Alnwick & District Choral Society takes the protection of personal data very seriously. As this document is so important, we make it easy to find by placing a link to it on every page of our website. Please read the text below to find out how and why we collect and manage data.
What is ‘Personal Data’?
Personal data is information which relates to an individual who can be identified from that data. The information might directly identify the individual or lead to the identification of the individual through information already safely stored by or likely to be passed on to the Data Controller of Alnwick & District Choral Society. The processing of personal data (from 25th May 2018) is governed by the General Data Protection Regulations 2016/679 (“GDPR”). We follow strict security procedures and take appropriate measure to ensure that the information you give us about yourself is not disclosed to a third party.
Who is responsible for the data the group collects?
Alnwick & District Choral Society is the Data Controller under the GDPR. Alnwick & District Choral Society’s Data Protection Officer is the Librarian of the Society who can be contacted at email@example.com
What data do we collect and what do we use it for?
Alnwick & District Choral Society holds personal data in two categories, i.e. for members and non-members of the Society.
Choir Members: for administering membership. Data may include:
- Email Address
- Phone Number & or Mobile Number
- Subscription Payments
- Postal Address
- Voice Part
- Photos/ Video footage
- Bank details
- Gift Aid Declarations
- Emergency contact details
- Medical information
- DBS checks
This data will be used by committee members to manage your membership with Alnwick & District Choral Society and to organise and run our activities.
If you give us your consent to do so, we may also use your contact details to send you marketing/promotional communications from the group.
If you join a working group within the Society (e.g. the Committee) it is accepted that you give permission to allow your email address to be shared with other members of that group.
Any marketing/promotional communication we send you will include a clear option to withdraw your consent (e.g. to ‘opt out’ of future emails) and you can also withdraw consent at any point by contacting the Data Protection Officer, who is our librarian, at firstname.lastname@example.org
Non-members: Event Attendees; Professional Musicians, Employees and Contractors and Website Visitors/Mailing List Subscribers.
Event Attendees: for processing and managing tickets for events
Where our events are ticketed, we need to collect data on the person booking (name and email) in order to allow you access to the event and to send you a confirmation of your reservation/purchase. This data will only be used for administering your access to the event/s for which you have booked and will not be used to send you marketing/promotional messages from the group unless you have also provided your consent to receive these (see below).
Professional Musicians: for administration and legal/regulatory purposes
We may need (for administration or for legal/regulatory reasons) to collect personal or sensitive data on visiting musicians. Where this is the case, we will explain what this is for at the point of collection. Data may include: name, email address, voice part, instruments played, medical information, mini bios/information on past performances.
Employees and Contractors: for administration and legal/regulatory purposes
We may need (for administration or for legal/regulatory reasons) to collect personal or sensitive data on employees or contractors of the group. Where this is the case, we will explain what this is for at the point of collection.
Website Visitors/Mailing List Subscribers: for marketing and promotion
When website visitors contact us via our ‘Contact Us’, ‘Join Us’ and ‘Friends’ pages and request information on our concerts personal data is collected. We offer everybody the opportunity to sign up (consent) to receive marketing and promotional information on the group’s activities (e.g. emails about forthcoming events).
When you sign-up to our marketing mailing list we will ask for your name and email address and will use this data to send you information about our events and activities (e.g. forthcoming performances, social events and fundraising events). We may also ask for your preferred topics and communication methods. These allow us to tailor the information we provide to suit your preferences (e.g. email vs post).
We will only send you information that is related to the group (e.g. we will not use your data to send you marketing messages from 3rd parties).
Anything we send you will include a clear option to withdraw your consent (e.g. to ‘opt out’ of future emails) and you can also do so at any time by contacting the Data Protection Officer, our librarian, at email@example.com
Do we share your data with anyone else?
We will never pass your details on to third parties for marketing purposes.
Security of Data
Names, e-mail addresses, phone numbers and postal addresses etc. are kept by the Secretary and the Librarian.
Gift Aid declarations (on paper) which contain postal addresses are held by the Treasurer and used to complete our Gift Aid submissions to the extent required by HMRC.
All reasonable steps will be taken to ensure that the data, stored both on paper and electronically is held securely. Data held on databases or spreadsheets is password protected and blind copies are used for group emails.
How long we will hold your data?
Alnwick & District Choral Society’s data retention policy is to review all data held on individuals at least every two years and remove data where we no longer have a legitimate reason to keep it.
Where you have withdrawn your consent for us to use your data for a particular purpose (e.g. unsubscribed from a mailing list) we may retain some of your data for up to two years in order to preserve a record of your consent having been withdrawn.
What rights do you have?
Under the GDPR, you have the following rights over your data and its use:
- The right to be informed about what data we are collecting on you and how we will use it
- The right of access – you can ask to see the data we hold on you
- The right to rectification – you can ask that we update or correct your data
- The right to object – you can ask that we stop using your data for a particular purpose
- The right to erasure – you can ask us to delete the data we hold on you
- The right to restrict processing – you can ask that we temporarily stop using your data while the reason for its use or its accuracy are investigated
- Though unlikely to apply to the data we hold and process on you, you also have rights related to portability and automated decision making (including profiling)
All requests related to your rights should be made to the Data Protection Officer at firstname.lastname@example.org. We will respond within one month.
You can find out more about your rights on the Information Commission’s Office website.
What will we do if anything changes?
If we make changes to our privacy statements or processes, we will post the changes here. Where the changes are significant, we may also choose to email individuals affected with the new details. Where required by law, will we ask for your consent to continue processing your data after these changes are made.
Note: For all existing choir members as at May 2018 permission for data to be held on them was sought retrospectively. All new members are asked to grant consent for data to be collected and stored.
The proper implementation of this policy is the responsibility of the Chair of Alnwick & District Choral Society and Committee. The Data Controller, responsible for the day-to-day management of the data is the Librarian of Alnwick & District Choral Society.
Approval and Review
This policy was approved by the Committee of Alnwick & District Choral Society on January 22nd 2019 and circulated and publicised to choir members in January 2019. It is to be reviewed annually.
Copyright 2020 – ADCS.