General Data Protection Regulations
Data Collection, Retention and Use Policy for St Asaph Choral Society
In order to operate, the St Asaph Choral Society needs to gather, store and use certain items of information about the individuals connected with the Society. This document explains how data will be collected, stored, used and disposed of under the Society’s data protection standards.
Who does this policy apply to?
- Choral Society Members
- Friends of the Choral Society
- Others individuals implicitly connected with the Choral Society (e.g. Leaders, Accompanists)
- Individuals who might be mentioned in advertising for, and reporting on performances, for example instrumentalists, soloists.
What items of personal data do we store?
As a general principle, we will collect, store and use the absolute minimum of information to enable the Society to function efficiently. The items of data under our direct control are:
For all individuals connected with the Society
- Contact details. Name, address, telephone numbers, email addresses. These data items are stored electronically.
- Name and contextual data in Society documents and communications (e.g. minutes of meetings, minutes of the AGM).
For members of the Society, in addition to the contact details above, the following items are stored:
- Voice (SATB) (electronic)
- Contact preferences (electronic)
- Attendance records (paper or electronic)
- Incoming payment records – subs, music loan fees, ticket sales, ad-hoc payments (e.g. for Christmas meal) (paper or electronic)
- Music loan records (paper or electronic)
- Outgoing payment records (e.g. for the hire of equipment and music)
For committee members, in addition to the details above,
- Committee role (electronic)
There are items of data not under our direct control that may be identifiable to individuals connected with the Society, for example:
- Being mentioned on the Society’s web page
- Being mentioned on the Society’s FaceBook page
- Being mentioned in advertising for concerts
- Included on electronic mail mailing lists held by a third-party Email providers
Data items will be retained only for as long as they are relevant, or necessary for historical purposes. Given reasonable notice, we will let you have a copy of all of your data held by the Society.
How is the Society’s data kept safe?
For electronic data directly under our control, data sets will be kept on one or more computers that are owned by and operated by members of the committee. The data will be stored locally on the computers and not stored on any remote, commercial servers. For security against data loss, at least one back-up copy of each data set will be maintained. For security against unauthorised access, data sets will be secured by a password and if it is thought to be necessary, will be encrypted.
For subsidiary paper-based data items, the data sets will be kept in the relevant committee member’s residence in a safe place and protected against loss by copying. Lists of individuals that are the subject of the paper records will be derived from a master, electronic list. If there are any changes to the master list, the subsidiary paper records will be updated.
All data, whether electronic or paper will be identified by an effective date or version number to avoid multiple differently-sourced versions.
As a general rule, anything originated on one of these platforms should be anonymised as far as possible. The publication of certain personal items of data is unavoidable, for example the names of soloists in upcoming concerts, the names of musicians and choir leaders, but care will be taken to minimise this exposure. However, particularly with regard to social media, it is possible for all people connected with the Society to add items to the social media timeline. It is the responsibility of all individuals to be reasonable in minimising the publication of items of data that can identify others. A warning to this effect will be added to the Society’s web page and FaceBook page.
What will the Society do with your personal data?
The data is held primarily to administer the operation of the Society. We will not pass your details to any third parties for marketing and similar purposes. We will only contact you via one of your chosen contact methods for administrative purposes, for example to remind you of term dates, dates for concerts, the availability of rehearsal tracks. Rarely we will contact you with an item of interest connected with the Society, for example a concert being performed by one of our other nearby choral societies.
The FaceBook page and the Society Web page will be used as a general means of communication, but items will be published there only; they will not be “pushed” to individual members.
What are your responsibilities under this policy?
- To make sure that your individual data held by the Society is up to date and accurate.
- To avoid exposing the details of other members of the Society (particularly on social media) unless they have given permission, and then to minimise those details.
- To protect your own data in public arena (i.e. outside the areas that are the responsibility of the Society), in particular your passwords, usernames, financial details, addresses, identifiers such as date of birth. This is for your own safety, and to avoid the identification of other individuals by one or more implicit links..
- To draw the attention of a member of the committee of the Society to any breach of this policy.
St Asaph Choral Society.
Data Collection,Retention and Use Policy. Version 1.2