Personal Information we may collect from you, and legal basis for doing so
We may collect and process some or all of the following types of data about you:
- Information that you provide by filling in forms on our website (www.opera-viva.org.uk). This includes information provided when registering to become a member, supporter, or friend of the society. In these cases, the legal basis for processing your data is the consent you give when registering, which can be withdrawn at any time.
- If you contact us, we may keep a record of that correspondence. To the extent that you are contacting us in order to conduct business, our legal basis is contractual obligation. Beyond that, we will retain emails where it is in our legitimate interest.
- We may ask you to complete surveys that we use for research purposes, although you are under no obligation to respond to them. For these we will request consent at the time of survey.
- Details of your visits to our site and your general internet usage including, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access. We may also collect information about your computer, including where available your IP address, operating system, browser type, and other information available from you. Un-anonymised logs will be kept for a short period in order to improve security under our legitimate interests, after which they will have all PII removed.
How we collect your data
We collect your data through:
- Direct interactions - you may give us your personal data by filling in forms online or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you register with us, request a product or service, give us feedback, or request marketing.
- Automated technologies or interactions - as you interact with our website, we will automatically collect technical data about your equipment, browsing actions and patterns. This data is automatically collected by the web server, without using cookies or similar technologies. This data is anonymised and does not contain PII.
Where we store your data
We use enterprise grade cloud service providers to provide services including, but not limited to, cloud storage, email hosting, and data collection. All providers we use are to the best of our knowledge GDPR compliant, and are based in the EEA, classed as having adequate security protection by the EU, or are based in the USA and registered under US Privacy Shield legislation.
We employ appropriate security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. All information you provide to us is stored securely. Where we have given you (or where you have chosen) a password which enabled you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unforunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.