The privacy and security of your personal information is extremely important to Vivace Chorus. This policy explains how and why we use your personal data, to make sure you stay informed and can be confident about giving us your information.
1 - What personal data do we collect?
Personal data is any information that can identify you either directly or indirectly.
We collect only the personal data we need, as outlined throughout this policy. We currently collect and process personal data for the following groups:
- Our members, including contact details, audition reports, Gift Aid Declarations, photographs, and data on participation in concerts/events
- Trustees, bank account signatories, and anyone who incurs expenditure on our behalf, including bank account details and data required by the Charity Commission
- Patrons, including donation amounts and any Gift Aid declarations
- Our Music Director, rehearsal accompanist(s), and other musicians who take part in our rehearsals, concerts, and other events
- Anyone who purchases or is given complimentary tickets for our concerts and events (unless the venue directly manages ticket sales)
- Our website users, if you accept cookies on our website
Sensitive personal data (e.g. about a disability) will be kept only where there is a legitimate need and consent has been given.
2 - How we get personal data and why we have it
Most of the personal data we process is provided to us directly by you for one of the following reasons:
- Membership of, or involvement with, Vivace Chorus
- Purchasing tickets for our concerts or other events
We use the information that you have given us for the management and administration of Vivace Chorus. In addition, anyone who has signed up to our mailing list will receive emails to inform them of future concerts and events. You can unsubscribe from this mailing list at any time.
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:
- Your consent. (You can remove your consent at any time. You can do this by contacting our Data Protection Officer at firstname.lastname@example.org)
- We have a contractual obligation
- We have a legal or regulatory obligation
- We have a legitimate interest
We share your information with third parties only where we have a legal, regulatory or safeguarding reason to do so, e.g. making Gift Aid claims to HMRC or in response to a request from the Police.
3 - How we store your personal information
Your information is stored securely.
Personal data is held for the minimal periods required to meet legal, regulatory and HMRC requirements and to ensure the effective administration of Vivace Chorus.
Personal data on ex-members and ex-patrons will be held only for the period necessary to meet Gift Aid or HMRC requirements, after which time it will be destroyed.
In the event of a data breach, our Data Protection Officer will report this to those affected and the Information Commissioner’s Office within 72 hours of the breach being discovered.
4 - Your data protection rights
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for a copy of your personal information (a “subject access request”).
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
We will not charge you for exercising your rights. If you make a request, we will respond to you within one month.
Please contact our Data Protection Officer Peter Norman at email@example.com if you wish to make a request, or if you have any concerns or queries about our use of your personal data.
Policy agreed by:
Vivace Chorus Committee
Date policy agreed:
17 Jan 2023
Michelle Mumford MCIPD (Committee Member)
Date of next review:
This content is also available as a PDF attachment.