Privacy Policy

Edinburgh International Book Festival is committed to ensuring the privacy of its visitors and customers.

This Privacy Policy explains how we use and protect your personal information. We may occasionally make updates, so please check this statement from time to time.

Who we are

“We” are the Edinburgh International Book Festival, a registered charity in Scotland SC010120. We are a not-for-profit company limited by guarantee. This Privacy Policy encompasses the activities of Edinburgh International Book Festival.

What data protection laws?

We are committed to protecting and respecting your privacy in accordance with the Data Protection Act 2018 (DPA 2018), UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).

Purpose of this document

The purpose of this policy, alongside our terms and conditions, cookie policy and any other documents referred to herein, is to document which personal data we may collect or receive from you and the basis for how and why we process that information.

What info we collect about you

  • Identity data 
     
    • your name and title
    • your contact information (telephone numbers, postal and/or billing address, email address)
    • date of birth
    • gender
    • educational institute or organisation details (such as your school, university, or workplace)
  • Transaction data
    • payment information (such as debit or credit card details)
    • transaction data (including payments to and from you, and details of products and services you have purchased from us)
  • Technical data
    • login credentials (including username and password)
    • device information (such as IP address, operating system and browser type)
    • location information (such as a GPS signal emitted by your mobile device)
    • Usage data including online browsing habits, activities and behaviour (such as which of our web pages you have visited and when you visited them)
  • CRM and preference data
    • marketing preferences (for example where you have opted in to receive our newsletter(s))
    • preferences, access needs and dietary requirements
    • reason(s) for contacting us, such as enquiries or requests
    • opinions, preferences, feedback, complaints, comments and/or suggestions (including comments made on our social media pages and online discussion forums)
  • Security 
     
    • security related information (such as security incident reports, or CCTV footage of our public areas)

How is your data collected

We collect personal information from you through direct interactions like when you:

  • Book tickets or purchase a membership
  • Make a donation
  • Create an account on our website
  • Subscribe to our emailing lists or request a brochure
  • Correspond with us or give us feedback
  • Enter a competition or survey

We also collect information when you interact with our website, such as technical data about your equipment, browsing actions and user journeys. We collect this personal data by using cookies and similar technologies. Please see our cookie policy for further details.

We may also collect your personal information from third party or publicly available sources, including;

  • Analytics and search providers such as Google
  • Social and advertising networks such as Meta
  • Organisations where you have confirmed that they may provide your personal information with us
  • Government, tax or law enforcement agencies

How we use your data

We may use your personal information for a variety of purposes. Often, we will use your data simply to fulfil a request that you have made, such as to send you tickets to one of our events, answer your query, process your membership benefits, and enable you to use our services. 

We may also use your personal information to manage and develop the services we offer. We may: 

  • contact you if we haven’t heard from you for a certain amount of time
  • ensure our records are up to date
  • provide you with service announcements and updates (including changes to our terms and policies)
  • invite you to complete surveys or provide feedback on services we have provided to you
  • fulfil any contract we have with you (such as when you make a purchase and we need to process your payment or deliver something to you)
  • where it is our legitimate interest and your interests and fundamental rights do not override those interests.
  • to comply with our legal, regulatory, and internal governance obligations, public function and duties, and to comply with orders or requests from those same bodies

Personal information may be held in one or more Customer Relationship Management (CRM) databases to ensure we have clear and accurate records about your use of our services, to help understand your requirements, and how we might provide other services to you.

Third party services

Instances we may share your data

We may engage third-party service providers to perform certain functions or to provide services on our behalf. We do not disclose personal information to third parties or external organisations, other than for the direct fulfilment of our services. 

Examples of when we may share your personal information with a third party include:

  • Processing sales, donations, memberships and ticketing transactions
  • Sending you information about upcoming Book Festival events by email, with your permission
  • Sending you a copy of our brochure/programme
  • Serving relevant adverts to you. We do not provide information that could cause individuals to be identifiable but may provide information in aggregate
  • Analytics providers that help us monitor and optimise the functionality of our website

Fundraising Statement

As a fundraising organisation, we undertake in-house research and from time to time engage specialist agencies to gather information about you from publicly available sources, for example, Companies House, the Electoral Register, company websites, ‘rich lists’, social networks such as Linkedin, political and property registers and news archives.  

We may also carry out wealth screening to fast track the research using our trusted third-party partners.  You will always have the right to opt out of this processing. We may also carry out research using publicly available information to identify individuals who may have an affinity to our cause but with whom we are not already in touch. This may include people connected to our current major supporters, trustees or other lead volunteers. We also use publicly available sources to carry out due diligence on donors in line with the charity’s fundraising policies and to meet money laundering regulations.

This research helps us to understand more about you as an individual so we can focus conversations we have with you about fundraising and volunteering in the most effective way, and ensure that we provide you with an experience as a donor or potential donor which is appropriate for you.  We shall be relying on legitimate interest to conduct this research.

If you would prefer us not to use your data in this way, please email us at development@edbookfest.co.uk or call us on 0131 718 5653. 

Compliance with law

We will release personal information where we are required to by law or by the regulations and other rules (including auditing requirements) to which we are subject. We may also exchange information with other companies and organisations for fraud protection and credit risk reduction.

Website 3rd Party Services

We use third-party services to build and maintain functionality and to service your requests on this website. The Edinburgh International Book Festival is not responsible for these third parties and we encourage you to review the privacy policies directly.

How we protect your personal info

We have robust and appropriate security measures in place to protect your personal data from unauthorised or accidental use, loss, disclosure, or alteration. Our employees, contractors, and data processors are subject to a duty of confidentiality when dealing with any personal information and access is limited to those who have a business need. 

Where your data may be processed

All the personal data we collect and handle is processed by our staff in the UK. However, some third party services may be situated outside of the European Economic Area (EEA). Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this privacy notice.

How long do we keep your personal data

We will only keep your personal data for as long as is reasonable and necessary. Some retention periods will be determined by legal or professional guidelines and others by our internal policies. At the end of a retention period, we will review and delete data as required. You can request your personal data is removed from our records at any time.

Access to your personal information (Your rights)

You have the right to:

  • be informed about how we use your personal information
  • require us to correct any inaccuracies in your information
  • withdraw your consent at any time (if you have given consent)
  • obtain and reuse your personal data for your own purpose
  • not to be subject to a decision based on automated processing (automated decision-making and profiling)
  • be forgotten and have your personal data erased (in certain circumstances). You can make this request verbally or in writing and we will respond within one month
  • object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground
  • object to our processing of your personal information for marketing and communication purposes

Updating your personal information and preferences

There are several ways you can update your details:

  • Click unsubscribe in any email communication that we send you
  • Contact us directly, in writing to: 121 George Street, Edinburgh, EH2 4YN, by email admin@edbookfest.co.uk or call us 0131 718 5666.
    • Please include details that will help us locate the relevant personal information. We may ask you to provide a form of identification (such as a driving license, utility bill, or passport) so that we can be sure we only provide personal information to the right person.

Changes to this policy/updates

We make regular reviews of our privacy policy and may make changes from time to time. Updates will be posted to this page. Please check back to view any updates. We publish the date of the most recent amendments below.