Privacy policy

You are at the heart of everything we do. We are committed to managing & safeguarding your personal information in accordance with current legislation and best practice. Our aim is to be responsible, relevant, and secure when using your data by handling your personal information with respect.

It’s important that you know what personal information Rhythms Sans Frontieres (known here as "we" or "RSF") collects about you, and how we use it.

We’ve done our best to make our explanations short and easy to understand. But, if you’d like further information, or have any questions, please contact our Data Protection Officer using the details in the ‘Contact Us’ section below.

Who We Are?

We are Rhythms Sans Frontieres registered in England under company registration number 13113814 and registered with the ICO reference number ZB220261 and are the controller and responsible for your personal data.

Rhythms Sans Frontieres (RSF) is a ground-breaking new music festival presenting some of the best music and artists on the planet. Our open air and big top stages will present an eclectic and diverse line-up of DJ’s and performers, spanning genres from Indie, Latin, Hip Hop and Jazz Fusion to Indian Bhangra, Reggae and Afro-Beat.

At RSF we celebrate cultural diversity. We are pushing the door wide open for people from marginalised backgrounds and low incomes to enjoy our festival.

We will have dedicated venues for interactive daytime music and dance workshops including African Drumming, Beatbox, Street Dance, Yoga and much more. A global village marketplace with amazing world food caterers, enticing bars and well-being areas will fill your day and let you party late into the night.

We are giving a voice to good causes and organisations that support Human Rights, the Environment and Climate change action.

RSF are hungry for positive change in the world, and we think our audiences are too! We have teamed up with some of the most amazing campaign groups and organisations to raise funds, generate campaign awareness and hopefully recruit new members or volunteers. RSF aims to inspire, enlighten, and entertain you.

Our NGO (Non-Government Organisation) partners include Amnesty International, Frank Water, Medecines Sans Frontieres and The World Land Trust - and our support starts from the moment you buy a ticket!

Data Protection Definitions

  • Personal Data– any information relating to an identified or identifiable natural person.
  • Processing– any operation or set of operations which is performed on Personal Data or on sets of Personal Data.
  • Data subject– a natural person whose Personal Data is being Processed.
  • We/us(either capitalized or not)
    This document and references to “RSF” and “we” and “us” apply equally throughout this Privacy Notice

The Law

RSF is based in England and thus subject to law applicable in England & Wales. In the case of data protection, the primary legislation in effect from 25th May 2018 is Regulation EU 216/679 (the General Data Protection Regulation), as well as the Data Protection Act 2018.

Data Protection Principles

The following data protection principles are adhered to by RSF:

  • Processing is lawful, fair, transparent. Our Processing activities have lawful grounds. We always consider your rights before Processing Personal Data. We will provide you information regarding Processing upon request.
  • Processing is limited to the purpose. Our Processing activities fit the purpose for which Personal Data was gathered.
  • Processing is done with minimal data. We only gather and process the minimal amount of Personal Data required for any purpose.
  • Processing is limited with a time period. We will not store your personal data for longer than needed.
  • We will do our best to ensure the accuracy of data.
  • We will do our best to ensure the integrity and confidentiality of data.

Data Subject’s rights

The Data Subject has the following rights:

  • Right to information– meaning you have the right to know whether your Personal Data is being processed; what data is gathered, from where it is obtained and why and by whom it is processed.
  • Right to access– meaning you have the right to access the data collected from/about you. This includes your right to request and obtain a copy of your Personal Data gathered.
  • Right to rectification– meaning you have the right to request rectification or erasure of your Personal Data that is inaccurate or incomplete.
  • Right to erasure– meaning in certain circumstances you can request for your Personal Data to be erased from our records.
  • Right to restrict processing– meaning where certain conditions apply, you have the right to restrict the Processing of your Personal Data.
  • Right to object to processing– meaning in certain cases you have the right to object to Processing of your Personal Data, for example in the case of direct marketing.
  • Right to object to automated Processing– meaning you have the right to object to automated Processing, including profiling; and not to be subject to a decision based solely on automated Processing. This right you can exercise whenever there is an outcome of the profiling that produces legal effects concerning or significantly affecting you.
  • Right to data portability– you have the right to obtain your Personal Data in a machine-readable format or if it is feasible, as a direct transfer from one Processor to another.
  • Right to lodge a complaint– if we refuse your request under the Rights of Access, we will provide you with a reason as to why. If you are not satisfied with the way your request has been handled, please contact us.
  • Right for the help of supervisory authority– meaning you have the right for the help of a supervisory authority and the right for other legal remedies such as claiming damages.
  • Right to withdraw consent– you have the right withdraw any given consent for Processing of your Personal Data.

To exercise any of the above rights please contact us. Please note that whilst we will carefully assess every request, we receive we may not always have to comply. When this happens, we will explain why.

