Site icon Pobble

Privacy Policy

October 2023

This document sets out the rights of individuals accessing Pobble’s services and how Pobble will protect individuals’ rights under legislation such as the EU GDPR.

How we process your data

Except where indicated in the sections below, we do not share your personally identifiable information with third parties.

We process data according to the following requirements.

Membership

  1. We need to store your data for purposes of creating, maintaining and servicing your Membership of Pobble. We store the following personally identifiable data:
    • Your name
    • Your telephone number(s)
    • Your address
    • Your email address
  2. Your data is sent to and processed by PayPal for processing and maintenance of your Membership (“Subscription” within PayPal) and is subject to their Privacy Policy.
  3. Your email address and name is sent to and processed by MailChimp for purposes of communicating with you regarding events and membership administration.
  4. You may cancel your Subscription (Membership) for Pobble at PayPal at any time. Our access to your data will be removed with immediate effect, for the purposes of Membership management.
  5. We keep this data under the Legal obligation basis, that is we are required to maintain your Membership (and its ongoing subscription) as per charity legislation in the Isle of Man and our Articles of Association.

Buddy System/”Sheshaghyn”

  1. We need to store your data for purposes of creating, maintaining and servicing your participation within the Buddy system. This applies to both Members and non-Members (as Mainshteryn/Mentors are not required to be Members, though for the purposes of administration are treated as such).
  2. We store the following personally identifiable data:
    • Your name
    • Your telephone numbers
    • Your address
    • Your email address
  3. This processing falls under the GDPR Contract legal basis, that is, you have entered an arrangement in the form of your Mainshter or Prindeys status.
  4. For Mainshteryn/Mentors, we’ll keep your data no longer than a month following your informing us of your wish to terminate your registration as a mainshter. This does not affect our obligations under the processing of your data for the purposes of maintaining your Membership, if any, so we may retain your Membership data under the legal basis for Membership.
  5. For Prindessyn/Apprentices, we’ll keep your data for no longer than three months following the completion of your most recent buddy partnership. We must retain these anonymised records for the term of our relationship with each Mainshter/Mentor for the purposes of provision of benefits, remuneration, etc
  6. Three months following completion of a partnership, both Mainshter and Prindeys data will be anonymised to remove personally identifiable data.
  7. It is inevitable that your information will be shared with the other side of your Buddy partnership. Their storage of your data will be subject to their own implementation of GDPR, if required.
  8. As the Buddy System falls under the Contract legal basis, it is not required of Pobble to support an individual’s objection of storage or restriction of use of their data. However, if we are requested to do so, we can delete an individual’s data but it must be accepted that this will immediately terminate any Buddy System arrangement (this is without prejudice to Membership data, which must be cancelled separately).

Event management

  1. We need to store your data for purposes of managing events, specifically, to confirm numbers to venues/partners, collect funds required to fulfil booking requirements, etc. by ourselves or our partners and to confirm selections such as menu choices.
  2. We do not share your personally identifiable information with our partners, but we are required to provide partners with non-identifying information such as numbers, menu-choices, special requests, etc. Our partners are typically venues such as restaurants, event spaces, etc. or individuals such as speakers, hosts, etc. Where a special request is made by an individual, we may specifically request Consent as a legal basis to share their personally identifiable information in order to execute the request if we consider it to be required.
  3. This processing falls under the GDPR Legitimate Use legal basis, in that, it would be impossible to accurately and effectively plan events, collect payment and secure space/seating without knowing who will be attending. See the Legitimate Interests Assessment in this document for more information on how we establish this basis.
  4. We’ll delete/destroy your data within 5 days of completion of the event and receipt of any outstanding payment required from the individual in relation to the event (whichever is the later). We retain this information up to this period for the purposes of collecting event feedback, payment and reconciliation with our own records. Data we keep after this period will be anonymised, which will typically be to understand event success.
  5. We cannot offer individuals the ability to opt-out of our handling of individual’s data without cancelling their participation in the event.
  6. As part of our promotion of the event and future events, we may use names, quotations or photographs which may be published on our web-site, through press channels or social media. In most circumstances and where appropriate to do so, we will explicitly seek permission. You retain your right to be excluded from this use so we will provide a clearly identified opt-out form/opportunity at every event.
  7. Legitimate Interests Assessment
    1. For the purposes of clarity, where we rely on Legitimate Interests to process data as a legal basis, we have done so according to the following assessment:
    2. Identify the Interests
      1. Management of transient events/data that have specific expiration dates after which data may be deleted.
      2. Provide support for individuals’ preferences, requirements, tastes and capabilities in relation to the activity.
      3. Understand subscription, attendance and interest in events and activities with a view to maintaining communication with individuals until 5 days following completion of the event.
    3. Necessity
      1. Without collecting personally identifiable information to support the event/activity, it would not be possible to accurately, effectively and safely host, conduct or provide the event/activity.
      2. Collection of interest, attendance, preferences, requirements, etc. may be via mediums we cannot fully control, such as social media.
    4. Balance
      1. Data collected will be for the purpose of hosting, executing or implementing the event/activity only.
      2. It may be required to request personal and private data in the interests of safety in order to host an event/activity. (allergies, medical issues with regards trips/activities, etc.). This personal data will be destroyed immediately following the event/activity.
      3. We are happy to explain why we need information either personally or officially, in writing.
      4. Whilst we cannot guarantee individuals have the right to opt out, we will endeavour to try without affecting their participation. We may be able to use an anonymised identity, for example.

