Data Protection Policy

1. Purpose of this Policy

The Island Glow Awards (“IGA”, “we”, “our”, “us”) is committed to protecting the rights and privacy of all individuals whose personal data we collect, store, and process. This policy sets out how we comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, ensuring all personal data is collected, processed, stored, and shared lawfully, fairly, and transparently.

2. Scope

This policy applies to all committee members, judges, staff, volunteers, and third parties who handle personal data on behalf of the Island Glow Awards. It covers all data relating to entrants, judges, sponsors, suppliers, staff, and website users.

3. Data We Collect

We may collect and process the following types of data:

• Personal details (name, email address, phone number, address)
• Professional information (business name, job title, social media handles, portfolio links)
• Entry submissions (written statements, images, videos, supporting documents)
• Payment details (for ticket and entry purchases)
• Marketing preferences
• Any other information provided voluntarily (e.g. accessibility needs, dietary requirements at events)
• 
  

4. Legal Basis for Processing

We process personal data only when a lawful basis applies, including:

• Consent – when individuals opt-in to communications or provide entry details voluntarily
• Contract – where processing is necessary to deliver tickets, entries, sponsorship, or agreements
• Legal obligation – where required by law or regulation
• Legitimate interests – to manage and operate the awards, ensure fairness, and improve our services
• 
  

5. How We Use Data

Personal data will only be used for the purposes for which it was collected, including:

• Administering award entries and judging
• Communicating with entrants, judges, sponsors, and partners
• Managing ticket sales and event attendance
• Marketing and promotional activities (only with consent)
• Ensuring compliance with legal obligations
• 
  

6. Data Sharing & Third Parties

We will never sell personal data. We may share limited data with:

• Judges, for the purpose of reviewing entries
• Event partners, where necessary for logistics (e.g. venues, caterers)
• Service providers (e.g. payment processors, ticketing platforms)
  All third parties are required to maintain appropriate data protection standards.
• 
  

7. Data Retention

• Entry and judging data: kept for up to 12 months after the awards ceremony
• Ticketing and payment information: kept for 6 years (legal requirement)
• Marketing lists: until the individual withdraws consent
  After these periods, data will be securely deleted or anonymised.
• 
  

8. Data Security

We take appropriate measures to protect personal data, including:

• Secure storage (password-protected systems, encrypted files)
• Restricted access (only to those who need it)
• Regular monitoring of data protection practices
• 
  

9. Rights of Individuals

All individuals have the following rights under UK GDPR:

• To be informed about how their data is used
• To access their personal data
• To correct inaccuracies (rectification)
• To request erasure (the “right to be forgotten”)
• To restrict or object to processing
• To request data portability

Requests can be made in writing to the Data Protection Lead.

10. Data Breaches

Any suspected or actual data breach must be reported immediately to the Data Protection Lead. Serious breaches will be reported to the Information Commissioner’s Office (ICO) within 72 hours and affected individuals will be informed if there is a high risk to their rights.

11. Roles & Responsibilities

• Data Protection Lead – responsible for ensuring compliance and acting as the point of contact for queries.
• All committee members and staff – must follow this policy and complete relevant training.