privacy policy

Crumpsall Concert Band Privacy Policy

The Crumpsall Concert Band takes its responsibility for Data Protection, in compliance with GDPR, extremely seriously, and the following statement supports this ethos.


What is this guide for?


Whenever we need to collect any of your data, we will let you at that point why we need to do so and what it will be used for, but this guide provides a useful overview of all of those situations and provides more detail on how we keep your data secure and up to date, how long we might hold it for, and what your rights are in relation to it.


Crumpsall Concert Band is committed to protecting your personal data and will use any personal or sensitive data we collect from you in line with the General Data Protection Regulations (GDPR).


Who's responsible for data the group collects? 


Crumpsall Concert Band is a Data Controller under the GDPR. Crumpsall Concert Band’s Data Protection Officer is the Chair who can be contacted at crumpsallband@hotmail.co.uk.


What data do we collect and what do we use it for?


Crumpsall Concert Band collects data from individuals to help us plan, organise and run the day-to-day operations of the group (e.g. co-ordinating rehearsals or collecting subscription payments) and to promote and market the group’s activities (e.g. marketing mailing lists and photography/video capture).


The Crumpsall Concert Band collects and stores membership data, initially requested when a new member joins the band or former member re-joins, to support accurate record keeping, attendance registers, subscription records and other administrative requirements solely in relation to the effective management and operation of the Crumpsall Concert Band.


In this regard, data will be restricted in access and usage to members of the Crumpsall Concert Band Committee, including seconded committee members, band safeguarding representatives and first aiders. These roles will constitute the band’s ‘Data Controllers’ and where a data controller discontinues their role such access will cease also.


Limited personal data may only be shared publicly for Crumpsall Concert Band-related purposes such as newsletters and concert programmes and the amount of date in these instances will be restricted to name only (often just forename) and not at all if parents / carers of members aged under 18 have requested this is not permissible. On joining, all members have the option to opt out of such publicity and photographs / videos (both often anonymised and portrayed in group scenarios) and this option can be exercised at any time during their membership.


Members: for administering membership


When you join Crumpsall Concert Band as a member, or during your membership with us, we may need to collect some of the following information on you. We don’t collect all this data on all members – we only collect it if it’s needed:


Name 


Email address 


Phone number 


Address  


Emergency contact details 


Medical information  


DBS checks


Photos/video footage


Audition notes


The amount of data collected and securely stored is relative to the above primary purposes and such usage may also include, but may not be restricted to, the following scenarios:


  • Contacting members for short-notice announcements e.g ‘band rehearsal cancelled this evening due to unforeseen circumstances /weather’ etc
  • Contacting named contacts in emergency situations e.g. ‘vehicle breakdown and will be back late from an event’ etc
  • Contacting named contacts in relation to a medical emergency.


This data will be used by the band committee to manage your membership with Crumpsall Concert Band and to organise and run our activities.


If you give us your consent to do so, we may also use your contact details to send you marketing/promotional communications from the group.


Any marketing/promotional communication we send you will include a clear option to withdraw your consent (e.g. to ‘opt out’ of future emails) and you can also withdraw consent at any point by contacting the Data Protection Officer.


Event attendees: for processing and managing tickets for events


Where our events are ticketed, we need to collect data on the person booking (name and email) in order to allow you access to the event and to send you a confirmation of your reservation/purchase. This data will only be used for administering your access to the event/s for which you have booked and will not be used to send you marketing/promotional messages from the group unless you have also provided your consent to receive these (see below).


Employees and contractors: for administration and legal/regulatory purposes


We may need (for administration or for legal/regulatory reasons) to collect personal or sensitive data on employees or contractors of the group. Where this is the case, we will explain what this is for at the point of collection.


Mailing list subscribers: for marketing and promotion


We offer everybody the opportunity to sign up (consent) to receive marketing and promotional information on the group’s activities (e.g. emails about forthcoming events).


When you sign-up to our marketing mailing list we will ask for your name and email address and will use this data to send you information about our events and activities (e.g. forthcoming performances, social events and fundraising events). We may also ask for your preferred topics and communication methods. These allow us to tailor the information we provide to suit your preferences (e.g. email vs post).


We will only send you information that is related to the group (e.g. we will not use your data to send you marketing messages from 3rd parties). 


Anything we send you will include a clear option to withdraw your consent (e.g. to ‘opt out’ of future emails) and you can also do so at any time by contacting the Data Protection Officer.


Website visitors: for running and improving our website


We use cookie technology when a person visits our website to collect and analyse anonymised data on how many people have visited, what pages they have looked at and other statistical information. 


We use a pop-up banner to let users know about this on their first visit, and they can at any time disable cookies in their browser if they do not wish their (anonymised) data to be tracked.


You can find out more about cookies at www.allaboutcookies.org

Do we share your data with anyone else?


Band member details will be provided externally only in strictly-controlled band-related circumstances via authorised application processes relating to band performances / events and only where strictly-required e.g. for security, venue health and safety or for event applications such as contests, The recipients of data for purposes such as the above will be ‘Data Processors’and data will only be supplied for processing once the band’s Data Controllers are satisfied that such data will only be used for the purposes(s) it has been requested and in no way forwarded on, and that such data will be retained by the third party only so long as is necessary before secure redaction. A copy of the recipient’s Privacy Notice may be requested to evidence this.


