Last Updated: 24th June 2021

Introduction

BAFTA has always believed in being open about what data we collect and how we use it. The UK GDPR sets out comprehensive requirements for handling personal data. This includes a number of things we must tell you when we collect data from you. We have provided all the information you need as simply and clearly as possible in this Privacy Policy using a question-and-answer format.

This policy sets out how we will store data relating to prospective and past jurors. If you are a BAFTA member, have applied for one of our initiatives or have signed up to one of our newsletters then another privacy policy may well apply more specifically to our relationship with you.

What data do you hold about me and why?

We may hold the following details about you:

  • Your name
  • Your email address
  • Details of your previous interaction with BAFTA such as juries you have participated in
  • Details of the industry sector you work in and/or details of your areas of expertise/interest
  • Details of how you voted, which will be kept confidential and used for auditing purposes only
  • Should you end up sitting on a jury, we may request further data from you, but we will communicate the purpose of this at the time.

We use your data to pursue BAFTA’s legitimate interests as follows:

Ensuring our juries reflect the diversity of the industries we represent
Identifying and contacting industry figures who can help BAFTA in furthering our mission of promoting excellence, for instance by inviting suitable people to help with participating in BAFTA events and awards.
This falls under section (f) of article 6 of the UK GDPR i.e “processing is necessary for the purposes of the legitimate interests pursued by the controller”.

Your details will be stored as part of a pool of contacts to draw from when compiling juries. To ensure balance, we will hold information on your areas of expertise.

You will always have the option to opt out of being considered and/or contacted for jury duty by notifying us via: [email protected].

How did you obtain my data?

We may have sourced your details independently, or been passed them through a peer recommendation. In these cases we will:

  • Contact you within 30 days of obtaining your details
  • Direct you to this privacy policy
  • Remove you from our list of potential jurors if you don’t respond to our invitation within 30 days of our sending it

In other cases you may have been approached directly by a colleague and asked if you would be interested in being on a BAFTA jury. In these cases they should have directed you to this policy and only passed your details to BAFTA with your consent.

Who is responsible for my data?

Any data collected about you will be kept under BAFTA’s control. BAFTA is registered charity (No. 216726) and can be contacted using the following details:

Postal: The Data Controller, BAFTA, 195 Piccadilly. W1J 9LN.
Email: [email protected]

How long will you keep my data for?

Data on how you voted will be kept indefinitely for confidential auditing purposes only. All other data will be kept on record for 10 years.

Should you wish to ensure you’re not contacted for jury purposes going forward, please notify as via [email protected] and we will place a note on our database accordingly.

Should you wish to be removed from the database entirely, please state this, but bear in mind we won’t be able to ensure you are not contacted again in future.

Where will my data be stored?

Your data will be stored on BAFTA’s own internal systems in our office in London, Cardiff, Glasgow, LA and New York.

We also use cloud based services to store and process data. Some of these cloud providers store data in the United States. In these cases we have reviewed the security and legal privacy safeguards put in place by each service provider. In addition to this, our contracts with these providers include clauses which guarantee that they provide the same safeguards for the data and rights to our members as if the data were stored in the EU. More information about the security measures put in place by these providers is provided in the links below.

We may choose to use other service providers in future, if we do they will be bound by the same strict rules which guarantee that the same safeguards are in place, and your rights remain the same. If we change our service providers then we will update the details on this page so you can always return to this page to see where your data is being stored.

The only cloud based service provider we use at present in relation to Jury administration is:

MailChimp.com
What data: Just name and email address
Purpose: Keeping in touch with jurors via email
Data location: USA
https://mailchimp.com/about/security/
https://kb.mailchimp.com/accounts/management/about-mailchimp-the-eu-swiss-privacy-shield-and-the-gdpr

Who will have access to my data?

Your data will only be accessed by BAFTA staff in our offices in London, Cardiff, Glasgow, LA and New York depending on where the jury you participate in takes place.

Will you give my data to anyone else?

Except for situations where we are legally obliged to pass on your data, such as to law enforcement agencies, we will not give your data to anyone else.

What rights does GDPR give me?

Here is a summary of the main provisions of the UK GDPR which are relevant to the type of data we hold about you:

  • Access: You have the right to view the data we hold about you and to receive copies of this data in digital format.
  • Accuracy / Rectification: If any of the data we hold about you is incorrect or incomplete then you can provide the correct or complete data and we must update the data we hold.
  • Erasure: You can request that we erase all the data we hold about you, but this is only available in some situations.
  • Restriction of processing: In some cases you can ask us to retain your data but not do anything with it.

How do I exercise my GDPR rights?

If you want to exercise any of your rights in relation to data BAFTA holds about you then please email: [email protected] or write to the Data Controller at the address given above (see “Who is responsible for my data?”).

Please provide details in your email/letter of what actions you would like us to take. Depending on the nature of the request and whether or not your request comes from the email address we have on file for you, we may need to verify your identity so that we don’t give out information to the wrong person, or delete the wrong person’s information. In most cases it helps if you are able to provide a contact phone number so that we can validate your identify and discuss the request with you.

What if I have a complaint?

If you are concerned about how we manage your data, or how we have handled a request to exercise your rights, then please get in touch with us to discuss it. To do this please send an email detailing your concerns to [email protected].

If you are still not satisfied with the response you can take your concern to the Information Commissioner’s Office. For details of how to do this please refer to the ICO website: https://ico.org.uk/