Privacy Notice – For Members of Nantwich Concert Band
On 25th May 2018 new data protection law comes into force in the UK; this is the General Data Protection Regulation (or GDPR). Under GDRP, every organisation is expected to process all data carefully and be transparent about what and how that data is held.
As a membership organisation, Nantwich Concert Band holds a limited amount of data about its members. This data includes:
- Age (if under 18);
- Contact addresses;
- Email addresses;
- Emergency contact details of parent(s)/guardian(s) for under 18s.
- Instrument hire records;
- Subscription rate / method of payment; and
- Telephone and/or mobile numbers.
The organisation also has, for purposes of publicity:
- Audio recordings; and
- Video recordings.
This data is held and processed by the Committee of Nantwich Concert Band, who are elected by the bands membership at the Annual General Meeting. Details about those who have access to the data processed by the committee can be found in the Data Protection Policy. No other individuals shall have access to this data unless specific consent has been given. Only the executive committee (Chair, Treasurer and Secretary) have access to records of personal arrangements for payment of subscription fees. In order to maintain the data held by Nantwich Concert Band, the Committee uses a secure information sharing service called ‘DropBox’. DropBox holds its servers in the United States of America.
Nantwich Concert Band uses the data it holds about its members in a manner that enables the organisation to function and meet its purposes, namely;
- To organise regular rehearsals;
- To organise and perform concerts regularly;
- To organise social events; and
- To ensure the organisations continued health, i.e. financial stability, asset security.
Under GDRP, Nantwich Concert Band processes data about its members under the lawful basis of ‘Contract’. Contract is a lawful basis for holding data when:
- There is a contract with the individual and their personal data needs to be processes to complied with the obligations of that contract;
- There is an agreement, not necessarily formalised in a written contract, between the two parties which meets the requirements of contract law. i.e. there is an agreement of exchange of goods or services for money.
The committee has reviewed the data it processes and has assessed the purpose and necessity of this processing, and our relationship with our members. The Committee is satisfied that the data we process is done so under a form of Contact with our members; members pay a subscription fee in exchange for weekly rehearsals and performance opportunities in the ensemble.
Upon joining the band all members are asked to complete a membership form which provides the data that will be processed by the committee. As Nantwich Concert Band processes the data it holds about its members under the lawful basis of ‘Contract’, and the information is provided by the members themselves, we will not be asking every current member to re-confirm their consent to the Band’s holding of their information.
However, any member is entitled to withdraw or withhold any data they do not wish to share with the committee. Members may, at any time, request that their data be deleted. Members may also request that their image is not taken or used for publicity purposes.
Members may also, at any time, request clarity on what data is held about them by the committee and request any changes to their data, to ensure it is accurate. Members have a responsibility to notify the committee of any changes to their personal details which may affect the effective administration of the band, e.g. change of contact details.
Data held by the committee is reviewed every 2 years in April and at that point any data related to individuals no longer part of the band will be deleted. Individuals whose data is held and are no longer part of the band during this 2 year period may have their data used to offer them the opportunity to re-join the band and keep them informed of activities the band is undertaking. Individuals can request immediate deletion of their data upon leaving the band, and this should be done by emailing firstname.lastname@example.org.
Members can find out more information about GDPR by visiting the Information Commissioner’s Office website.
Any members who have any concerns should speak to a member of the Nantwich Concert Band Committee, either in person or by emailing email@example.com.
The Committee of Nantwich Concert Band have produced a Data Protection Policy and Data Retention Policy which can be accessed via the links below.
Data Retention Policy