Last updated May 2018.
Who is this notice for?
This notice is for any person with whom Kingston Orpheus Choir interacts, including
- Event attendees
- Professional musicians
- Website visitors
What is this notice for?
Whenever we need to collect any of your data, we will let you know at that point why we need to do so and what it will be used for, but this guide provides a useful overview of those situations and provides more detail on how we keep your data secure and up to date, how long we might hold it for, and what your rights are in relation to it.
Kingston Orpheus Choir is committed to protecting your personal data and will use any personal or sensitive data we collect from you in line with the General Data Protection Regulations (GDPR).
Who’s responsible for data the group collects?
The Secretary is a Data Controller under the GDPR.
Kingston Orpheus Choir’s Data Protection Officer is The Secretary who can be contacted at email@example.com
What data do we collect and what do we use it for?
Kingston Orpheus Choir collects data from individuals to help us plan, organise and run the day-to-day operations of the Choir (e.g. co-ordinating rehearsals or collecting subscription payments or taking part in concerts).
I. Members: for administering membership
When you join Kingston Orpheus Choir as a member, or during your membership with us, we will need to collect some of the following information on you:
- Email address
- Phone number
- Subscription payments
- Gift Aid Declarations
- Postal address
This data will be used by committee members to manage your membership with Kingston Orpheus Choir, and to organise and run our activities.
If you join a small working group within the Choir (e.g. the Committee, or the tea and coffee rota) which we run on an open-email basis, you will be deemed to have agreed to allow your email address to be shared with the other members of that group.
II. Event attendees: for processing and managing tickets for events
Where our events are ticketed, we may need to collect data on the person booking (name and email) in order to allow access to the event and/or to send you a confirmation of your reservation/purchase. This data will only be used for administering your access to the event/s.
III. Professional musicians: for administration and legal/regulatory purposes
We may need (for administration or for legal/regulatory reasons) to collect personal or sensitive data on visiting musicians. Where this is the case, we will explain what this is for at the point of collection.
IV. Website visitors: for running and improving our website
We use cookie technology when a person visits our website – either for a general search or for sending an expression of interest to join the Choir.
Do we share your data with anyone else?
We will never pass your details on to third parties for marketing purposes.
Generally names, e-mail addresses, phone numbers and physical addresses are kept by the Secretary and the Librarian.
Gift Aid declarations (on paper) which contain physical addresses are held by the Treasurer and used to complete our Gift Aid submissions to the extent required by HMRC.
Are there special measures for children’s data?
We do not knowingly collect or store any personal data about children.
How can you update your data?
You can contact us at any time at firstname.lastname@example.org to update or correct the data we hold on you.
How long we will hold your data?
The Kingston Orpheus Choir’s data retention policy is to review all data held on individuals every two years and remove data where we no longer believe we need to retain it.
If you have withdrawn your consent for us to use your data for a particular purpose (e.g. unsubscribed from a mailing list) we may retain some of your data for up to two years in order to preserve a record of your consent having been withdrawn.
What rights do you have?
Under the GDPR, you have the following rights over your data and its use:
- The right to be informed about what data we are collecting on you and how we will use it
- The right of access – you can ask to see the data we hold on you
- The right to rectification – you can ask that we update or correct your data
- The right to object – you can ask that we stop using your data for a particular purpose
- The right to erasure – you can ask us to delete the data we hold on you
- The right to restrict processing – you can ask that we temporarily stop using your data while the reason for its use or its accuracy are investigated
- Though unlikely to apply to the data we hold and process on you, you also have rights related to portability and automated decision making (including profiling)
All requests related to your rights should be made to the Data Protection Officer at email@example.com. We will respond within one month.
You can find out more about your rights on the Information Commission’s Office website.
What will we do if anything changes?
If we make changes to our privacy statements or processes we will post the changes here. Where the changes are significant, we may also choose to email individuals affected with the new details. Where required by law, we will ask for your consent to continue processing your data after these changes are made.