The Gresley Male Voice Choir takes the protection of personal data very seriously. This notice sets out how we manage personal data.
Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is (from 25 May 2018) governed by the General Data Protection Regulation 2016/679 (the “GDPR”).
Who are we?
Gresley Male Voice Choir, (Registered Charity No. 519870) is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
How do we process your personal data?
Gresley Male Voice Choir (“the Choir”) complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. We do not source personal data from third parties, other than as may be publicly available. We use your personal data for the following purposes:
- (Choir Members) to administer your membership of the Choir (including the claiming of Gift Aid) and participation in and promotion of its activities;
- (Past members) to inform you about opportunities to participate in Choir alumni events;
- (Suppliers of services, goods and funding) to administer your relationship with the Choir;
- (Past suppliers) to contact you regarding the provision of further services/goods to the Choir;
- (Supporters, includes those who have attended concerts and events promoted by the Choir) to contact you regarding bookings you have made (including seeking feedback), and/or contact you regarding future Choir events in accordance with any specific consents or requests you have given;
- (All) to keep records of consents given to process personal data
What is the legal basis for processing your personal data?
The legal basis for processing we have identified is Article 6 of the GDPR. Specifically, we process data under one or more of the following bases set out in that Article:
- consent of the data subject;
- necessary for the performance of a contract with the data subject or to take steps to enter into a contract;
- compliance with legal obligations (for example Companies Act, Charities Act and HMRC requirements) or
- necessary for the legitimate interests of the data controller, except where such interests are overridden by the interests, rights or freedoms of the data subject (in this context our legitimate interests are to promote the objectives of the Choir – “To advance the public knowledge and appreciation of choral music by means of concerts and other public performances.” and to carry out our legal and contractual obligations efficiently).
Sharing your personal data
Your personal data will be shared only with the Choir’s Directors, their designated management team, and in the case of Choir Members (including any contact/address information) individual Members of the Choir. In all cases personal data is only shared to the extent reasonably necessary for the purposes described above. We will only share your data with third parties with your consent, unless we are required to do so by law.
How long do we keep your personal data?
- We keep your personal data for no longer than is reasonably necessary. In deciding how long we should keep your data we take into account the following criteria:
- The nature of your relationship with the Choir: e.g. member, past member, supporter or past supporter, supplier or past supplier of services/goods (whether or not under direct contract);
- The legitimate reasons we may have for continuing to contact you deriving from our company objects (see above);
- Our legal obligations as a charity to retain company, financial and other records (typically for a minimum of 6 years);
- Any specific consents or requests you have made regarding the duration of processing of your personal data;
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- The right to request a copy of your personal data which the Choir holds about you;
- The right to request that the Choir corrects any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary for the Choir to retain such data;
- The right to withdraw your consent to the processing at any time;
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to lodge a complaint with the Information Commissioner’s Office.
Changes to how we process personal data
The Choir’s processing of personal data is kept under review by the Directors and this Data Privacy Notice may be revised from time to time. Where our processing of your personal data relies on your consent we will provide you with a new notice explaining any new purposes and processing conditions and seek your prior consent prior to commencing such processing.
To exercise all relevant rights, queries or complaints please in the first instance contact the Choir’s Secretary:
Gresley Male Voice Choir