Cookies and Privacy

    Privacy policy


    Website level - When you use the contact us form to contact each BTCK website's owner, your Email is passed to them so that they can contact you back. Data processing lies with each BTCK website's owner.


    Visitors to our website

    When someone visits or its subsites, we use Google analytics to collect standard log information about them and general details of visitor behaviour patterns. We do this to find out how many people visit the site. We collect this information in a way that does not identify anyone. We do not seek to link that information to anyone or use it in any other way.

    Do we use cookies?

    Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or to provide information to the owners of a website about how it is being used by visitors to that website.

    For example, we use cookies as part of Google analytics, to see if someone has viewed our website previously.

    If you do not want us to do this then you can visit here to opt out of this service.

    Cookies used by BT

    The Community Web Kit has been developed by BT to help community groups build and maintain their own websites. However responsibility for the content of these websites lies with the organisation which builds them and not with BT. To provide this facility the website uses the following cookies which have been categorised by BT as ‘strictly necessary’ using the ICC UK guide of cookie categorisation.

    • ASP.NET_SessionId: This is the ASP.NET framework ‘session cookie’. Please note that because BT doesn’t control the content of this website it is possible that other cookies will also be used, these are the responsibility of the organisation the site represents and not BT.

    Functional cookies on this site

    The following list of cookies are added by Google and are needed for the reCAPTCHA, a free service that protects your website from spam and abuse. reCAPTCHA uses an advanced risk analysis engine and adaptive CAPTCHAs to keep automated software from engaging in abusive activities on your site. It does this while letting your valid users pass through with ease.

    • 1P_JAR
    • APISID
    • HSID
    • NID
    • OTZ
    • SID
    • SIDCC
    • SSID
    • _ga
    • _gid

    Other cookies on this site.

    Data Protection Policy and Procedures

    It is important that everyone involved in your group knows
    how to help protect people’s privacy. To help with this, it can be useful to
    write a Data Protection Policy outlining your commitments to data protection.
    It is also useful to write some specific procedures which provide details of
    how you will ensure your policy is upheld.

    Your policy and procedures should reflect the way you
    actually do things, so it is better not to just use an “off-the-shelf” version.
    To create your policy, go through this sheet, from the beginning, and make
    decisions about how and why your group collects, stores, uses and deletes data.

    To help you write your policy, here is an example to show
    you the kind of things you could include.

    Data Protection Policy

    1) Definitions

    Personal data is information about a person
    which is identifiable as being about them. It can be stored electronically or
    on paper, and includes images and audio recordings as well as written information.

    Data protection is about how we, as an
    organisation, ensure we protect the rights and privacy of individuals, and
    comply with the law, when collecting, storing, using, amending, sharing,
    destroying or deleting personal data.

    2) Responsibility

    Overall and final responsibility for data
    protection lies with the management committee, who are responsible for
    overseeing activities and ensuring this policy is upheld.

    All volunteers are responsible for observing
    this policy, and related procedures, in all areas of their work for the group.

    3) Overall policy

    Garstang Scarecrow Festival Team needs to keep
    personal data about its committee, members, volunteers and supporters in order
    to carry out group activities.

    We will collect, store, use, amend, share,
    destroy or delete personal data only in ways which protect people’s privacy and
    comply with the General Data Protection Regulation (GDPR) and other relevant

    We will only collect, store and use the minimum
    amount of data that we need for clear purposes, and will not collect, store or
    use data we do not need.

    We will only collect, store and use data for:

    purposes for which the individual has given
    explicit consent, or

    purposes that are in our our group’s legitimate
    interests, or

    contracts with the individual whose data it is,

    to comply with legal obligations, or

    to protect someone’s life, or

    to perform public tasks.

    We will provide individuals with details of the
    data we have about them when requested by the relevant individual.

    We will delete data if requested by the relevant
    individual, unless we need to keep it for legal reasons.

    We will endeavour to keep personal data
    up-to-date and accurate.

    We will store personal data securely.

