Personal data protection policy

Harrogate Male Voice Choir

Personal Data Protection Policy

What we hold and on who: Choir number, given and surnames, telephone numbers (land and/or mobile), address, emergency contact number (1 or 2), year of joining. (see the example at the end of this document).  To see what we hold about you now, simply ask the Membership Representative for a full print out of your data. This data is held for our President, Director, Accompanists and all Singers who pay a subscription.

Why we hold it: to let the officers of the choir contact members and efficiently run the choir’s business.

Who has access to your data:  The Membership Representative keeps and updates the choir’s recordselectronically and supplies all/parts of the data to officers of the choir as they need it to do their jobs – he is responsible for GDPR and reporting any breaches.  None of the data held is supplied to anybody outside the choir, in any form.

How your data is currently held:  currently the full data set is held in an Excell spreadsheet, password protected and encrypted.  It is on the hard-drives of the Membership Representative and Committee Secretary. The only formal paper record currently used is a list of all members’ names and their emergency contact numbers – this is held with the First Aid kit under the control of our First Aiders.  Other officers receive electronic information and have the discretion to print it to do their specific jobs.  

Updating personal records:  from time to time (currently annually) you will be asked to check the data that we hold for you, so that our records can be corrected and updated.  This Policy and the exact form of your records will be kept under review by the Committee, and updated to keep abreast of current technology and the Committee’s needs.

Data Manipulation: no manipulation of the data takes place other than extracting subsets of it to supply the needs of the choir’s officers.

How long we keep your data: your data is kept while you are a member.  When you leave, your name and all your information is removed.  The Treasurer is required to keep some of your details for 6 years after your last Gift Aid donation to the choir – but this is a legally required tax record separate from the choir’s spreadsheet.  Your details may by chance persist in saved emails and historic records (on memory sticks and such like) – but after you leave the choir, we will have no sure way of contacting you!

Committee’s Privacy Assumption:  the Committee assumes that none of the information the choir holds is of itself so private that it should not be shared with other members of the choir.  For example, in the membership section of the choir’s web site there is a full list of personal telephone numbers of all choir members. Ask us to remove any such sensitive information from our records.

Committee’s Assumption of Consent: the Committee assumes that all members who joined the choir before the GDPR came into existence (2018) agreed at that time that their records could be held and used.  Those joining since have signed the form to explicitly state that they also consent (and the year that they did this is in the data).  The Membership Representative will NOT keep the paper records of signatures, but simply enter the year into the spreadsheet in which assent was seen to be given.  If you do not consent to this, tell the Membership Representative so now.

YOUR RIGHTS TO YOUR DATA: you have a right to see what data we hold about you, to have any of it corrected and any of it removed from our records.  If you have any concerns about your data or the choir’s handling of any data issues, please raise them in first instance with the Membership Representative, and if you are not happy with the response, with the Chairman of the Committee verbally and/or in writing.

16th May 2023  Membership Representative Tom Holland