Whenever we need to collect any of your data, we will tell you at that point why we need to do so and what it will be used for, but this guide provides a useful overview of all of those situations and provides more detail on how we keep your data secure and up to date, how long we might hold it for, and what your rights are in relation to it. The Royal Leamington Spa Bach Choir (RLSBC) is committed to protecting your personal data and will use any personal or sensitive data we collect from you in line with the General Data Protection Regulations (GDPR).
The RLSBC is a Data Controller under the GDPR. The RLSBC's Data Protection Officer is the Choir Secretary, who can be contacted via the contact form on the Contact Us page.
Management: The RLSBC collects data from individuals to help us plan, organise and manage the day-to-day business of the Choir (e.g. co-ordinating rehearsals or collecting subscription payments) and to promote and market the Choir's activities (e.g. marketing mailing lists and photography and video capture).
Members: We will collect the following information on you for administrative purposes when you join the RLSBC as a member: Name, Gift Aid declarations, Email Address, Voice (S, A, T, B), Phone number(s), Postal Address.
This data will be used by committee members to manage your membership with the RLSBC and to organise and run our activities. If you give us your consent to do so, we may also use your contact details to send you marketing/promotional communications from the group. Any marketing/promotional communication we send you will include a clear option to withdraw your consent (e.g. to 'opt out' of future emails) and you can also withdraw consent at any point by contacting the Data Protection Officer.
Event Attendees: for processing and managing tickets for events. Where our events are ticketed, we may need to collect data on the person booking (name and email) in order to allow you access to the event and to send you a confirmation of your reservation/purchase. This data will only be used for administering your access to the event/s for which you have booked and will not be used to send you marketing/promotional messages from the group unless you have consented to receive these (see 'Mailing List' below).
Employees and Contractors: we may need to collect personal or sensitive data on employees or contractors of the group for administration or for legal/regulatory purposes. Where this is the case, we will explain what this is for at the point of collection.
Mailing list Subscribers: for marketing and promotion. We offer everybody the opportunity to sign up (consent) to receive marketing and promotional information on the group's activities (e.g. emails about forthcoming events). When you sign up to our marketing mailing list, we will ask for your name and email address, and will use this data to send you information about our events and activities (e.g. forthcoming performances, social events and fundraising events). We may also ask for your preferred topics and communication methods. These allow us to tailor the information we provide to suit your preferences (e.g. email vs post). We will only send you information that is related to the choir (e.g. we will not use your data to send you marketing messages from 3rd parties).
We will never pass your details on to third parties for marketing purposes. We sometimes use third party services to process your data (e.g. PayPal, for online ticket sales). We will always make sure any third parties we use are reputable, secure, and process your data in accordance with your rights under GDPR.
You can contact us at any time via the contact form on the Contact Us page to update or correct the data we hold on you.
The RLSBC data retention policy is to review all data held on individuals every three years and remove data where we no longer have a legitimate reason to keep it. Where you have withdrawn your consent for us to use your data for a particular purpose (e.g. unsubscribed from a mailing list) we may retain some of your data for up to two years in order to preserve a record of your consent having been withdrawn.
Under the GDPR, you have the following rights over your data and its use:
• The right to be informed about what data we are collecting on you and how we will use i
• The right of access - you can ask to see the data we hold on you
• The right to rectification - you can ask that we update or correct your dat
• The right to object - you can ask that we stop using your data for a particular purpose
• The right to erasure - you can ask us to delete the data we hold on you
• The right to restrict processing - you can ask that we temporarily stop using your data while the reason for its use or its accuracy are investigated
Though unlikely to apply to the data we hold and process on you, you also have rights related to portability and automated decision making (including profiling). All requests related to your rights should be made to the Data Protection Officer via the contact form on the 'Contact Us' page. We will respond within one month. You can find out more about your rights on the Information Commission's Office website.
If we make changes to our privacy statements or processes, we will post the changes here. Where the changes are significant, we may also choose to email individuals affected with the new details. Where required by law, we will ask for your consent to continue processing your data after these changes are made.
'Cookies' are small text files that are stored by the browser on your computer or electronic device. They allow websites to 'remember' you for a time so that they can store things like user preferences and make the website quicker and easier for you to use. Without cookies, some things on websites would not be able to work: for example, without cookies it might not be possible to know whether or not you are logged in on a website, which would prevent you from being able to see content restricted to logged-in users.
© 2020 Royal leamington Spa Bach Choir
Site Design, Build and Hosting Creative Differences