Newcastle upon Tyne Bach Choir
is a registered charity.
Charity Number: 507520
Newcastle upon Tyne
Copyright © Newcastle upon Tyne Bach Choir
Newcastle upon Tyne Bach Choir
To make this site work properly, we sometimes place small data files called cookies on your device. Most big websites do this too.
What are cookies?
A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-
your display preferences, such as contrast colour settings or font size
if you have used an on-
Also, any video embedded in our pages use a cookie to anonymously gather statistics on how you got there and what videos you visited.
Enabling these cookies is not strictly necessary for the website to work but it will provide you with a better browsing experience. You can delete or block these cookies, but if you do that some features of this site may not work as intended.
How to control cookies
You can control and/or delete cookies as you wish – for details, see aboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.
Newcastle upon Tyne Bach Choir Data Protection Policy
Introduction and scope
In order to operate, Newcastle upon Tyne Bach Choir Society (“the choir”) needs to gather, store and use certain forms of information about individuals.
These include members, suppliers, volunteers, supporters, audiences and potential audiences, business contacts and other people the group has a relationship with or regularly needs to contact.
This policy explains how this data should be collected, stored and used in order to meet the choir’s data protection standards and comply with the law.
This policy ensures that the choir:
Protects the rights of its members, volunteers and supporters
Complies with data protection law and follows good practice
Minimises the risk of a data breach
It applies to all those handling data on behalf off the choir, primarily (though not limited to) certain committee members.
It applies to all data that the choir holds relating to individuals, including (but not limited to) name, email address, postal address and phone number.
The choir trustees are responsible for formulating this policy and reviewing it, either every three years or when new data protection regulations that affect the choir are introduced. The trustees are responsible for ensuring that anybody who has access to data held by the choir, knows and agrees with the policy.
Everyone who has access to data as part of the choir has a responsibility to ensure that they adhere to this policy.
The Data Controller role for the choir is shared by the secretary and the chair. The chair, together with the trustees, is responsible for determining what data is collected and why, and how it will be used. The secretary is custodian of the data and deals with day to day operational issues. Any questions relating to the collection or use of data should be directed to one of the Data Controllers, as appropriate.
Statements of general policy
1. We fairly and lawfully process personal data
The choir will only collect data where lawful and where it is necessary for the legitimate purposes of the group.
A choir member’s name and contact details (postal address, email address and phone number) will be collected when they first join the group, and will be used to contact the member regarding group membership administration and activities. Other data may also subsequently be collected in relation to their membership, including their payment history for ‘subs’ and any data necessary to claim Gift Aid where appropriate.
The name, postal address, email address and phone number(s) of volunteers and committee members will be collected when they take up a position, and will be used to contact them regarding group administration related to their role.
An individual’s name, contact details and other details may be collected at any time (including when booking tickets or at an event), with their consent, in order for the choir to communicate with them about group activities, and/or for Direct Marketing. See ‘Direct Marketing’ below.
Photos may be taken for promoting the choir and concerts. These will usually be long shots or soft focus so that individuals are not easily recognised. When a photo does allow an individual to be identified, their permission will be sought before making it publicly viewable.
2. We only collect and use personal data for specified and lawful purposes.
When collecting data, the choir will always explain to the subject why the data is required and what it will be used for, e.g.
“Please enter your email address in the form below. We need this so that we can send you email updates for group administration including about rehearsal and concert schedules, subs payments and other business.”
We will never use data for any purpose other than that stated or that can be considered reasonably to be related to it.
3. We ensure any data collected is relevant and not excessive
The choir will not collect or store more data than the minimum information required for its intended purpose.
4. We ensure data is accurate and up-
The choir will ask people whose personal information it holds to check and update their data on an annual basis.
Any individual will be able to update their data at any point by contacting the person responsible for holding their data for a particular purpose (e.g. secretary for rehearsal registers), if they know who that is, or either of the Data Controllers in any case.
5. We ensure data is not kept longer than necessary
If a choir member notifies the secretary or chair that they are leaving the choir, their data will be deleted straight away (see below for exception). Each year, a check will be made and anyone who hasn’t attended any rehearsals during the preceding year will be contacted to check if their absence is permanent. If so (or if no reply is received) their data will be deleted. Any legal requirement to keep records (for example, data about financial transactions will be kept for 6 years) will be observed. If a person on the marketing mailing list unsubscribes, they will be removed from the list within 30 days.
6. We process data in accordance with individuals’ rights
The following requests can be made in writing to the Data Controllers:
people can request to see any data stored by the choir about them. Any such request will be actioned within 30 days of the request being made.
people whose personal information is stored by the choir can request that any inaccurate data about them is updated. Any such request will be actioned within 30 days of the request being made.
people can request to stop receiving any marketing communications. Any such request will be actioned within 30 days of the request being made.
people can object to any storage or use of their data that might cause them substantial distress of damage or any automated decisions made based on their data. Any such objection will be considered by the trustees and a decision communicated within 30 days of the request being made.
7. We keep personal data secure
The choir will ensure that data it holds is kept secure.
Access to data will only be given to relevant trustees or committee members where it is clearly necessary for the running of the group. The Data Controllers will decide in which situations this is applicable and will keep a master list of who has access to data.
When a person having access to data, whether in electronic form or hard copy, ceases to need that access (e.g. because they leave the role requiring access), they will be asked to return any hard copies and pass on the electronic data, deleting any copies they have.
8. Transfer to countries outside the EEA
The choir will not transfer data to countries outside the European Economic Area (EEA), unless the country has adequate protection for the individual (e.g. USA).
9. Sharing members’ contact details with other members
The choir sometimes needs to facilitate communication between members. In this case, a member’s explicit consent will be sought before passing their contact details to any other member.
10. Dealing with a personal data breach
If a personal data breach (such as a loss of confidentiality) occurs, the choir will assess the likely impact of the breach on the subjects’ rights and freedoms, and any possible negative consequences, and determine whether they and/or the ICO should be notified. A record will be kept of the breach, any action taken and justification for that action.
11. Collection of data from supporters
The choir may collect data from consenting supporters for marketing purposes. This may include contacting them to promote concerts, updating them about choir news, fundraising and other relevant activities. When data is collected for this purpose, the choir will provide:
A clear and specific explanation of what the data will be used for (e.g. ‘Tick this box if you would like us to send you email updates with details about our forthcoming events, fundraising activities and opportunities to get involved’)
A method for users to show their active consent to receive these communications (e.g. a ‘tick box’)
Access to the choir’s data privacy statement.
Data collected in this way will only ever be used in the way described and consented to. Every marketing communication will contain a method through which a recipient can withdraw their consent (e.g. an ‘unsubscribe’ link in an email). Opt-
12. The choir does not need to register with the ICO
ICO guidelines indicate that the choir does not need to register as a Data Controller, as follows (taken from https://ico.org.uk/for-
“You do not have to register if organisation was established for not-
only process information necessary to establish or maintain membership or support;
only process information necessary to provide or administer activities for people who are members of the organisation or have regular contact with it;
only share the information with people and organisations necessary to carry out the organisation’s activities. Important -
only keep the information while the individual is a member or supporter or as long as necessary for member/supporter administration.”