Privacy Policy
All enquiries and requests on your data held by Barts Choir should be directed to secretary@bartschoir.com.
BARTS CHOIR PRIVACY POLICY
EFFECTIVE DATE: 20th May 2018
- Introduction
- In order to operate, Barts Choir needs to gather, store and use certain forms of information about individuals.
- In general, these individuals are choir members, trustees, voice representatives, contractors/3rd party suppliers, ticket purchasers and volunteers.
- This policy explains how this data will be collected, stored and used in order to meet Barts Choir data protection standards and comply with the law.
- Who and what does this policy apply to?
- This applies to all those handling data on behalf of Barts Choir, including:
- Trustees
- Voice Representatives for each voice part
- Volunteers
- Members
- Contractors/3rd-party suppliers
- It applies to all data that Barts Choir holds relating to individuals, including:
- Names
- Email addresses
- Postal addresses
- Phone numbers
- Any other personal information held (e.g. financial)
- This applies to all those handling data on behalf of Barts Choir, including:
- Roles and responsibilities
- Everyone who has access to data as part of Barts Choir has a responsibility to ensure that they adhere to this policy.
- Data controller
- The Data Controller for Barts Choir is the choir itself. The choir are responsible for the reason data is collected and how it will be used. Any questions relating to the collection or use of data should be directed to the secretary@bartschoir.com
- Data protection principles
- We fairly and lawfully process personal data
- Barts Choir will only collect data where lawful and where it is necessary for the legitimate purposes of the choir.
- A Member’s name and contact details will be collected when they first join the choir and will be used to contact the Member regarding membership, administration and activities. Other data may also subsequently be collected in relation to their Membership, including as to their payment history for subscriptions and donations.
- The name and contact details of trustees, voice representatives for each voice part, volunteers and contractors/3rd party suppliers will be collected when they take up a position and will be used to contact them regarding administration related to their role.
- Further information, including personal financial information and criminal records information may also be collected in specific circumstances where lawful and necessary (in order to process payment to the person or in order to carry out a Disclosure and Barring Service check).
- An individual’s name and contact details will be collected when they make a booking for an event. This will be used to contact them about their booking and to allow them entry to the event.
- An individual’s name, contact details and other details may be collected at any time (including when booking tickets or at an event), with their consent, in order for Barts Choir to communicate with them about group activities, and/or for Direct Marketing. See ‘Direct Marketing’ below.
- We only collect and use personal data for specified and lawful purposes.
- When collecting data, Barts Choir will always explain to the subject why the data is required and what it will be used for.
- Barts Choir will never use data for any purpose other than that stated or that can be considered reasonably to be related to it.
- We ensure any data collected is relevant and not excessive
- Barts Choir will not collect or store more data than the minimum information required for its intended purpose.
- We ensure data is accurate and up-to-date
- Barts Choir will ask members, trustees, voice representatives for each voice part, volunteers and contractors/3rd party suppliers to check and update their data on an annual basis.
- Any individual will be able to update their data at any point by contacting the Data Controller or by updating their details on the Barts Choir website.
- We ensure data is not kept longer than necessary
- Barts Choir will keep data on individuals for no longer than 12 months after its involvement with the individual has stopped unless there is a legal requirement to keep records.
- We process data in accordance with individuals’ rights
- The following requests can be made in writing to the Data Controller:
- Individuals can request to see any data stored on about them. Any such request will be actioned within 28 days of the request being made.
- Individuals can request that any inaccurate data held on them is updated. Any such request will be actioned within 28 days of the request being made.
- Individuals can request to stop receiving any marketing communications. Any such request will be actioned within 28 days of the request being made.
- Individuals can object to any storage or use of their data that might cause them substantial distress of damage or any automated decisions made based on their data. Any such objection will be considered by the trustees, and a decision communicated within 30 days of the request being made.
- The following requests can be made in writing to the Data Controller:
- We keep personal data secure
- Barts Choir will ensure that data held by it is kept secure.
- Electronically-held data will be held within a password-protected and secure environment
- Passwords for electronic data files will be re-set each time an individual with data access leaves their role/position
- Physically-held data (for example. membership forms or email sign-up sheets) will be stored securely by the data controller.
- Access to data will only be given to relevant trustees/volunteers/contractors where it is necessary for the running of Barts Choir. The Data Controller will decide in what situations this is applicable and will keep a master list of who has access to data
- Barts Choir will ensure that data held by it is kept secure.
- Transfer to countries outside the EEA
- Barts Choir will not transfer data to countries outside the European Economic Area (EEA), unless the country has adequate protection for the individual (for example. USA).
- We fairly and lawfully process personal data
- Direct marketing
- Bart’s Choir will regularly collect data from consenting members and supporters for marketing purposes. These purposes include contacting them to promote concerts, updating them about choir opportunities, news, fundraising and other choir activities.
- Whenever data is collected for this purpose, Barts Choir will provide: A clear and specific explanation of what the data will be used for.
- Data collected will only be used in the way described and consented to.
- Every marketing communication will contain a method through which a recipient can withdraw their consent (for example. an ‘unsubscribe’ link in an email). Opt-out requests such as this will be processed within 28 days.
- Cookies on Bart’s Choir website
- Barts Choir uses cookies on its website www.bartschoir.com in order to monitor and record user’s activity. This allows it to improve users’ experience of its website by, for example, allowing for a ‘logged in’ state, and by giving Barts Choir useful insight into how users as a whole are engaging with the website.
- Barts Choir will implement a pop-up box on www.bartschoir.com that will activate each new time a user visits the website. This will allow the user to click to consent (or not) to continuing with cookies enabled, or to ignore the message and continue browsing (i.e. give their implied consent).
- It will also include a link to Barts Choir Privacy Policy which outlines which specific cookies are used and how cookies can be disabled in the most common browsers.