In delivering its charitable purpose, Cubbington Silver Band (CSB) processes the personal data of its members, supporters, donors and the general public. This data is collected and used by the management committee of the band and shall be handled in accordance with the General Data Protection Regulation (GDPR.) CSB’s Data Protection Policy describes what data is collected, where it is stored, who can use it and how the rights of individuals are protected.
Individual band members may collect and store personal information about other band members and contacts e.g. email addresses and phone numbers of band members, friends and other contacts which they use for their personal use, not directly associated with the management of the band. Such data is not the subject of this policy.
What personal data is collected?
The band collects the following information: name; address; phone number(s); date of birth; email address(es) emergency contact information and any other information which might be necessary for the administration of the band.
The band does not collect sensitive personal information as defined in the GDPR. This includes data on ethnicity or racial origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, or data concerning health or sexual orientation.
Use of personal data
Personal data is collected and processed by the CSB management committee for the process of operating the band, for the management of the band’s activities, for fundraising, for marketing and for general communication.
The personal data shall be used in accordance with the permission to use the data given by individuals. The personal data shall not be used for any other purpose and shall not be provided to third parties without permission, except that the data of members may be shared with Brass Band Players Ltd and other contest regulation organisations in order to comply with registration regulations for contests.
Personal data shall only be stored for the period for which it is required, for example for the duration of the membership tenure. Data which is no longer required, or which is out of date, will be deleted.
Where is the personal data stored and who has access to it?
Personal data is used by the CSB management committee. CSB does not own any IT hardware for data processing. Personal data is stored primarily in the shared Google Drive and in the shared Muzodo scheduling online tool. Some personal data may be downloaded to the personal computers of members of the CSB management committee from time to time while it is being used but it is the committee’s intention to store records primarily in the online Google Drive.
The following policies apply to the storage and sharing of this data
- Personal computers used to store or manage personal data shall be protected by a log in and password system. If the personal computer is used by others, access to the personal data should be protected by a password.
- Personal data shall not be copied to, or transferred to, a usb data stick or other portable storage system unless it is protected with a password.
- When using email distribution lists to communicate with band members the Blind Copy function should be used so that individual members do not have access to other members email addresses.
- Personal data stored on the Google Drive shall be password protected and is accessible only to members of the management committee. This access will be controlled by the band’s data controller.
- Personal data held in the website shall be password protected and is accessible only to members of the management committee. This access will be controlled by the band’s website administrator.
- Wherever possible the committee will try to store information in electronic form. Personal data which is stored in paper records will be stored in a safe place. This could include a committee member’s home or the locked store cupboard at the Band Factory. If personal data is transported (e.g. registration cards taken to a contest) the information should be treated as confidential and kept in the committee member’s possession at all times.
- When a committee member leaves the committee all personal data they might hold (e.g. on a personal computer) should be deleted.
- The Google password should be changed if a committee member leaves the committee.
Permission to use the data
Prior to collecting personal data the permission of each member shall be sought to store their data. This may be sought using Google forms or any other appropriate method. This is an opt in process and permission should not be assumed.
Rights of individuals
Individuals have the right to see what personal information has been stored. If a request to see personal information is received it will be coordinated by the band’s data controller who will liaise with all other committee members to check any data that is being held locally before combining this with the data held on the Google Drive and providing a response.
Individuals have the right to have their personal data removed from the band’s records and for their data history to be deleted. If a request to delete data is received the band’s data controller will liaise with the other committee members to check any data that is being held locally is deleted before deleting the information held on the Google Drive and confirming that this has been done to the person making the request.
Individuals have the right to have their personal information changed. If a request to change personal data is received the band’s data controller will liaise with the other committee members to change any data that is being held locally before making the required changes on the Google Drive and confirming to the person making the request that the changes have been made.
Registering with the Information Comissioners Office
CSB is a charitable organisation which only collects information necessary for the running of the band, to administer activities for the members of the band or for people who have regular contact with the band. CSB is therefore exempt from the registration requirements with the Information Commissioners Office.
Maintenance, Audit and Review
An initial audit has been carried out to ascertain what information is being stored and for what purpose. Such an audit will be repeated from time to time to ensure the band has an up to date record of data stored.
It is the responsibility of individual committee members to make sure that stored data is accurate and that data which is no longer required is deleted.
Individual band members have a responsibility to ensure that they advise the band of any changes that need to be made to the personal data the band holds concerning them.
The management committee will review this policy every two years or sooner if necessary.
You can contact the band’s Data Compliance Officer, M. Scott by emailing us or telephoning our Secretary on 07511 095 647.
History
Draft Created 04/04/18 – J. Edmonds
Adopted 16/05/18 – CSB Committee
Reviewed 18/12/19 – CSB Committee