
Privacy Policy
Chapter House Choir Privacy Notice Approved 15 May 2018
The Chapter House Choir Privacy Policy
Introduction
The Chapter House Choir is a secular choir, based in York, and is registered with the Charity Commission (registration number 511629). The Chapter House Choir also runs a Youth Choir for young people aged 14-19 years old. Both choirs give performances and run workshops, some of which are advertised to the public.
Both choirs promote their concerts and workshops, and the adult choir holds a mailing list of people who wish to hear about concerts and other events. The Choir shares adult members’ contact details with other adult members.
For the purposes of the General Data Protection Regulation (GDPR), the Chapter House Choir is the data controller and is registered with the Information Commissioner’s Office which oversees and monitors the implementation of the GDPR. The Choir’s Data Protection Officer is Sarah Hewlett. Choir Trustees and those authorised by them may process and store data on the Choir’s behalf.
If you’re reading this, you may be:
- A member, or past member, of the Chapter House (adult) Choir;
- A member, or person with legal responsibility for a member, of the Chapter House Youth Choir
- A member of the public who has joined our mailing list
- A Patron of the choir
- Someone who supplies a service to the Chapter House Choir eg Musical Director
This notice explains when and why we collect personal information, how we will use it, the conditions under which we will disclose it to others and how we keep it secure.
What sort of information do we collect?
In order to administer the choirs we hold the following information:
- Members’ name and contact details
- Where choir members are under the age of 18, the name of their school, their doctor and the contact details of the person responsible for them
- The name and contact details of people who act as chaperones for the Youth Choir
- Patrons’ name and contact details
- The name and contact details of suppliers of services and their bank details.
In order to promote concerts to potential audiences we hold the following information:
- Your name and email address, where you heard about us and your residential postcode
How do we use your personal information?
We will use the information we collect to:
- Keep members of the choirs informed about rehearsals, concerts, notices regarding the administration of the choir such as Annual General Meetings, subscriptions and any other relevant purposes, through email and applications such as WhatsApp
- Allow members of the choir to contact each other for reasons relating to Choir and other reasons
- Keep past members informed about reunion concerts and events
- Ensure that we comply with our Safeguarding responsibilities in relation to the Youth Choir
- Ensure that we comply with current legal financial responsibilities including accounting requirements of the Charity Commission
- Promote upcoming concerts, for both the adult and youth choirs, to Patrons and people who have asked to be kept informed of such events through email and proprietary third party software such as MailChimp
- Enter into contracts with suppliers and potential suppliers and process payments to them
- Make payments to choir members who have incurred incidental expenses on behalf of the Choir
We will NOT
- use the personal data of Patrons or people on our mailing list for commercial purposes other than promoting our concerts and other similar events.
- sell or rent any of the personal data we hold to third parties for any purpose.
- hold bank details of those who pay membership subscription; these details are held by your bank and payments are transmitted to the Choir’s bank account without account details being shared.
What is the purpose of collecting and processing this information?
Under the General Data Protection Regulation (GDPR) anyone who processes personal data should clearly state the legal bases for doing so, to ensure they process data lawfully, fairly and transparently. There are six legal bases for processing personal data and those which apply to the Chapter House Choirs are as follows:
- The basis for processing data gathered from Patrons, choir members and those who wish to join the mailing list is Consent. This means that when we enter into a relationship with you, we will ask for your consent to process your personal data for the purposes outlined in this Privacy Notice.
- The basis for processing data held about suppliers and potential suppliers to the Chapter House Choir is for Contract.
Your rights
Under the GDPR, you have a number of rights which you should be aware of. These include:
- The right to access a copy of any information held about you by the Chapter House Choirs;
- The right to rectify the information if it is incomplete or inaccurate;
- The right to withdraw consent (e.g. if you have previously consented to us holding your data and no longer wish to);
- The right to have personal data erased, to prevent data being processed and/or to object to data being processed in specific circumstances (e.g. if the data is no longer necessary for the purpose for which it was originally collected).
If you would like to undertake any of the actions above, please contact privacy@chapterhousechoir.org You can also contact the Information Commissioner’s Office (ICO) if you have any concerns about how information has been collected, stored or processed.
How we store and protect information
We are committed to ensuring that personal information is treated securely. The Chapter House Choir is a volunteer-run organisation and information will therefore be stored on personal computers in people’s homes. For the purposes of the administration of the choirs (including the administration of contracts) and the promotion of their concerts and events
- Details may be transmitted normally over the internet;
- Paper records will be stored in an appropriate manner, ie within a filing system
- Information may be stored on personal computers, laptops and on memory sticks
- Laptops and personal computers will be protected with anti-virus software
- Information held by the Data Protection Officer and Treasurer will be backed up on a hard drive;
- Information will be deleted by the Chapter House Choir
- 6 years after Gift Aided subscriptions and/or donations have ceased (this is for tax audit reasons and relates only to name and address)
- 6 years after the relevant accounting period has ended, for all financial administration records
- 12 months after a member of the choirs leaves the choir permanently unless you indicate that you would like to be kept informed of reunion events, or you consent to be added to the mailing list
- 12 months after a supplier ceases to trade permanently with the Choir
- Immediately upon a request to be removed eg from the mailing list, unless this that conflicts with our legal obligations under financial regulation for retention of records.
- Information stored by the Chapter House Choirs is held within the EU. Where we use third party data processors (e.g. MailChimp), we check that they hold data within the EU or that they have appropriate protections in place if data is transferred outside the EU, to comply with EU data protection legislation.
Approval and review
This Privacy Notice was approved by the Chapter House Choir Committee on 15 May 2018 and will be reviewed annually or when data protection legislation changes, whichever is sooner.