may disclose selected personal data to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply an agreement; or to protect the rights, property, or safety of Safe Play, our individual members, or others. This includes exchanging information with payment processing companies and legal authorities.
7. Your rights
Pursuant to the General Data Protection Regulation, you have several rights in relation to our processing of data concerning you. If you wish to exercise your rights, you must contact us.
Right of access
You have the right to obtain access to the data we process concerning you, together with a number of other data.
Right to rectification (correction)
You have the right to have incorrect data concerning you rectified.
Right to erasure
In special cases, you have the right to have data concerning you erased before the time of our ordinary general erasure.
Right to restriction of processing
In certain cases, you have the right to restrict the extent to which we process your personal data. If you have the right to restrict processing, we will henceforth only process information with your consent – with the exception of storage – or if a legal claim can be established, exercised or defended, or to protect a person or important public interests.
Right to object
In certain cases, you have the right to object to our processing of your personal data.
Right to transmit data (data portability)
In certain cases, you are entitled to receive your personal data in a structured, commonly used and machine-readable format, and to have this personal data transmitted from one data controller to another without hindrance.
If you have any queries with regard to your rights, as outlined above, or to make a particular request, please contact us at firstname.lastname@example.org.
8. Children, young people and vulnerable adults
Owing to the nature of our purpose, Safe Play does not work with, provide services to, or intentionally collects information from children. While recognising that people can start improvising and acting at a very young age, we set the age limit at 16 for any interaction with Safe Play and its members, including the use of the reporting form on our website. Should we come to know that the information shared with us concerns children, young people, or people who may not be legally able to provide their consent, we will remove any data about them immediately and will take additional measures to ensure that we do not collect such information in the future.
If we deem necessary to interact with the child, young person, or vulnerable adult because it is in their best interests, we will require joint Young Person and their Parent/Guardian consent. Under all lawful bases for collecting and processing personal data, we will ensure that the child, young person, or vulnerable adult can fully understand what they are consenting to. Where we may deem legitimate interest as our lawful basis, we will identify any potential risks in collecting and processing such personal data and ensure that all appropriate safeguards are in place.
9. Accountability and governance
Safe Play has in place the appropriate mechanisms to update our data protection processes to ensure we are protecting your personal data, fundamental rights and freedoms in compliance with the GDPR.
We periodically review what, where and why we are holding personal data, including the legal basis, if data is shared with third parties and the data retention limit.
We will undertake a data protection impact assessment where we consider there could be potentially high risk with regard to processing personal data, such as complex projects particularly where personal data may be shared with third parties.
We always ensure that the means by which we process and store your personal data is done so securely by appropriate technical and other organisational measures relating to confidentiality, integrity and availability of our systems and processes
We will continue to maintain all of our mechanisms, processes and controls to optimum standards as proportionate to our organisational purpose and extent and nature of our activities. We have robust breach identification, investigation and internal reporting procedures within our accountability and governance frameworks, and we will also ensure that our members and staff have a sound understanding of what constitutes a Data Protection Breach and how to report one efficiently.
10. Updating our Privacy Statement
Any changes we make to our Privacy Statement in the future will be posted on this page and, where appropriate, we shall notify you by email. Please check back here frequently to see any updates or changes and feel free to reach out to us if you have any queries: email@example.com.
Last updated: 2022-05-23