Privacy & Data Protection Policy
Official policy information for audience, filmmakers, volunteers, staff and partners.
1. Who We Are Glowflare Limited (“we”, “us”, “our”) operates the Glowflare Short Festival and related websites, events, submissions, communications, and services (“the Festival”). Website: https://www.glowflareshortfestival.com We are committed to protecting personal data and handling it responsibly, transparently, and in accordance with UK data protection law. 2. Scope of This Policy This policy applies to personal […]
Transparency
1. Who We Are
Glowflare Limited (“we”, “us”, “our”) operates the Glowflare Short Festival and related websites, events, submissions, communications, and services (“the Festival”).
Website: https://www.glowflareshortfestival.com
We are committed to protecting personal data and handling it responsibly, transparently, and in accordance with UK data protection law.
2. Scope of This Policy
This policy applies to personal data collected through:
- Our website and online services
- Film submissions and Festival participation
- Ticketing, accreditation, and events
- Online store purchases and payments
- Newsletters and email communications
- Social media interactions
- Offline Festival operations where applicable
It applies to website visitors, filmmakers, attendees, customers, volunteers, staff, judges, partners, and media representatives.
3. Legal Framework
We process personal data in accordance with:
- UK General Data Protection Regulation (UK GDPR)
- Data Protection Act 2018
- Privacy and Electronic Communications Regulations (PECR)
- Any other applicable UK data protection law
4. Personal Data We Collect
4.1 Identity & Contact Information
- Name
- Email address
- Telephone number
- Postal, billing, and shipping addresses
- Username and account details (if applicable)
- Organisation or professional role
4.2 Submission & Participation Data
- Film titles, synopses, and descriptions
- Cast and crew details
- Promotional materials (stills, posters, trailers)
- Accreditation, ticketing, or attendance details
- Reviews, feedback, or comments you choose to submit
4.3 Transaction & Account Data
When you purchase from us or create an account, we may collect:
- Products viewed or purchased
- Order history
- Billing and shipping details
- Email address and phone number
- Account preferences
Payment card details are processed securely by third-party payment providers and are not stored by us.
4.4 Technical & Usage Data
- IP address
- Browser and device information
- Login and session activity
- Website usage data
4.5 Special Category Data
We only collect special category data (for example, accessibility requirements) where necessary and with appropriate safeguards.
5. Comments & User-Generated Content
When visitors leave comments on our website, we collect the data shown in the comments form, as well as the visitor’s IP address and browser user agent string to help with spam detection.
An anonymised string (hash) created from your email address may be shared with the Gravatar service to check if you use it. The Gravatar privacy policy is available at https://automattic.com/privacy/.
Once approved, comments and associated profile images may be publicly visible.
6. Media Uploads
If you upload images or other media to the website, you should avoid including embedded location data (EXIF GPS). Media uploaded to the website may be publicly accessible, and visitors may be able to download and extract metadata.
7. Cookies & Similar Technologies
Our website uses cookies and similar technologies to ensure it functions correctly, improve user experience, and understand how it is used.
Some cookies are essential and do not require consent. Other cookies, such as analytics or marketing cookies, are only used where you have given your consent.
Full details of the cookies we use, their purposes, and how to manage your preferences are provided in our Cookie Policy, which should be read alongside this Privacy & Data Protection Policy.
8. Newsletters & Email Communications
If you subscribe to our newsletter, create an account, or make a purchase, we may send you emails relating to:
- Festival news and announcements
- Orders, payments, and account activity
- Customer service communications
- Marketing communications (where you have opted in)
We collect your name, email address, and sign-up IP address to prevent abuse of our systems.
We may track email opens and clicks to help us understand engagement and improve our communications. You may unsubscribe at any time using the link provided in our emails.
9. Social Media & Online Platforms
We maintain official accounts on social media platforms which may include Facebook, Instagram, X (formerly Twitter), LinkedIn, YouTube, and similar services.
9.1 Interaction With Us on Social Media
When you interact with us via social media (for example by following, liking, commenting, sharing, or messaging), we may receive personal data such as:
- Public profile information
- Username or handle
- Profile image
- Comments, messages, or engagement data
We use this information to engage with our audience, respond to enquiries, promote Festival activities, and improve our communications.
9.2 Independent Data Controllers
Social media platforms process your personal data in accordance with their own privacy policies. Depending on the interaction, we and the platform may act as independent data controllers (or, in limited cases, joint controllers).
We encourage you to review the privacy policies and settings of the relevant platform.
9.3 Embedded Social Media Content
Our website may include embedded social media content or sharing features. These may allow third-party platforms to collect data about you, even if you do not actively interact with the content.
10. How We Use Personal Data
We use personal data to:
- Administer Festival submissions and programmes
- Process orders, payments, and refunds
- Manage accounts, accreditation, and attendance
- Communicate with participants and customers
- Deliver newsletters and updates
- Improve our website and services
- Maintain security and prevent fraud
- Meet legal and regulatory obligations
We do not sell personal data.
11. Lawful Basis for Processing
We process personal data under one or more of the following lawful bases:
- Contract
- Legal obligation
- Legitimate interests
- Consent
- Vital interests (emergency or safeguarding situations)
12. Data Sharing & Third Parties
We may share personal data with:
- Festival staff, contractors, and volunteers
- Judges and screeners (evaluation purposes only)
- Website hosting and technical service providers
- Email, analytics, and consent-management providers
- Payment processors (such as PayPal or Square)
- Legal or regulatory authorities where required
Third parties process data in accordance with their own privacy policies and applicable law.
13. Embedded Content & External Services
Articles on our website may include embedded content (such as videos, images, or articles). Embedded content behaves as if you visited the external website directly and may collect data, use cookies, and track interactions.
14. Data Retention
We retain personal data only for as long as necessary, including:
- Comments and related metadata: retained indefinitely
- User accounts: retained until deleted by the user or administrator
- Order and transaction records: retained for legal and accounting purposes
- Newsletter data: retained until you unsubscribe
- Analytics data: retained in line with provider settings
Data may be anonymised for statistical or historical purposes.
15. Your Rights
Under UK GDPR, you have the right to:
- Access your personal data
- Correct inaccurate or incomplete data
- Request erasure (where legally permitted)
- Restrict or object to processing
- Request data portability
- Withdraw consent at any time
Requests may require identity verification.
16. International Data Transfers
Where personal data is processed outside the UK, appropriate safeguards are applied to ensure UK GDPR standards are met.
17. Data Security & Breach Procedures
We use appropriate technical and organisational measures to protect personal data, including access controls, secure storage, and staff awareness.
In the event of a data breach, we will assess and investigate promptly, notify the Information Commissioner’s Office (ICO) where required, and inform affected individuals when legally necessary.
18. Complaints
If you have concerns about how your data is handled, please contact us directly.
You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).
19. Changes to This Policy
We may update this policy from time to time. The latest version will always be published on our website.
20. Acceptance
By using our website, submitting materials, making purchases, engaging with us on social media, or participating in Festival activities, you acknowledge and accept this Privacy & Data Protection Policy.