Data Policy – This document may be opened and downloaded as a PDF by clicking here.
Data Policy Issue 1 October 2022 1. This Data Policy shows how The Elgar Chorale of Worcester (EC) complies with the UK General Data Protection Regulation (UK GDPR) tailored by the Data Protection Act 2018. 2. The Elgar Chorale of Worcester holds the following personal data concerning persons as applicable (data owners) a. Name b. Address c. Telephone number(s) d. Email address e. Membership type (Full, Honorary, Friend) f. Date of joining g. Voice range h. Audition date i. Audition result j. Business Name k. Contact Name l. Contact details m. Nature of contact (date/reason/outcome). 3. The data is held by electronic means by the following officer of the EC a. Administrator as Data Controller and can be accessed by the following officers for their use while carrying out their duties within the EC b. Chair by reference to the Data Controller c. Webmaster by reference to the Data Controller d. Librarian by reference to the Data Controller e. Treasurer/Online Ticket Secretary by reference to the Data Controller and Ticket agency provided by Eventbrite online. The Treasurer i. also records subscriptions paid by the membership. ii. Supplies details as required for payments to be made in a timely manner. f. Marketing and Publicity Officer by reference to the Data Controller. 4. The data is electronically encrypted and is held in accordance with good standards of personal domestic security. 5. It is held for the specific purposes that the members intend, i.e. running and maintenance the EC, subscription advice and receipts, and for specific consents which it receives for the sending and receipt of information from time to time. 6. The EC does not release the personal data of anyone to a third party without the data owner first giving their specific consent for the data to be released. 7. EC will not send open emails that show addresses, other than that of the recipient. 8. Data is only collected and stored after the data owner has given consent. This consent will specify a. how it will be used. b. consent will not be assumed but will be actively required (opt in) and what failing to opt in will mean. c. any outside organisation that will be given the data, why and what the organisation will do with the data. d. Some data is time dependent and, where necessary, the date of deletion will be notified prior to consent being given. 9. Each person whose data EC holds can request a full statement of that information and require the information amended or deleted. They will be made aware of any adverse effect such amendment or deletion may have on them. 10. Complaints concerning collection, transmission, processing or use of data, in any way, should be raised with the EC Administrator. 11. A copy of this Data Policy will be maintained on the website of the EC 12. This Data Policy is a live document and will be up-dated and amended as required by change in the requirements of the GDPR. It will be reviewed for fitness for purpose each year or a shorter period if required. October 2022 The Elgar Chorale