Marketing

  1. From time to time we will contact individuals to inform them, invite them or make requests of them in support of Pobble, its activities and supporters. These communications are regardless of Membership of Pobble and will be processed independently of any membership or subscription.
  2. This processing falls under the GDPR Consent use legal basis. All individuals are offered the opportunity to receive marketing communications from ourselves based on a clear “opt-in” process which has no prejudice to any service provided by Pobble.
  3. Each communication will include an option for this consent to be removed (typically, an “Unsubscribe” link will be how we implement this option). On activation, this will deactivate this communication. It will not affect any other data we hold for you under other legal bases, such as Membership, Buddy system, etc.

Analytics

  1. We collect data in relation to our implementation of modern communication mediums such as web sites, social media interactions, etc. Whilst this data is generally aggregated, some identifying data is collected and it may be possible for identities to be inferred given the niche nature of the data and our users. It is possible to opt-out of this using the cookie opt-out on every page.
  2. Where we use third parties to provide services such as web sites, social media, etc. Where your data is held or managed by a third party, your rights fall within the remit of these third parties. Therefore, if you interact with us on Facebook, your rights within GDPR will be implemented by Facebook.

Prizes, awards and competitions

  1. As part of managing prizes, awards and competitions we collect data in order to identify contributors. This detail may include any of the following:
    • Name
    • Email address
    • Telephone Number
    • Mailing address
  2. This processing falls under GDPR Consent basis, because you have explicitly submitted (and therefore consented) to the award process for consideration.
  3. You have the right to have your data deleted, though you agree that your participation and eligibility in the award process will be terminated.
  4. Your data may be shared with third parties, such as further committees, judges, award ceremonies, etc.
  5. Where we use a third party within our own service, your rights fall within our implementation of GDPR. We will apply whatever legal basis we see fit at the time of implementation and update this Privacy Notice accordingly.

Web site interaction

  1. This web-site offers interactive elements such as subscriptions, following and commenting as part of your WordPress user login.
  2. Within this, any comments, etc. you have provided Consent Legal Basis. De-registering your WordPress account will anonymise any published content.

Actioning GDPR Requests

  1. The act of actioning your rights under GDPR requires us to collect information from individuals for identification. We will retain this for the period of the GDPR Request only.
  2. We will endeavour to collect only the necessary identifying information of an individual to guarantee identity whilst being able to respond to requests

Acting on your rights to your data under GDPR

  1. Whilst the GDPR legislation is intended for EU citizens, we will endeavour to allow all individuals to exercise similar rights, regardless of state.
  2. If you wish to exercise your rights under GDPR, please contact us.
  3. Making requests is free of charge in principle, but we reserve the right to charge an appropriate administration fee if the request is complex, unfounded or excessive. The application and amount of this fee will be at our discretion.
  4. We will endeavour to provide you with the results of your request as soon as possible, but certainly within a month.

About us

Pobble are a registered charity focused on the promotion of Manx Gaelic as a community resources.

We promote Manx Gaelic in the community by holding events, providing a mentoring service and supporting the language as a national resource.

News

Keep in touch

Sign up to our newsletter to stay informed about our plans and events.

Exit mobile version