Cowley Road Works Logo AnimatedData Protection Policy

  1. Introduction

The General Data Protection Regulations (GDPR) is a new law which will replace the current Data Protection Act.  Every organisation in every sector that processes personal data will have to be compliant with GDPR – this is a fundamental legal responsibility and one which Cowley Road Works (CRW) takes very seriously.  This document sets out the policy and procedures to be put in place to ensure that CRW and its staff and trustees comply with the provisions of the GDPR when processing personal data.

CRW is required to adhere to the eight principles of data protection as laid down by the GDPR. In accordance with those principles personal data shall be:

  1. Processed fairly and lawfully and in a transparent manner
  2. Processed for specified purposes only
  3. Adequate, relevant and not excessive
  4. Accurate and up to date
  5. Not kept longer than necessary
  6. Processed in accordance with the individual’s rights
  7. Processed and held securely
  8. Not transferred outside the countries of the European Economic Area without adequate protection.
  9. How We Collect Your Personal Information

Generally, we collect your information when you decide to interact with us. This can happen by you letting us know that you want to receive our newsletter or emailed information about Carnival and/or our other activities, by volunteering to help our charity, by participating in or bringing your business to Carnival, or by becoming a sponsor or donor.

  1. The Types of Information We Collect

We only collect the information that is necessary for us to carry out our work as a charity effectively  and to make the activities and events that we undertake as enjoyable as possible.  Any information that we collect from you will be at an appropriate level and specific to your involvement with CRW.

  1. How We Protect Your Data

CRW is committed to protecting the personal information you entrust to us.  Where we process your personal data we will do so in compliance with the requirements of this policy.

CRW must ensure that:

  • all personal data is kept securely;
  • no personal data is disclosed either verbally or in writing, accidentally or otherwise, to any unauthorised third party;
  • any queries regarding data protection, including subject access requests and complaints, are promptly dealt with;
  • any data protection breaches are attended to swiftly with a view to resolving them as soon as possible;
  • where there is uncertainty around a data protection matter, advice is sought from the CRW Director and/or the CRW Trustees.

Staff and volunteers who are unsure or unclear as to the identities of the authorised third parties to whom they can legitimately disclose personal data should seek advice from the CRW Director and/or the CRW Trustees.

  1. Access to Your Data

CRW is required to permit individuals to access their own personal data via a subject access request. Any individual wishing to exercise this right should do so in writing.  You can write to us at Cowley Road Works, Pegasus Theatre, Magdalen Road, Oxford, OX4 1RE or email us at  We will respond to you request as soon as possible.

  1. Data Protection Breach

Where a Data Protection breach occurs, or is suspected, it should be reported immediately to CRW.

  1. Updates or Changes to the Privacy Policy and Further Information

This notice was updated on 16 May 2018.  It will be updated from time to time to take into account changes in the law and it will also be reviewed annually by CRW to ensure that it is compatible with developments and changes made within CRW.

Policy updated on [16 May 2018]

You can download a copy here

2018 05 16 – CRC Data Protection Policy