Portobello Community Choir processes personal information (email addresses and phone numbers) of individuals attending choir sessions and who consent to the organisation doing so.
The information will be used to inform members about choir events and occasional other relevant singing activities.
Portobello Community Choir takes photographs and videos of members taking part in choir events. These are used for publicity on the choir website, posters and social media. Members are asked for their consent for photos and videos to be shared in this way and have the opportunity to refuse consent or to withdraw consent at any time.
Portobello Community Choir processes the information in accordance with the Data Protection Act 2018 and the principles in the GDPR in the following ways:
- Lawfulness, fairness and transparency
A clearly written privacy notice will be written on the form that new members are asked to sign when they give their contact details and indicate consent to the use of photos and videos. Data will only be used for the purposes described. - Adequate, relevant and limited to what is necessary
The information collected will only be what is necessary for the running of the organisation, for establishing and maintaining membership of the choir. No information other than contact details shall be collected. The information will not be shared with any 3rd party without permission and only shared within the choir on a strict need to know basis. - Accurate and up to date
All reasonable steps will be taken to ensure that the information is accurate. The email list will be updated regularly and at least once every two years, and members will be removed when they ask to be removed. Any inaccuracies will be rectified as soon as possible. - Only hold the information for as long as is necessary
The list will be updated regularly (see above). - Appropriate control and choice
The privacy notice on the consent form will make it clear that choir members do not have to provide their contact details to take part in choir events, and that they can withdraw consent for us to hold any information they give us at any time. - Security
Personal data will be held on a password protected computer, and on a secure email list. Any paper copies of personal information will be kept in a locked filing cabinet and shredded when no longer needed.
All rights of data subjects under the Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR) will be respected.
- Right of access
Choir members have a right to access the information held about them free of charge. We will respond to such requests as soon as possible and at the latest within one month of the request. - Right of erasure
Choir members have a right to ask for all information held about them to be erased. We will respond to such requests as soon as possible and at the latest within one month of the request. - Right to complain
You have a right to complain to the Information Commissioner’s Office if you think that there is a problem with the way your data has been handled.