CAMERATA SINGERS, KETTERING
Personal data relates to a living individual who can be identified from it (the ‘data subject’.) The processing of personal data (including use) is governed by the General Data Protection Regulation (“GDPR”) which will shortly be incorporated in a new Data Protection Act.
Camerata Singers (“the choir”) have a lawful basis for keeping and using the personal data of its members, as they have shown their consent by the affirmative action of joining the choir and there is a contractual relationship. Holding the personal data of non-members on a mailing list serves the legitimate interests of the choir in publicising its activities and seeking new members.
The choir will therefore continue to hold and use the personal data of all individuals on its mailing list, unless they indicate a wish to be removed from it. It will also hold the personal data of individuals who apply for membership or agree to be on the mailing list in future.
Personal data is used -
- to administer membership records;
- to maintain financial records (including the processing of gift aid applications);
- to inform people of events and activities of the choir and news of related musical activities in the Kettering district;
- generally to promote the interests of the choir.
The choir complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure; and by ensuring that appropriate technical measures are in place to protect personal data.
All personal data will be treated as strictly confidential and will only be shared with other members of the choir in order to carry out a service to other members or for purposes connected with its activities. It will not be shared with third parties except with the data subject’s consent; it will not be sold, and it will not be used for marketing.
Membership and mailing list data will be retained while it is still current; gift aid declarations and associated paperwork will be retained for 7 years after the tax year to which they relate. Other financial records will be retained for 6 years after the transaction they relate to.
Data subjects have the right -
- to request a copy of any personal data which the choir holds about them;
- to request the choir to correct any personal data that is inaccurate or out of date;
- to request that personal data be erased if it is no longer necessary for the choir to retain it;
- to withdraw consent to the processing at any time;
- to request the data controller to provide them with their personal data and , if they wish, send it to another data controller;
- if there is a dispute about the accuracy or processing of personal data, to request a restriction be placed on further processing;
- to object to the processing of personal data;
- to lodge a complaint with the Information Commissioner’s Office; see the website at www.ico.org.uk.
The Data Controller is the committee. This policy will be reviewed every 2 years.
Adopted …. May 2018
Ann Burridge, Chair
Rosalind Robinson, acting Secretary