We will never pass your details on to third parties for marketing purposes. 


We sometimes use third party services to process your data (e.g. band webmail or band website host). We will always make sure any third parties we use are reputable, secure, and process your data in accordance with your rights under GDPR.


If another member of Crumpsall Concert Band asksfor your contact details we will only ever share them if you consent.


Are the special measures for children's data?


Where we knowingly collect or store data of children under the age of 13 we will ensure the person with parental responsibility for the child has seen the relevant information relating to the child data or has given consent on behalf of the child.


Once a child is over 13 years old, parental consent to use their data will no longer be sufficient. We will only continue to hold/use the data if the child themselves also gives their consent.


Data Security


Physical – all completed new member joining forms will be stored securely and where emergency contact details are required to be portable e.g. on a band trip or off-site performance, they will be retained by authorised band Data Controllers only. Relevant data from the forms will be added to our secure database.


Digital – the database containing member contact and emergency contact details is password encrypted and only accessible to authorised band Data Controllers.


Data Accuracy – the band’s Data Controllers will perform an annual exercise to ensure data held remains accurate, and to update records when data changes are notified e.g. change of contact number.


How can you review your data?


At any time you can ask to view, update or correct any data we hold on you. You can also ask that we stop using your data or that we erase it. To request any of these, please contact the Data Protection Officer who will respond within one month. 


You can contact us at any time at crumpsallband@hotmail.co.uk to update or correct the data we hold on you. 


How long we will hold your data?


The Crumpsall Concert Band data retention policy is to review all data held on individuals at least every year and remove data where we no longer have a legitimate reason to keep it. Personal including contact details will be retained throughout an individual’s membership of the band and retained for a period of up to 2 years after leaving for purposes of contact for special events / reunions etc. Former members can request we retain their data longer should they so wish and equally that we redact their record immediately upon leaving. In addition, any time-expired redactions will be picked up during the annual review process for data accuracy.


Where you have withdrawn your consent for us to use your data for a particular purpose (e.g. unsubscribed from a mailing list) we may retain some of your data for up to two years in order to preserve a record of your consent having been withdrawn. 


What rights do you have?


Under the GDPR, you have the following rights over your data and its use:
 

  • The right to be informed about what data we are collecting on you and      how we will use it
  • The right of access - you can ask to see the data we hold on you 
  • The right to rectification - you can ask that we update or correct your      data
  • The right to object - you can ask that we stop using your data for a      particular purpose
  • The right to erasure - you can ask us to delete the data we hold on you
  • The right to restrict processing - you can ask that we temporarily stop      using your data while the reason for its use or its accuracy are investigated      
  • Though unlikely to apply to the data we hold and process on you, you also have rights related to portability and automated decision making     (including profiling)


All requests related to your rights should be made to the Data Protection Officer at. We will respond within one month.


You can find out more about your rights on the Information Commissioner’s Office website


What will we do if anything changes?


If we make changes to our privacy statements or processes we will post the changes here. Where the changes are significant, we may also choose to email individuals affected with the new details. Where required by law, will we ask for your consent to continue processing your data after these changes are made. 


Use of Cookies


What are 'cookies'?


'Cookies' are small text files that are stored by the browser (for example, Internet Explorer) on your computer or electronic device. They allow websites to 'remember' you for a period of time so that they can store things like user preferences and make the website quicker and easier for you to use.


Without cookies, some things on websites would not be able to work: for example, without cookies it might not be possible to know whether or not you are logged in on a website, which would prevent you from being able to see content restricted to logged-in users.


How does the Crumpsall Concert Band website use cookies?


A visit to a page on the Crumpsall Concert Band website may create the following types of cookie:



Registration and preferences cookies


When you register with Crumpsall Concert Band, we generate cookies that let us know whether you are signed in or not. Our servers use these cookies to work out which account you are signed in with, and if you are allowed access to a particular service. It also allows us to associate any comments you post with your username. If you have not selected 'keep me signed in', your cookies get deleted when you either close your browser or shut down your computer.


Anonymous analytics cookies


Every time someone visits our website, software provided by other organisations (our web hosting) generates an 'anonymous analytics cookie'.


These cookies can tell us whether or not you have visited the site before and what pages you visit. Your browser will tell us if you have these cookies and, if you don't, we generate new ones. This allows us to track how many individual users we have, and how often they visit the site. We use them to gather statistics, for example, the number of visits to a page, to help us identify if visitors would benefit from more information on a particular area.


How do I turn cookies off?


It is usually possible to stop your browser accepting cookies, or to stop it accepting cookies from a particular website.


All modern browsers allow you to change your cookie settings. You can usually find these settings in the 'options' or 'preferences' menu of your browser. To understand these settings, the following links may be helpful, or you can use the 'Help' option in your browser for more details.


Please note: switching off cookies may prevent some aspects of our website from working fully.


 Useful links


You can find out more about cookies and their use on the internet from www.allaboutcookies.org

image53
image54
image55