MUCH WENLOCK MALE VOICE CHOIR DATA PROTECTION POLICY
Scope of Policy
This Policy applies to the work of the Much Wenlock Male Voice Choir, hereafter referred to as ‘The Choir’. The policy sets out the requirement that The Choir must adhere to in order to gather information for membership purposes. The policy details how personal information will be gathered, stored and managed in line with data protection principles and the General Data Protection Regulation. The policy is reviewed on an on-going basis by The Choir to ensure that we are compliant.
Why this Policy exists
This Data Protection Policy ensures that The Choir:
- Complies with data protection law and follows good practice
- Protects the rights of members and patrons
- Is open about how it stores and processes members and patrons data
- Protects itself from the risks of a data breach
General Guidelines for the Committee
The only people able to access data covered by this policy should be those who need to communicate with or provide a service for The Choir.
The Choir officers will provide induction training to new committee members to help them understand their responsibilities when handling data.
Officers should keep all data secure, by taking sensible precautions and following the guidelines below.
Strong passwords must be used and they should never be shared.
General communication through email with choir members should be through the use of Bcc. to protect privacy.
Data should not be shared outside of The Choir unless with prior consent and/or for specific and agreed reasons. An example would include Gift Aid information provided to HMRC.
Member and patron information should be refreshed periodically to ensure accuracy, via a membership check process or when policy is changed.
Data Protection principles
The General Data Protection Regulation identifies key data protection principles:
Principle 1 – Personal data should be processed lawfully, fairly and in a transparent manner
Principle 2 – Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes.
Principle 3 – The collection of personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Principle 4 – Personal data held should be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard for the purposes for which it is processed, is erased or rectified without delay.
Principle 5 – Personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed ; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research or statistical purposes subject to the implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals.
Principle 6 – Personal data must be processed in such a manner to ensure appropriate security of personal data. This includes protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Lawful, fair and transparent data processing
The Choir requests personal information from potential members and patrons for membership applications and for sending communications about their involvement with the Choir. The lawful basis for obtaining member information is due to the contractual relationship that the Choir has with individual members and patrons. In addition, members will be asked to provide consent for specific processing purposes. Choir members will be informed as to who they need to contact should they wish for their data not to be used for specific purposes for which they have provided consent. Where these requests are received they will be acted upon promptly and the member will be informed as to when the action has been taken.
Processed for specified, explicit and legitimate purposes
Members will be informed as to how their information will be used and officers will seek to ensure that member and patron information is not used inappropriately. Appropriate use of information provided by members will include:
- Communicating with members about Choir events and activities
- Communicating with members about their membership and/or renewal of their membership
- Communicating with members about specific issues that may have arisen during the course of their membership
The Choir Officers and Committee will determine what will be considered appropriate and also inappropriate communication. Inappropriate communication would include sending members marketing and/or promotional materials from external service providers.
Officers and Committee of the Choir will also ensure that members information is managed in such a way as to not infringe an individual members or patrons rights.