DRAFT WEBSITE POLICY
Our Dementia Choir – Privacy Notice
Version 1 – October 2021
DRAFT PRIVACY NOTICE AWAITING RATIFICATION BY TRUSTEES 13.12.21.
Our Dementia Choir takes the protection of personal data very seriously. This notice sets out how we manage personal data.
Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is (from 25 May 2018) governed by the General Data Protection Regulation 2016/679 (“GDPR”).
Who are we?
Our Dementia Choir (Registered Charity No. 1187483) is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
How do we process your personal data?
Our Dementia Choir complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. We do not source personal data from third parties, other than as may be publicly available. We use your personal data for the following purposes:
(Applicants for membership) to contact you regarding the recruitment process
(Choir Members) to administer your membership of the Choir and participation in and promotion of its activities;
(Carers, Families and Friends) to contact you regarding choir activities and to support the choir members.
(Past members) to inform you about opportunities to participate in Choir events;
(Suppliers of services, goods and funding) to administer your relationship with the Choir;
(Past suppliers) to contact you regarding the provision of further services/goods to the Choir;
(Supporters, includes those who have attended concerts and events promoted by the Choir) to contact you regarding bookings you have made (including seeking feedback) and to contact you regarding future Choir events in accordance with any specific consents or requests you have given;
(All) to keep records of consents given to process personal data
What is the legal basis for processing your personal data?
The legal basis for processing we have identified is Article 6 of the GDPR. Specifically, we process data under one or more of the following bases set out in that Article:
Consent of the data subject
necessary for the performance of a contract with the data subject or to take steps to enter into a contract;
compliance with legal obligations (for example Companies Act, Charities Act and HMRC requirements) or
necessary for the legitimate interests of the data controller, except where such interests are overridden by the interests, rights or freedoms of the data subject (in this context our legitimate interests are to promote the objects of the Dementia Choir.
Sharing your personal data
Your personal data will be shared only with the Choir’s Trustees, their volunteer team, and in the case of Dementia Choir Members (excluding any contact/address information) individual Members of the Dementia Choir. In all cases personal data is only shared to the extent reasonably necessary for the purposes described above. We will only share your data with third parties with your consent, unless we are required to do so by law.
How long do we keep your personal data?
We keep your personal data for no longer than is reasonably necessary. In deciding how long we should keep your data we take into account the following criteria:
The nature of your relationship with the Dementia Choir: eg member, past member, supporter or past supporter, supplier or past supplier of services/goods (whether or not under direct contract);
The legitimate reasons we may have for continuing to contact you deriving from our charity objects (see above);
Our legal obligations as a charity to retain financial and other records (typically for a minimum of 6 years);
Any specific consents or requests you have made regarding the duration of processing of your personal data;
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
The right to request a copy of your personal data which the Dementia Choir holds about you;
The right to request that the Dementia Choir corrects any personal data if it is found to be inaccurate or out of date;
The right to request your personal data is erased where it is no longer necessary for the Dementia Choir to retain such data;
The right to withdraw your consent to the processing at any time;
The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
The right to lodge a complaint with the Information Commissioner’s Office.
Changes to how we process personal data
The Dementia Choir’s processing of personal data is kept under review by the Trustees and this Data Privacy Notice may be revised from time to time. Where our processing of your personal data relies on your consent, we will provide you with a new notice explaining any new purposes and processing conditions and seek your prior consent prior to commencing such processing.
To exercise all relevant rights, queries or complaints please in the first instance contact the Choir’s Secretary:
Our Dementia Choir
c/o Curve Media
47 Brunswick Place
London N1 6EB