Privacy Policy

Moving Memory Privacy Policy (reviewed June 2025)

Moving Memory Dance Theatre Company is a charity established for public benefit. Our mission is to improve the health and wellbeing of older people through a distinctive, peer-led, creative practice that enables people to share their stories and express their individuality. To deliver this work effectively and fulfil our legal obligations, we collect and process personal data. We also collect data to evaluate our impact and ensure our work remains meaningful and beneficial. We collect supporter data as we rely on their continued support for our sustainability.

This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, updated in accordance with legislative developments post-Brexit. Moving Memory Dance Theatre is a data controller for the purposes of UK data protection law.

We are not registered with the Information Commissioner’s Office (ICO) because we believe we are exempt as a small, not-for-profit organisation that processes only the personal data necessary to maintain support and administer our work. However, we remain committed to upholding the highest standards of data protection.

We are not required to appoint a Data Protection Officer, but responsibility for data protection is held by our Development Director, who ensures ongoing compliance and reports any data breaches to the ICO as required.
Contact: info@movingmemorydance.com

We only collect and process personal data where we have a legal basis to do so. The bases relevant to our work include:

– Contract – where data is needed to fulfil a contractual agreement
– Legal obligation – when processing is necessary to comply with legal requirements
– Legitimate interests – where processing is necessary for our charitable operations and does not override individual rights or freedoms
– Consent – for specific communications or marketing activities, where explicit consent has been given

We adhere to the principles of data protection law. Personal data is:

– Processed lawfully, fairly, and transparently
– Collected for specified, explicit, and legitimate purposes
– Adequate, relevant, and limited to what is necessary
– Accurate and kept up to date
– Retained only as long as necessary
– Processed securely and with integrity
– Not transferred outside the UK without appropriate safeguards

We may collect the following types of personal data:

– Names, contact details (phone, email, address) of participants, supporters, staff, carers, volunteers, and professional contacts
– Health or accessibility information when necessary to support participation
– Consent for photographs or videos, where used as part of our creative or promotional work
– Notes and communications that help us improve the participant experience

We use this data to:

– Communicate effectively with individuals
– Administer events, workshops, and activities
– Monitor and evaluate our programmes
– Report to funders and partners (anonymised unless consented otherwise)
– Manage donations and keep supporters informed through newsletters (with consent)

Participants are always given clear options regarding use of images and recordings, and consent is collected as appropriate.

We collect usage data from our website using cookies and Google Analytics to better understand how visitors interact with our online content. Website users are notified of cookie use when they visit. This data is anonymous and not used to identify individuals.

We are based in the UK and use secure, third-party services to store our data, including:

– Microsoft Onedrive, Gmail, Mailchimp, Vimeo, and similar cloud-based tools

Some of these services are located outside the UK. Where this is the case, we ensure data is only transferred to providers with adequate safeguards in place, such as standard contractual clauses (SCCs) or approved frameworks.

Our staff follow data security best practices, including:

– Strong passwords and regular changes
– Secure access control
– A “clean desk” policy
– Minimising retention of physical documents

We retain personal data only as long as necessary for the purposes it was collected. Data is reviewed regularly and securely deleted or anonymised when no longer needed.

Under UK GDPR, you have the following rights:

– Right to be informed – about how your data is used
– Right of access – to request a copy of your data
– Right to rectification – to correct inaccurate or incomplete data
– Right to erasure – to request deletion of your data
– Right to restrict processing – to limit how we use your data
– Right to data portability – to obtain and reuse your data for your own purposes
– Right to object – to processing based on legitimate interests
– Rights in relation to automated decision-making and profiling – which we do not carry out

If you wish to exercise any of these rights, please contact:
info@movingmemorydance.com

This Privacy Policy is reviewed at least every three years, or sooner if legal requirements or organisational practices change. The latest version is always available on our website or upon request.

This policy was originally agreed by Trustees 26 June 2018 and subsequently updated, reviewed and approved by Trustees on 7 October 2021 and 26 June 2025.