Breaking Bands Festival – Data Protection Policy

 

Breaking Bands Festival – Data Protection Policy

1. Introduction

Breaking Bands Festival (“we”, “us”, “our”) is committed to protecting the privacy and personal data of everyone who interacts with us, including customers, volunteers, staff, artists, suppliers, and contractors.
We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy explains how we collect, use, store, and protect personal data.

2. What Personal Data We Collect

We may collect the following categories of personal data:

Customers & Ticket Buyers

  • Name
  • Contact details (email, phone)
  • Payment information (processed securely by third‑party providers)
  • Ticketing information
  • Merchandise order details

Volunteers & Staff

  • Name and contact details
  • Emergency contact information
  • Relevant experience or role information
  • Signed agreements (e.g., NDA, volunteer agreement)
  • On‑site attendance records

Artists, Suppliers & Contractors

  • Contact details
  • Contractual information
  • Payment details (where applicable)

3. How We Use Personal Data

We use personal data for the following purposes:

  • Managing ticket sales and customer service
  • Operating the festival safely and efficiently
  • Coordinating volunteers and staff
  • Fulfilling merchandise orders
  • Meeting legal, insurance, and safeguarding obligations
  • Communicating essential festival information
  • Processing payments and issuing invoices
  • Ensuring site security and emergency response

We only collect data that is necessary for these purposes.

4. Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Contractual necessity – e.g., ticket purchases, volunteer agreements
  • Legitimate interests – e.g., festival operations, safety, fraud prevention
  • Legal obligation – e.g., health & safety, incident reporting
  • Consent – e.g., marketing communications (opt‑in only)

5. How We Store and Protect Data

We take appropriate technical and organisational measures to keep personal data secure, including:

  • Secure digital storage with access controls
  • Encrypted payment processing via trusted third‑party providers
  • Limited access to personal data on a need‑to‑know basis
  • Secure handling of volunteer and staff information

We do not sell or share personal data with third parties for marketing purposes.

6. Data Sharing

We may share personal data with:

  • Ticketing platforms
  • Payment processors
  • Insurance providers
  • Emergency services (if required)
  • On‑site operational partners (only where necessary)

All partners are required to comply with UK GDPR.

7. Data Retention

We retain personal data only for as long as necessary:

  • Ticketing and merchandise records: up to 7 years (legal/accounting requirement)
  • Volunteer and staff records: up to 2 years after the event
  • Emergency contact details: deleted after the festival

8. Your Rights

Individuals have the right to:

  • Access their personal data
  • Request correction or deletion
  • Object to certain processing
  • Withdraw consent (where applicable)
  • Lodge a complaint with the ICO

Requests can be made by contacting us at: info@breakingbandsfestival.com

9. Contact

For any questions about this policy or how we handle personal data, please contact:
info@breakingbandsfestival.com

10. Updates to This Policy

We may update this policy from time to time. The latest version will always be available on our website.