The Personal Data We Collect and How We Use It

We do our best to keep the information we collect about you to the minimum necessary, with the information we collect depends upon how you are interacting with us

When you visit RSF website, certain personal information can automatically be collected from your device. Specifically, may include information like your IP address, device type, browser-type, broad geographic location (e.g., country or city-level location) and other technical information. We may also collect information about how your device has interacted with our website, including the pages accessed and links clicked.

Collecting this information enables us to better understand the visitors who come to our website, where they come from, and what content on our website is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our website to our visitors. Some of this information may be collected using cookies and similar tracking technology.

RSF will collect data for purposes such as future newsletter to release information on upcoming events/future festivals and general marketing of RSF event.

RSF will collect data pertaining to name & email address and possibly telephone number. However, the ticket agency SKIDDLE will collect same information alongside credit card details when tickets are purchased. We do not collect or store this personal data.

RSF Directors will be the only ones to have access to and use the personal data collected via RSF website. Please refer to SKIDDLE privacy policy for how they process the data at https://www.skiddle.com/GDPR/

Automated Decision Making

RSF do not currently utilise automated decision-making functions within its business. A Data Protection Impact Assessment (DPIA) would be carried out before any Automated Processing (including profiling) activities were to be undertaken.

Data Retention

Except where a legal obligation to retain data exists, RSF does not store personal information for any longer than is necessary for its defined purpose. We operate a data retention policy and look to find ways to reduce the amount of information we hold and the length of time we hold it for.

Wherever an individual has expressed that they no longer wish to have information we hold about them used for the purpose under which we hold it, we may need to continue storing certain identifiers to ensure that person’s information does not re-enter our systems at a later date.

When data is no longer to be retained, its removal, deletion or erasure will be performed according to processes suitable for the medium, for example the secure shredding of paper documents, deletion from internal systems, or overwriting (wiping) of hard disks.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Who else can access your Personal Data?

We will not share your information with any third parties for the purposes of direct marketing. Personal Data about you is in some cases provided to our trusted partners in order to provide elements of our service to you, to make providing the service to you possible, or to enhance your customer experience.

We may pass your personal data on to third-party service providers contracted to RSF in the course of dealing with you. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only to fulfil the service they provide you on our behalf. When they no longer need your data to fulfil this service, they will dispose of the details in line with RSF data controller-processor contract agreement.

If we wish to pass any form of sensitive personal data onto a third party we will only do so once we have obtained your consent unless we are legally required to do otherwise.

RSF website may interfaces with social media sites such as Facebook, LinkedIn and Twitter. If you choose to “like” or share information from the website through these services, you should review the privacy policy of that service. If you are a member of a social media site, the interfaces may allow the social media site to connect your site visit to your personal data.

We only work with Processing partners who are able to ensure adequate level of protection to your Personal Data. We disclose your Personal Data to third parties or public officials when we are legally obliged to do so. We might disclose your Personal Data to third parties if you have consented to it or if there are other legal grounds for it.

How we Secure Your Data

To help protect the privacy of data and personally identifiable information you transmit through use of this Site, we maintain physical, technical, and administrative safeguards. We update and test our security technology on an ongoing basis.

We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.

We promise to notify suitable authorities of data breaches. We will also notify you if there is a threat to your rights or interests. We will do everything we reasonably can to prevent security breaches and to assist authorities should any breaches occur.

Privacy by Design and Data Protection Impact Assessment (DPIA)

We are required to implement Privacy by Design measures when Processing Personal Data by implementing appropriate technical and organisational measures in an effective manner, to ensure compliance with data privacy principles.

We will assess what Privacy by Design measures can be implemented on all programs/systems/processes that Process Personal Data by considering the following:

(a) the state of the art.

(b) the cost of implementation

© the nature, scope, context, and purposes of Processing; and

(d) the risks of varying likelihood and severity for rights and freedoms of Data Subjects posed by the Processing.

Furthermore, RSF will also conduct DPIAs in respect to high-risk Processing.

We will always conduct a DPIA (and discuss the findings with the DPO) when implementing major system or business change programs involving the Processing of Personal Data including:

(e) use of new technologies (programs, systems, or processes), or changing technologies (programs, systems, or processes).

(f) Automated Processing including profiling and Automated decision making.

(g) large scale Processing of Sensitive Data; and

(h) large scale, systematic monitoring of a publicly accessible area.

(k) an assessment of the risk to individuals; and

(l) the risk mitigation measures in place and demonstration of compliance.

Contact Us

If you have any questions, queries, or concerns about the above, or our approach to privacy, our dedicated Privacy Office, is here to help: DPO@rsffestival.co.uk.

There’s also the Information Commissioner's Office (ICO) although we encourage you to try and let us help you first.

The Information Commissioners Office (The ICO)

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113

www.ico.org.uk

Changes to this Privacy Policy

We reserve the right to make changes to this Privacy Notice at any time, for any reason. However, RSF will review and update this Privacy Notice periodically or from time to time in response to legal, technical, or business developments. If material changes to this Notice are made, they will be updated this via the website.

Last modification was made 29th Sept 2021