Norwich Community Choir Data Protection Policy
Norwich Community Choir (NCC) needs to collect and use essential information regarding its members and others for administrative purposes and to carry out its musical activities including rehearsals, concerts and ad hoc events. The Choir recognises its duties under the 2018 General Data Protection Regulation GDPR to safeguard this information whether on a database, paper or other means.
Rarely the Choir may need to share data with other agencies.
Normally Choir members and others will be informed why and how and with whom their information will be shared. Exceptions to this are when information is required by law, to protect the individual’s interest, equal opportunities monitoring and if the individual is not fit to provide their signature.
The Choir recognises the importance of ensuring that personal information is treated lawfully and correctly, and is treated confidentially.
The Choir protects its information in accordance with the GDPR. It ensures that it is needed and fit for purpose, specific and lawfully used, adequate and relevant and not excessive. It will not keep personal information for longer than is necessary.
NCC takes appropriate measures to ensure the security of information and that it is not subject to unlawful or unauthorised processing or loss or destruction.
NCC ensures the good quality and fair collection and use of information. It will ensure its fitness for purpose and only collect and process the information needed to fulfil its musical activities and any legal requirements.
NCC recognises its duties under the Act to protect the rights of its members and potential members. This includes informing them, allowing access to personal information and under some circumstances preventing the processing of personal information. Also to correct, rectify block or erase wrong or incorrect information.
NCC ensures that security is in place to safeguard personal information. NCC treats individuals justly and fairly in accordance with its Equality Policy.
NCC shall register with the Information Commissioner’s Office as an organisation that processes Personal Data.
In the event that we hold bank details for some members for the purpose of:-
a) Creating subscription Standing Orders (we have copies of the forms completed and signed by the members that are sent to banks to set up standing orders).
b) Making payments to members bank accounts (e.g. to reimburse expenses or overpayments). Information is provided by members and held securely on online banking systems.
All data processed by NCC must be done on one of the following lawful basis: consent, contract, legal obligation, vital interests, public task or legitimate interests.
Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.
Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available.
Information and records of members and others is stored securely and only accessible to others on a need to know basis.
Personal information will only be stored for as long as it is needed by the Choir or required by law.
Information no longer required will be disposed of appropriately including the permanent destruction of paper records and destruction of electronically held data when disposing of computers or discs.
Data access and accuracy
All members and others serving the Choir have the right of access to the information the Choir holds on them. Any requests made to NCC shall be dealt with in a timely manner.
NCC shall take reasonable steps to ensure personal data is accurate and kept up to date. Members are asked to inform NCC of any changes.
NCC will ensure that personal data is kept for no longer than necessary. In order to do this data will be reviewed regularly considering what data should/must be retained, for how long, and why.
NCC collects, uses and stores only the limited personal information on individuals essential for recruiting and retaining its members. It does not request information on for example ethnicity and disability and also on other matters covered in its equality policy. However if such information is volunteered it is not shared without the consent of the individual concerned.
Complete lists of members are available only to the Choir Social Team.
All Social Team members understand the principles of good data protection practice and their duties under the GDPR: they understand and adhere to the requirement for confidentiality regarding Choir matters and records.
Except in exceptional circumstances NCC anticipates no need to pass on personal information on its members. In the exceptional case written consent of the individual would be requested.
Data protection will be included as a standing item on Social Team meeting agenda.
Data Protection policy will be posted on the Choir website. Electronic copies are available on request.