Personal Data – What Is It?
“Personal data” is any information about a living individual which allows them to be identified from that data (for example a name, photographs, videos, email address, or home address). Identification can be by the information alone or in conjunction with any other information. The processing of personal data is governed by [the Data Protection Bill/Act 2017 the General Data Protection Regulation 2016/679 (the “GDPR”) and other legislation relating to personal data and rights such as the Human Rights Act 1998].
About this Privacy Notice
This Privacy Notice is provided to you by the Rame Peninsula Male Voice Choir (RPMVC).
RPMVC is run by a Committee, and is under the musical direction of the Musical Director and the Accompanist and other office holders who work together to administer the Choir.
For the purposes of the GDPR, those referred to in the preceding paragraph are joint data controllers. The data controllers are all jointly responsible how members’ data is processed.
Members may need to share personal data with the joint data controllers to perform the smooth running of events and functions of the Choir.
This Privacy Notice describes what data is processed and for what purpose. This Privacy Notice is provided to all Choir members by the Committee on our own behalf and on behalf of each of the data controllers.
All Choir members are required to complete and sign a paper Consent Form For Use Of Personal Data. These forms are held securely by the Choir’s Committee.
In the rest of this Privacy Notice, the word “we” is used to refer to each data controller, as appropriate.
What Personal Data Do We Process?
- Names, titles and aliases, photographs
- Contact details such as telephone numbers, addresses, and email addresses
- Where they are relevant to our mission, or where you provide them to us, we may process demographic information such as gender, age, date of birth, marital status, nationality, family composition, and dependants
- Where you make donations or pay for activities such as Events organised by the Choir, financial identifiers such as bank account numbers, payment card numbers, and payment/transaction identifiers
How Do We Process Your Personal Data?
We will comply with our legal obligations to keep personal data up to date; to store and destroy it securely; to not collect or retain excessive amounts of data; to keep personal data secure, and to protect personal data from loss, misuse, unauthorised access and disclosure and to ensure that appropriate technical measures are in place to protect personal data.
We use your personal data for some or all of the following purposes:
- to administer your membership and collect dues, subs, and payments;
- to enable us to maintain an up-to-date list of all members and their contact details;
- to enable us to arrange concerts and events;
- to maintain our own accounts and records;
- to process a donation that you have made (including Gift Aid information);
- to seek your views or comments;
- to notify you of changes to our practices, events and minutes of Committee meetings;
- to send you communications about or connected with the Choir which you have requested and/or that may be of interest to you;
- to prepare and circulate newsletters, emails, or to otherwise disseminate information as appropriate.
What is the Legal Basis for Processing Your Personal Data?
Most of our data is processed because it is necessary for our legitimate interests.
Where your information is used other than in accordance with one of these legal bases, we will first obtain your consent to that use.
Sharing Your Personal Data
Your personal data will be treated as strictly confidential. It will only be shared with third parties where it is necessary for the performance of our tasks or where you first give us your prior consent.
It is likely that we will need to share your data with some or all of the following (but only where necessary):
- other choirs
- other members of the RPMVC
- our agents, servants and contractors. For example, we may need to provide names to Hotels or other organisations supporting Choir activities.
How Long Do We Keep Your Personal Data?
We will keep records for as long as you remain a member of the Choir; once you leave the Choir we will remove your personal data from our systems within 1 (one) year.
Your Rights and Your Personal Data
You have the following rights with respect to your personal data:
When exercising any of the rights listed below, and in order to process your request, we may need to verify your identity for your security. In such cases we will need you to respond with proof of your identity before you can exercise these rights.
- The right to access information we hold on you
At any point you can contact us to request the information we hold on you, ask why we have that information, who has access to the information and where we obtained the information from. Once we have received your request we will respond within 1 (one) month.
- The right to correct and update the information we hold on you
If the data we hold on you is out of date, incomplete, or incorrect, you can inform us and your data will be updated.
- The right to have your information erased
If you feel that we should no longer be using your data or that we are illegally using your data, you can request that we erase the data we hold.
When we receive your request we will confirm whether the data has been deleted or the reason why it cannot be deleted (for example because we need it for our legitimate interests or regulatory purpose(s)).
- The right to object to processing of your data
You have the right to request that we stop processing your data. Upon receiving the request we will contact you and let you know if we are able to comply or if we have legitimate grounds to continue to process your data. Even after you exercise your right to object, we may continue to hold your data to comply with your other rights or to bring or defend legal claims.
- The right to withdraw your consent to the processing at any time of data to which consent was sought. You can withdraw your consent easily by telephone, email, or by post.
- The right to object to the processing of personal data where applicable
- The right to lodge a complaint with the Information Commissioner’s Office
Transfer of Data Abroad
Our website is also accessible from overseas so on occasion some personal data may be accessible from overseas.
If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Please contact a member of the Choir’s Committee if you have any questions about this Privacy Notice or the information we hold about you, or to exercise all relevant rights, or to present queries or complaints.