We are committed to protecting your personal data. Any personal data we collect from you will be used in line with the General Data Protection Regulations (GDPR).
Data protection principles
We comply with data protection law, meaning that the personal information we hold about you must be:
– used lawfully, fairly and in a transparent way;
– collected only for valid purposes that we have clearly explained to you, and not used in any way that is incompatible with those purposes;
– relevant to the purposes for which we use it;
– accurate and kept up to date;
– kept only as long as necessary for the purposes for which we use it;
– kept securely.
We have appointed a Data Controller under the GDPR who can be contacted at lesfauristes|@|gmail.com
The kind of information we hold about you
Personal information means any information about an individual who can be identified. It does not include data where the identity has been removed (anonymous data) or group photos, video footage, and recording of group singing and any musical instrument.
We may collect, store and use the following information from you:
– Your name,
– Your contact information. This will include some or all of postal/email address/telephone number, as appropriate for you – depending on whether you are a choir member, freelance orchestra member or soloist, Friend of the choir or due to receive hard-copy or electronic mailings,
– Photos, recordings or video footage of rehearsals, workshops and various public events, for marketing purposes,
– Financial information, where payments of expenses, fees or invoices for services are to be carried out by online bank transfer,
– Other information relevant to previous attendance at our events and any other information you have provided to us which helps us know what future events you may be interested in.
What we do with the data we gather
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information for:
– Legal obligations – where we need to comply with a legal obligation
– Legitimate interests – where it is necessary for our legitimate interests.
We process this data for the following reasons:
– For membership record keeping (choir members, orchestra members and soloists), for the dissemination of choir-related topics as appropriate (e.g. rehearsal notes/publicity/topics of interest/social events, membership material)
– For marketing purposes (choir members, orchestra members and soloists), on our website, official Facebook page, public event adverts.
– For (e)mailshots, to keep you informed about future concerts or other events, or about becoming a member of our choir.
– Your bank details (when provided) are only used to directly pay your expenses and/or fees as appropriate.
– Friends of the choir and former choir members will also be contacted for opportunities to support the choir by volunteering at our concerts and other public events (box office, ticket scanning, etc.)
We will never share your personal information with third parties unless we have your permission or if we are required by law to do so.
If you fail to provide personal information
If you fail to provide certain personal information which is necessary for us to consider your membership/work with the choir, we will not be able to process your application successfully. For example, if you fail to provide your contact details when applying to join the choir or the orchestra or refuse to be recorded or your picture taken as part of our legitimate interest to promote our choir, we will not be able to take your application further.
Do we need your consent?
We do not need your consent if we use your personal information in accordance with this written policy. We may still approach you for your written consent to help us provide evidence of your consent in the event of a control by the relevant authorities.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard the information we collect and use. Examples of these are such as password protection, standard banking security for bank details, etc.
Retention of data
Our policy is to review all data held on individuals at least every five years and remove data where we no longer have a legitimate reason to keep it.
Controlling your personal information
You can contact us at any time at firstname.lastname@example.org to update or correct the data we hold on you.
In the circumstances where you may have provided your consent to the collection, processing or transfer of your personal information, you have the right to withdraw this consent at any time. To withdraw your consent, please contact us at email@example.com. Once we have received notification that we have withdrawn your consent, we will no longer process your personal information for the purpose your originally agreed to, unless we have another legitimate basis for doing so in law. We undertake to do so within one month.
Your rights under the GDPR
You have the following rights over your data and its use:
1. The right to be informed about data we are collecting on you and how we will use it
2. The right of access – you can ask to see the data we hold on you
3. The right to rectification – you can ask that we update or correct your data
4. The right to erasure – you can ask us to delete the data we hold on you
5. The right to restrict processing – you can ask that we temporarily stop using your data while the reason for its use or its accuracy are investigated.
6. The right to data portability – you can request the transfer of your personal information to another party
7. The right to object – you can ask that we stop using your data for a particular purpose
8. Rights in relation to automated decision making and profiling.
You can find out more about your rights on the Information Commission’s Office website. https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
All requests related to your rights should be made to the choir’s Data Controller at lesfauristes|@|gmail.com. We will respond within one month.
Effective from 25 May 2018, latest update as at 10 September 2018