    We will keep clear records of the purposes of
    collecting and holding specific data, to ensure it is only used for these

    We will not share personal data with third
    parties without the explicit consent of the relevant individual, unless legally
    required to do so.

    We will endeavour not to have data breaches. In
    the event of a data breach, we will endeavour to rectify the breach by getting
    any lost or shared data back. We will evaluate our processes and understand how
    to avoid it happening again. Serious data breaches which may risk someone’s
    personal rights or freedoms will be reported to the Information Commissioner’s
    Office within 72 hours, and to the individual concerned.

    To uphold this policy, we will maintain a set of
    data protection procedures for our committee and volunteers to follow.

    Data Protection Procedures

    1) Introduction

    Garstang Scarecrow Festival Team has a data
    protection policy which is reviewed regularly. In order to help us uphold the
    policy, we have created the following procedures which outline ways in which we
    collect, store, use, amend, share, destroy and delete personal data.

    These procedures cover the main, regular ways we
    collect and use personal data. We may from time to time collect and use data in
    ways not covered here. In these cases we will ensure our Data Protection Policy
    is upheld.

    2) General procedures

    Data will be stored securely. When it is stored
    electronically, it will be kept in password protected files. When it is stored
    online in a third party website (e.g. Airtable) we will ensure the third party
    comply with the GDPR. When it is stored on paper it will be filed carefully in
    a locked filing cabinet.

    When we no longer need data, or when someone has
    asked for their data to be deleted, it will be deleted securely. We will ensure
    that data is permanently deleted from computers, and that paper data is shredded.

    We will keep records of consent given for us to
    collect, use and store data. These records will be stored securely.

    3) Mailing list

    We will maintain a mailing list. This will
    include the names and contact details of people who wish to receive , publicity
    and fundraising appeals from Garstang Scarecrow Festival Team.

    When people sign up to the list we will explain
    how their details will be used, how they will be stored, and that they may ask
    to be removed from the list at any time. We will ask them to give separate
    consent to receive publicity and fundraising messages, and will only send them
    messages which they have expressly consented to receive.

    We will not use the mailing list in any way that
    the individuals on it have not explicitly consented to.

    We will provide information about how to be
    removed from the list with every mailing.

    We will use mailing list providers who store
    data within the EU.

    4) Supporting

    From time to time, individuals contact the Group
    to ask us to help them resolve an issue they are having with the council,
    relating to their housing or other local services.

    We will request explicit, signed consent before
    sharing any personal details with the council or any other relevant third

    We will not keep information relating to an
    individual’s personal situation for any longer than is necessary for the
    purpose of providing them with the support they have requested.

    Personal data relating to housing issues will be
    stored securely by a member of the committee, and not shared among the rest of
    the committee or with other volunteers unless necessary for the purpose of
    providing the support requested.

    Details relating to individual’s circumstances
    and housing will be treated as strictly confidential.

    5) Selling

    We sell merchandise and other opportunities such
    as parking to help raise money for the group.

    When doing this we will ensure that we gain all
    consent in order to hold, process and use data.

    6) Contacting

    Local people volunteer for Garstang Scarecrow
    Festival Team in a number of ways.

    We will maintain a list of contact details of
    our recent volunteers. We will share volunteering opportunities and requests
    for help with the people on this list.

    People will be removed from the list if they
    have not volunteered for the group for 12 months.

    When contacting people on this list, we will
    provide a privacy notice which explains why we have their information, what we
    are using it for, how long we will keep it, and that they can ask to have it
    deleted or amended at any time by contacting us.

    To allow volunteers to work together to organise
    for the group, it is sometimes necessary to share volunteer contact details
    with other volunteers. We will only do this with explicit consent.

    7) Contacting
    committee members

    The committee need to be in contact with one
    another in order to run the organisation effectively and ensure its legal
    obligations are met.

    Committee contact details will be shared among
    the committee.

    Committee members will not share each other’s
    contact details with anyone outside of the committee, or use them for anything
    other than Garstang Scarecrow Festival Team business, without explicit consent.