Version 2 Dated 29 May 2018
What is this Privacy Notice for?
This Privacy Notice sets out the key information that it is essential for people to know prior to providing personal data and information (personal data) to Hertfordshire Chorus.
We provide this Privacy Notice as the data controller for your personal data. We are responsible to you for how we process it. By using our website and services or becoming a member we will collect and use your personal data in the ways outlined in this Privacy Notice.
We are committed to protecting your personal data and will use any personal data we collect from you in accordance with data protection legislation. If you do not agree with the ways we will use your personal data then please do not use our website or services.
We may make changes to our Privacy Notice and when we do we will post our changed Privacy Notice on our website and it will then apply. We will always put the date and version of our Privacy Notice in its header so that you can easily find this information.
What’s personal data?
Personal data is any information about a living individual that can be used to identify the individual, such as name, address, date of birth, email address, photographs or videos. It may also include special categories of personal data. This is information concerning: racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic or biometric data; health data; data concerning a person’s sex life or sexual orientation.
What personal data do we collect and what do we use it for?
Hertfordshire Chorus will only collect and use your personal data when the law allows us to. The type of personal data we collect includes:
The law also allows us to collect special categories of personal data with your explicit consent. Where we do so we will ask for your consent before we process your personal data. You are under no obligation to give consent if we ask for it. Where you do provide consent you may withdraw it at anytime.
What do we collect and use your personal data for?
The most common bases for processing your personal data is as follows:
Members: for our legitimate interests to administer membership and run our activities
We will processes members’ personal data for our legitimate interests: to help us plan, organise and run the day-to-day operations of Hertfordshire Chorus (e.g. co-ordinating rehearsals, organising concerts or collecting subscription payments); and to promote and market the Chorus’ activities (e.g. marketing mailing lists and photography/video capture). When you join Hertfordshire Chorus as a member, and during your membership, or when you complete a ‘Join Us’ page or a concert information registration form from our website we will collect personal data on you to enable us to carry out our legitimate interests.
If you give us your consent to do so, we may also use your contact details to send you Hertfordshire Chorus’ marketing/promotional communications such as our newsletter and to organise social or fundraising events. Any marketing/promotional communication we send you will include a clear option to withdraw your consent (e.g. to ‘opt out’ of future emails) and you can also withdraw consent at any point by contacting our Data Protection Co-ordinator firstname.lastname@example.org
Event attendees: for processing and managing tickets for events
Where our events are ticketed it will be necessary for us to collect and use your personal data in order to complete all our tasks under the booking contract we will have with you. So we will need to collect your personal data when making a booking (name and email) so that we can send you a confirmation of your reservation/purchase. This data will only be used for administering your access to the event/s for which you have booked and will notbe used to send you marketing/promotional messages from Hertfordshire Chorus unless you have also provided your consent to receive these (see below).
Employees: for legal, administrative or regulatory purposes
We may need to collect employee personal data to perform the employment contract we have entered into with an employee or when we need to comply with a legal obligation such as complying with tax and other regulatory requirements.
Artists, performers and suppliers: for contract or other legal purposes
We will collect artists, performers and suppliers personal data, such as name, address and email contact details when we enter into a contract to work with them. This will be used to contact them about the arrangements relating to their contract with us and to enable us to process payments to them.
Mailing list subscribers: for marketing and promotion
We offer everybody the opportunity to consent to receive marketing and promotional information on our events and activities, such as emails about forthcoming events and our newsletter.
When you sign-up to our marketing mailing list we will ask for your name, email, phone number, address and will use this data to send you marketing information. We will only send you information that is related to Hertfordshire Chorus and we will notuse your data to send you marketing messages from 3rdparties, such as associated choirs, unless you have consented to receiving them.
Anything we send you will include a clear option to withdraw your consent and you can also do so at any time by contacting our Data Protection Officer.
Website visitors: for running and improving our website
We use cookie technology when a person visits our website to collect and analyse anonymised data on how many people have visited, what pages they have looked at and other statistical information.
We use a pop-up banner to let users know about this on their first visit, and they can at any time disable cookies in their browser if they do not wish their (anonymised) data to be tracked.
Do we share your data with anyone else?
We may pass your personal data to related third parties, for example we share it with Mail Chimp as it manages our supporters database. Mail Chimp and the other third parties we share your personal data with are required to take appropriate security measures to protect your personal data. We do not allow third parties to use and process your personal data for their own purposes and we only permit them to use and process your personal data for specific purposes in accordance with our instructions. If a third party operates outside the European Economic Area we require them to put in place appropriate measures to protect your personal data.
Are there special measures for children’s personal data?
We do not knowingly collect or store any personal data about children under the age of 16.
How can you update your personal data?
You can contact us at any time at email@example.com to update or correct the personal data we hold on you.
How long will we hold your personal data?
We will not keep your personal data for longer than is necessary for the purposes set out in this Privacy Notice or as required by applicable law, which, for, for example, tax purposes requires us to keep personal data for a minimum period of six years.
How we protect your personal data
The security of your personal data is very important to us. We will ensure that we have in place appropriate organisational and technical measures to prevent unauthorised access, improper use, alteration, destruction or accidental loss of your personal data.
What rights do you have?
Under the GDPR, you have the following rights over your personal data and its use:
- The right to be informed about what personal data we are collecting on you and how we will use it
- The right of access – you can ask to see the personal data we hold on you
- The right to rectification – you can ask that we update or correct your personal data
- The right to object – you can ask that we stop using your personal data for a particular purpose
- The right to erasure – you can ask us to delete the personal data we hold on you
- The right to restrict processing – you can ask that we temporarily stop using your personal data while the reason for its use or its accuracy are investigated
- Though unlikely to apply to the personal data we hold and process on you, you also have rights related to portability and automated decision making (including profiling)
All requests related to your rights should be made to the Data Protection Co-ordinator at firstname.lastname@example.org We will respond within one month.
Who to contact for more information or to complain?
Please contact our Data Protection Co-ordinator email@example.com if you require more information about how we handle your personal data or should you wish to complain about how we have used it. The Information Commissioner’s Office (ICO) will be able to provide you with general information about data protection matters and your data protection rights. You can also make any complaints about our handling of your personal data to the ICO. The ICO can be contacted at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AFT and by clicking on the attached link you can enter their website: Information Commission’s Office website