GOLKK Theatre is a non-registered theatre company set up for public benefit. GOLKK endeavour to make physical performance which is accessible, dynamic, and vitally playful. As a multinational collective, we are passionate about the universal nature of physical theatre, and seek to bridge the gap between mainstream and fringe theatre audiences. GOLKK champion theatre which is grounded in sharing and unity.
We need to collect personal data to deliver our work and fulfil our legal obligations. We need data to help us monitor the impact of our work and make sure what we are delivering is meaningful and beneficial. We need data about our supporters because, without their ongoing support, we will not exist.
We collect and process data in accordance with the General Data Protection Regulations (GDPR).
Under GDPR, GOLKK Theatre is a data controller. We are not registered with the Information Commissioner’s Office because we are a small, non-profit-making organisation which only processes information necessary to establish and maintain support and to administer our activities and we only share information with people and organisations when it is necessary to carry out our activities, so we believe we are exempt from registration. We are not required to appoint a Data Officer but the responsibility for Privacy and Data Protection has been allocated to the Marketing Manager who is responsible for ensuring regular review of privacy issues and for reporting any data breaches to the Information Commissioner’s Office (contact email@example.com).
We only hold and process personal data where the law allows us. The current law sets out a number of permissible reasons for collecting and processing personal data. The reasons that apply to our collection of data are:
• Contract – we may make contracts with other people or organisations which mean we need to keep certain data.
• Legal compliance – there are occasions when we have a legal obligation to collect and process personal data.
• Legitimate interests - personal data may be collected in a way which might reasonably be expected as part of running the organisation and so long as this does not materially impact peoples’ rights, freedom or interests.
• Consent - in some situations, we can collect and process personal data when consent is given.
We ensure that the personal data we collect is:
• Processed fairly and lawfully.
• Obtained only for specified, lawful purposes and is not further processed in any manner incompatible with such purpose(s).
• Adequate, relevant and not excessive in relation to the purpose(s) for which they are processed.
• Accurate and, where necessary, kept up to date.
• Not kept for longer than is necessary.
• Processed in accordance with the rights of data subjects under GDPR.
• Subject to appropriate technical and organisational measures against unauthorised or unlawful processing of personal data and against accidental loss, damage to or destruction of, personal data.
• Not transferred to a country or territory outside the EEA unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
What we collect and how we use it
We collect names, addresses, telephone numbers, email addresses and other essential information about the people we work with to allow us to communicate effectively and comply with legal and contractual obligations.
We have a legitimate interest to collect personal data of participants in activities, including associated staff and carers who support participants, people who have actively volunteered with us and people who have a professional interest in our work. We collect names, telephone numbers and email addresses to allow us to communicate effectively with them, to let them know about timings and other arrangements. We may keep a record of our communications and our own notes on their personal health or circumstances in order to improve their experience with us. We may collect the names, telephone numbers and email addresses of intermediaries who can help us facilitate the involvement of more vulnerable participants. Use of video and photographs is an important part of our process. Participants are offered various options for inclusion which are explained at the beginning of any process.
We ask for consent from people who may be interested in what we are doing so that we can collect email addresses, names and, if appropriate, their job title in order to send them our bi-monthly e-newsletter, which includes general information about our activities and occasionally includes requests for donations.
Electronic data collection
We are based in the UK. We use off-the-shelf cloud-based products to store our information, including Dropbox, Mailchimp, Gmail, Vimeo and Google Drive. Some of our third-party suppliers have access to our data as part of being able to provide their services. Some are based in the US and abide by US law. If we stop using their services, any of our data held by them will either be deleted or rendered anonymous. Personal data in physical form is scanned and stored online. Our staff are trained to take precautions to minimise the potential risk of unauthorised access to our data (including regular changes in passwords and clean desk policy).
We respect people’s rights under GDPR to:
• Be informed (to know how we use your personal data)
• Access (to be provided with a copy of your personal data)
• Rectification (to change incorrect information)
• Erasure (to request deletion of your personal data – “the right to be forgotten”)
• Restriction (limit how we use your personal data)
• Portability (to move your personal data in an accessible form)
• Object to our using your personal data for legitimate interests
• Not to be submitted to automated decision making including profiling
 “personal data” means any information from which you can be personally identified, including your name,
address, date of birth, telephone number, email and postal address and various other information.
 There are some legal caveats