Privacy Policy
Data Controller Information
Southampton Festival of Music and Drama is responsible for your entrant information. The festival has not shared a privacy policy here. For details about how your data is handled, please contact the festival directly.
Platform Privacy Policy
This website is powered by FestAdmin, a platform provided by Drofmada Ltd. The following privacy policy explains how FestAdmin handles data processing for this festival.
Last updated: 23/10/2025
Drofmada Ltd ("we", "our", "us"), trading as FestAdmin, provides tools for festivals to manage entries, bookings, and websites. This Privacy Policy explains how we handle personal data in two contexts:
- Section A – Festival Entrants and Festival Websites (you interact with a festival's website powered by FestAdmin – here we are a Data Processor, and the festival is the Data Controller).
- Section B – Festival Organisers and Admin Portal Users (you use the FestAdmin portal as an organiser – here we are the Data Controller).
We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Who We Are
- Company name: Drofmada Ltd (trading as FestAdmin)
- Company number: 16385848
- Registered office: Suite RA01, 195-197 Wood Street, London, E17 3NU, United Kingdom
- Contact: [email protected]
Section A – Festival Entrants and Festival Websites
When you enter or book with a festival using a website powered by FestAdmin:
- The festival is the Data Controller (they decide how your data is used).
- FestAdmin acts as a Data Processor, providing the technical platform.
What We Do
- We collect the personal data you provide when booking or entering (e.g. name, contact details, entry/booking details).
- We pass this information directly to the festival you are signing up for.
- Payments are processed by Stripe, directly into the festival's account. We never see or store your full payment card details.
What the Festival Does
- The festival decides how your data is used beyond the booking process.
- Each festival may provide its own privacy policy, which will be displayed on their website if available.
- If a festival does not provide a policy, you should contact them directly for details of how they handle your data.
Section B – Festival Organisers and Admin Portal Users
When you sign up as a festival organiser or admin team member:
- FestAdmin is the Data Controller for your account and related data.
What We Collect
- Account details (name, email, role, login information)
- Festival details (festival name, contact info, preferences)
- Usage data (log files, device/browser info, activity logs)
- Payment setup details (via Stripe Connect – we never see raw card details)
Festival Content
FestAdmin also stores festival-related content such as Classes, Categories, Trophies, and Event Locations.
This information belongs to the festival and is only used to operate and display the festival's website. It is not personal data and is not shared outside your festival's context.
How We Use It
- To provide access to the FestAdmin portal
- To authenticate and secure accounts
- To pass booking and payment information into your festival's Stripe account
- To communicate with you (via Mailgun)
- To improve our service (via Google Analytics)
- To protect our systems (via Cloudflare)
Legal Bases
- Contract (providing you with FestAdmin)
- Legitimate interests (service improvements, security)
- Legal obligations (e.g. accounting retention)
Retention
- Organiser account data: kept for 6 years after closure.
- Aggregated festival usage metrics: may be retained longer in anonymised form, if requested by the festival.
Cookies and Analytics
We use cookies and similar technologies across both the portal and festival websites:
- Cloudflare – for security and performance (Cloudflare Privacy Policy)
- Google Analytics (IP anonymised) – to understand usage (Google Privacy Policy)
- Session cookies – to keep you logged in
You can manage cookies through your browser settings.
Who We Share Data With
We only share data with carefully selected providers that help us run FestAdmin:
- Hosting Provider (EU) – secure data storage and server infrastructure
- Security Services (global) – DDoS protection, content delivery, and performance optimisation
- Email Delivery (EU/US) – transactional email services for notifications and communications
- Payment Processing (EEA/UK) – secure payment handling and financial transactions
- Analytics Services (EU/US) – anonymised usage analytics to improve our service
All providers are bound by strict data processing agreements and maintain appropriate security certifications.
International Data Transfers
Most of our data is hosted in the UK or EEA. Some of our service providers may transfer data outside the UK/EEA, for example to the United States.
Where this happens, they use legally recognised safeguards such as UK-approved Standard Contractual Clauses (SCCs) to ensure your data remains protected.
Security
- Hosting in EU data centres with appropriate security certifications
- SSL/TLS encryption for all traffic
- Access controls and monitoring
Your Rights
Under UK GDPR, you can:
- Access your data
- Correct inaccuracies
- Request deletion ("right to be forgotten")
- Restrict or object to processing
- Ask for data portability
For festival website bookings: contact the relevant festival.
For FestAdmin portal accounts: contact us at [email protected]
Contact Us
📮 Drofmada Ltd, Suite RA01, 195-197 Wood Street, London, E17 3NU, United Kingdom
If you are not satisfied, you can complain to the UK Information Commissioner's Office (ICO): www.ico.org.uk