Cookies
Home Members Events Contacts Tickets Archive

Home

Events

Members

Contacts

Tickets

Archive

Newcastle upon Tyne Bach Choir

is a registered charity.

Charity Number: 507520


Follow us!

Newcastle upon Tyne Bach Choir

Newcastle upon Tyne    

Bach Choir


Newcastle upon Tyne Bach Choir


Cookies

To make this site work properly, we sometimes place small data files called cookies on your device. Most big websites do this too.


What are cookies?

A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another.

How do we use cookies?

A number of our pages use cookies to remember:


your display preferences, such as contrast colour settings or font size

if you have used an on-line form or on-line payment

if you have agreed (or not) to our use of cookies on this site


Also, any video embedded in our pages use a cookie to anonymously gather statistics on how you got there and what videos you visited.

Enabling these cookies is not strictly necessary for the website to work but it will provide you with a better browsing experience. You can delete or block these cookies, but if you do that some features of this site may not work as intended.

The cookie-related information is not used to identify you personally and the pattern data is fully under our control. These cookies are not used for any purpose other than those described here.


How to control cookies

You can control and/or delete cookies as you wish – for details, see aboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.


Newcastle upon Tyne Bach Choir Data Protection Policy


Introduction and scope

In order to operate, Newcastle upon Tyne Bach Choir Society (“the choir”) needs to gather, store and use certain forms of information about individuals.

These include members, suppliers, volunteers, supporters, audiences and potential audiences, business contacts and other people the group has a relationship with or regularly needs to contact.


This policy explains how this data should be collected, stored and used in order to meet the choir’s data protection standards and comply with the law.


This policy ensures that the choir:

Protects the rights of its members, volunteers and supporters

Complies with data protection law and follows good practice

Minimises the risk of a data breach

It applies to all those handling data on behalf off the choir, primarily (though not limited to) certain committee members.


It applies to all data that the choir holds relating to individuals, including (but not limited to) name, email address, postal address and phone number.


Responsibilities


The choir trustees are responsible for formulating this policy and reviewing it, either every three years or when new data protection regulations that affect the choir are introduced. The trustees are responsible for ensuring that anybody who has access to data held by the choir, knows and agrees with the policy.  


Everyone who has access to data as part of the choir has a responsibility to ensure that they adhere to this policy.  


The Data Controller role for the choir is shared by the secretary and the chair. The chair, together with the trustees, is responsible for determining what data is collected and why, and how it will be used. The secretary is custodian of the data and deals with day to day operational issues. Any questions relating to the collection or use of data should be directed to one of the Data Controllers, as appropriate.


Statements of general policy

1. We fairly and lawfully process personal data

The choir will only collect data where lawful and where it is necessary for the legitimate purposes of the group.

A choir member’s name and contact details (postal address, email address and phone number) will be collected when they first join the group, and will be used to contact the member regarding group membership administration and activities. Other data may also subsequently be collected in relation to their membership, including their payment history for ‘subs’ and any data necessary to claim Gift Aid where appropriate.

The name, postal address, email address and phone number(s) of volunteers and committee members will be collected when they take up a position, and will be used to contact them regarding group administration related to their role.

An individual’s name, contact details and other details may be collected at any time (including when booking tickets or at an event), with their consent, in order for the choir to communicate with them about group activities, and/or for Direct Marketing. See ‘Direct Marketing’ below.

Photos may be taken for promoting the choir and concerts. These will usually be long shots or soft focus so that individuals are not easily recognised. When a photo does allow an individual to be identified, their permission will be sought before making it publicly viewable.


2. We only collect and use personal data for specified and lawful purposes.

When collecting data, the choir will always explain to the subject why the data is required and what it will be used for, e.g.

“Please enter your email address in the form below. We need this so that we can send you email updates for group administration including about rehearsal and concert schedules, subs payments and other business.”

We will never use data for any purpose other than that stated or that can be considered reasonably to be related to it.


3. We ensure any data collected is relevant and not excessive


The choir will not collect or store more data than the minimum information required for its intended purpose.


4. We ensure data is accurate and up-to-date

The choir will ask people whose personal information it holds to check and update their data on an annual basis.

