Data Retention Policy – Consumer Data
1. Introduction
In accordance with UK GDPR and the Data Protection Act 2018, Valley Fest Ltd (“Valley Fest”) are required to put in place certain policies and procedures to comply with the holding and processing of personal data. In particular, the principle that processing should be lawful, fair and transparent, should be adhered to at all times.
Valley Fest only collects via Ticketline (through tickets sales) and via Mailchimp (for marketing purposes).
All sensitive data referencing the purchase of tickets was processed by Ticketline up to 2022 from Aug 12th processed by SEE Tickets and covered by their own Data Policies. No information is held on servers that Valley Fest is in control of.
Our marketing database is managed through Mailchimp which has direct marketing requirements built in, e.g. an unsubscribe option on all communications.
In addition, Valley Fest uses the services of Weez Events to manage their cashless wristband operation. Account creation, including name & email, is required for sign-up to fulfil wristband use at the event. All sensitive data referencing the top-up of wristbands is processed by Weez Event and covered by their own Data Policies. No information is held on servers that Valley Fest is in control of. No data collected by Weez Event will ever be used for marketing purposes.
Terms in this policy have the same meaning as in the Data Protection Act 2018.
2. Purpose
The purpose of this Policy is to establish the requirements to minimise the storage of confidential personal data (“Personal Data”) and the risk of loss or manipulation of Personal Data in the event of compromise, human error, equipment failure or disaster.
3. Scope
The scope of this Policy includes all Personal Data, devices and information held by and on behalf of Valley Fest, in particular the Consumer Data held by Mailchimp for marketing purposes.
4. Responsibilities
Valley Fest shall ensure that this Policy is communicated to all relevant employees, contractors and third parties involved in the retaining or processing of Personal Data and that they fully understand their responsibilities to comply with this Policy.
5. Assumptions
The legal definitions in the Data Protection Act 2018 continue to be relevant and require the current levels of protection.
6. Retention
Valley Fest operates on the basis of ‘less is best’, as such we (and any third party data processor) :
7. Retention Schedule
| Source of Data | Basis of collection | Justification for retention | Retention Period | Method of disposal |
| SEE Tickets – Ticket Purchase | Consent | To fulfil ticket delivery | For as long as is necessary to fulfil the purpose of providing you a service to deliver your ticket and any other services that have been requested. | Anonymised |
| Weez Event – Cashless Wristband Top-UP | Consent | To fulfil cashless wristband use & post event statistical analysis. | For as long as is necessary to fulfil the purpose of providing you a service to deliver your cashless top up and any other services that have been requested. | Anonymised |
| MailChimp -Newsletter Sign-ups | Consent | To fulfil newsletter delivery | Until unsubscribe | Deletion |
8. Enforcement
Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
Valley Fest Ltd is registered with the Information Commissioner as a data controller with registration number ZB283240.