Privacy Policy

Moving Memory Dance Theatre Privacy Policy (2018: revised 2021)

Moving Memory Dance Theatre is a charity set up for public benefit. Moving Memory works to improve the health and wellbeing of older people through a distinctive, peer-led, creative practice which enables people to tell their own stories and express their individual identity. We need to collect personal data to deliver our work and fulfil our legal obligations. We need data to help us monitor the impact of our work and make sure what we are delivering is meaningful and beneficial. We need data about our supporters because, without their ongoing support, we will not exist.

This policy complies with the Data Protection Act 2018 (DPA 2018). We collect and process data in accordance with the UK GDPR (General Data Protection Regulations) which replaced the EU GDPR. Under GDPR, Moving Memory Dance Theatre is a data controller. We are not registered with the Information Commissioner’s Office because we are a small, non-profit-making organisation which only processes information necessary to establish and maintain support and to administer our activities and we only share information with people and organisations when it is necessary to carry out our activities, so we believe we are exempt from registration.

We are not required to appoint a Data Officer but the responsibility for Privacy and Data Protection has been allocated to the Development Director who is responsible for ensuring regular review of privacy issues and for reporting any data breaches to the Information Commissioner’s Office. This policy is due to be reviewed by the Trustees at a Board Meeting in June 2025.

Please contact info@movingmemorydance.com if you believe there has been a data breach. We only hold and process personal data where the law allows us. The current law sets out a number of permissible reasons for collecting and processing personal data. The reasons that apply to our collection of data are:

  • Contract — we may make contracts with other people or organisations which mean we need to keep certain data.
  • Legal compliance — there are occasions when we have a legal obligation to collect and process personal data.
  • Legitimate interests — personal data may be collected in a way which might reasonably be expected as part of running the organisation so long as this does not materially impact peoples’ rights, freedom or interests.
  • Consent — in some situations, we can collect and process personal data when consent is given.

We ensure that the personal data* we collect is:

  • Processed fairly and lawfully.
  • Obtained only for specified, lawful purposes and is not further processed in any manner incompatible with such purpose(s).
  • Adequate, relevant and not excessive in relation to the purpose(s) for which they are processed.
  • Accurate and, where necessary, kept up to date.
  • Not kept for longer than is necessary.
  • Processed in accordance with the rights of data subjects under GDPR.
  • Subject to appropriate technical and organisational measures against unauthorised or unlawful processing of personal data and against accidental loss, damage to or destruction of, personal data.
  • Not transferred to a country or territory outside the EEA unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

*personal data means any information from which you can be personally identified, including your name, address, date of birth, telephone number, email and postal address and various other information.

What we collect and how we use it
We collect names, addresses, telephone numbers, email addresses and other essential information about the people we work with to allow us to communicate effectively and comply with legal and contractual obligations. We have a legitimate interest to collect personal data of participants in activities, including associated staff and carers who support participants, people who have actively volunteered with us and people who have a professional interest in our work. We collect names, telephone numbers and email addresses to allow us to communicate effectively with them, to let them know about timings and other arrangements.

We may keep a record of our communications and our own notes on their personal health or circumstances in order to improve their experience with us. We may collect the names, telephone numbers and email addresses of intermediaries who can help us facilitate the involvement of more vulnerable participants. Use of video and photographs is an important part of our process. Participants are offered various options for inclusion which are explained at the beginning of any process.

We ask for consent from people who may be interested in what we are doing so that we can collect email addresses, names and, if appropriate, their job title in order to send them our bi-monthly e-newsletter, which includes general information about our activities and occasionally includes requests for donations.

Electronic data collection
We collect information about the use of our website and online resources (using cookies and Google Analytics) which helps us monitor the effectiveness of our work and communications. Website users are automatically notified of our use of cookies. This information is only processed in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting our website.

Data Storage
We are based in the UK. We use off-the-shelf cloud-based products to store our information, including Dropbox, Mailchimp, Gmail and Vimeo. Some of our third-party suppliers have access to our data as part of being able to provide their services. Some are based in the US and abide by US law. If we stop using their services, any of our data held by them will either be deleted or rendered anonymous. Personal data in physical form is scanned and stored online. Our staff are trained to take precautions to minimise the potential risk of unauthorised access to our data (including regular changes in passwords and clean desk policy).

People’s Rights
We respect *people’s rights under GDPR to:

  • Be informed (to know how we use your personal data)
  • Access (to be provided with a copy of your personal data)
  • Rectification (to change incorrect information)
  • Erasure (to request deletion of your personal data — “the right to be forgotten”)
  • Restriction (limit how we use your personal data)
  • Portability (to move your personal data in an accessible form)
  • Object to our using your personal data for legitimate interests
  • Not to be submitted to automated decision making including profiling

Policy originally agreed by Trustees 26 June 2018; updated, reviewed and approved 7 October 2021.

*There are some legal caveats