 

Any individual will be able to update their data at any point by contacting the person responsible for holding their data for a particular purpose (e.g. secretary for rehearsal registers), if they know who that is, or either of the Data Controllers in any case.


5. We ensure data is not kept longer than necessary

If a choir member notifies the secretary or chair that they are leaving the choir, their data will be deleted straight away (see below for exception). Each year, a check will be made and anyone who hasn’t attended any rehearsals during the preceding year will be contacted to check if their absence is permanent. If so (or if no reply is received) their data will be deleted. Any legal requirement to keep records (for example, data about financial transactions will be kept for 6 years) will be observed. If a person on the marketing mailing list unsubscribes, they will be removed from the list within 30 days.


6. We process data in accordance with individuals’ rights      

The following requests can be made in writing to the Data Controllers:   

people can request to see any data stored by the choir about them. Any such request will be actioned within 30 days of the request being made.

people whose personal information is stored by the choir can request that any inaccurate data about them is updated. Any such request will be actioned within 30 days of the request being made.

people can request to stop receiving any marketing communications. Any such request will be actioned within 30 days of the request being made.

people can object to any storage or use of their data that might cause them substantial distress of damage or any automated decisions made based on their data. Any such objection will be considered by the trustees and a decision communicated within 30 days of the request being made.


7. We keep personal data secure

The  choir will ensure that data it holds is kept secure.

Electronically-held data will be held within a password-protected and secure environment.

Physically-held data (e.g. membership forms or email sign-up sheets) will be stored where members of the public do not have access. A cupboard or filing cabinet in a committee member’s house is deemed to be sufficiently secure.

Access to data will only be given to relevant trustees or committee members where it is clearly necessary for the running of the group. The Data Controllers will decide in which situations this is applicable and will keep a master list of who has access to data.

When a person having access to data, whether in electronic form or hard copy, ceases to need that access (e.g. because they leave the role requiring access), they will be asked to return any hard copies and pass on the electronic data, deleting any copies they have.

8. Transfer to countries outside the EEA

The choir will not transfer data to countries outside the European Economic Area (EEA), unless the country has adequate protection for the individual (e.g. USA).


9. Sharing members’ contact details with other members


The choir sometimes needs to facilitate communication between members. In this case, a member’s explicit consent will be sought before passing their contact details to any other member.


10. Dealing with a personal data breach


If a personal data breach (such as a loss of confidentiality) occurs, the choir will assess the likely impact of the breach on the subjects’ rights and freedoms, and any possible negative consequences, and determine whether they and/or the ICO should be notified. A record will be kept of the breach, any action taken and justification for that action.


11. Collection of data from supporters


The choir may collect data from consenting supporters for marketing purposes. This may  include contacting them to promote concerts, updating them about choir news, fundraising and other relevant activities. When data is collected for this purpose, the choir will provide:

A clear and specific explanation of what the data will be used for (e.g. ‘Tick this box if you would like us to send you email updates with details about our forthcoming events, fundraising activities and opportunities to get involved’)

A method for users to show their active consent to receive these communications (e.g. a ‘tick box’)

Access to the choir’s data privacy statement.

Data collected in this way will only ever be used in the way described and consented to. Every marketing communication will contain a method through which a recipient can withdraw their consent (e.g. an ‘unsubscribe’ link in an email). Opt-out requests such as this will be processed within 30 days.


12. The choir does not need to register with the ICO


ICO guidelines indicate that the choir does not need to register as a Data Controller, as follows (taken from https://ico.org.uk/for-organisations/register/faqs):


“You do not have to register if organisation was established for not-for-profit making purposes and does not make a profit or if your organisation makes a profit for its own purposes, as long as the profit is not used to enrich others. You must:

only process information necessary to establish or maintain membership or support; 

only process information necessary to provide or administer activities for people who are members of the organisation or have regular contact with it; 

only share the information with people and organisations necessary to carry out the organisation’s activities. Important - if individuals give you permission to share their information, this is OK (you can still answer ‘yes’); and

only keep the information while the individual is a member or supporter or as long as necessary for member/supporter administration.”