CARFIELD COMMUNITY CHOIR
Data Protection Policy
- Carfield Community Choir needs to keep personal data about its committee, and its members in order to carry out group activities.
- We will collect, store, use, amend, share, destroy or delete personal data only in ways which protect people’s privacy and comply with the General Data Protection Regulation (GDPR) and other relevant legislation.
- We will collect, store and use the minimum amount of data that we need in order to communicate with our members about choir related activities.
- We will only collect, store and use data for:
- Purposes that are in our group’s legitimate interests, or
- Purposes for which the individual has given explicit consent
- We will provide individuals with details of the data we have about them when requested by the relevant individual
- We will delete data if requested by the relevant individual
- We will endeavour to keep personal data up-to-date and accurate
- We will store personal data securely
- We will not share personal data with third parties without the explicit consent of the relevant individual, unless legally required to do so
- We will endeavour not to have data breaches. In the event of a data breach, we will endeavour to rectify the breach by getting any list and shared data back. We will evaluate our processes and understand how to avoid it happening again.
- To uphold this policy, we will maintain a set of data protection procedures for our committee and volunteers to follow.
This policy will be reviewed every two years
CARFIELD COMMUNITY CHOIR
Data Protection Procedures
These procedures cover the main, regular ways we collect and use personal data. We may from time to time collect and use data in ways not covered here. In these cases we will ensure our Data Protection Policy is upheld. We will review our policy every 2 years.
- Data will be stored securely. When it is stored electronically, it will be kept in password protected files and a secure Google Groups mailing list. When it is stored online in a third party website (e.g. Google Drive) we will check that the third party comply with the GDPR. When it is stored on paper it will be filed in a locked filing box.
- When we no longer need data, or when someone has asked for their data to be removed, it will be deleted from our database and our records, and any paper data will be shredded.
- Where any explicit consent to collect and use data has been requested and given, we will keep the records of consent and store them securely in password protected files or in a locked filing box.
- We will maintain a mailing list. This will include the names and contact details of people who wish to receive choir related information such as weekly updates, minutes of meetings, and publicity regarding events, i.e. our group’s “legitimate interests”
- Separate explicit consent will be requested if there is a need to communicate with members about information which falls outside this purpose.
- When people sign up to the list we will explain how their details will be used, how they will be stored, and that they may ask to be removed from the list at any time. We will provide information about how to be removed from the list with every mailing.
Communication with and between volunteers
Members of the choir periodically volunteer to support choir activities in a number of ways, for example in the organisation of the Singing Weekend and the Grand Day Out.
To allow volunteers to work together to organise for the group, it is sometimes necessary to share volunteer contact details with other volunteers. We will only do this with explicit consent of the people concerned.
Communication with and between committee members
The committee need to be in contact with one another in order to run the organisation effectively and ensure its legal obligations are met.
Committee contact details will be shared among the committee with the consent of the members.
Committee members will not share each others’ contact details with anyone outside of the committee, or use them for anything other than Carfield Community Choir business, without explicit consent.
These procedures will be reviewed every two years