Paisley Philharmonic Choir
Voices in Harmony
Data & Privacy
Contacts for PPC Committee
PAISLEY PHILHARMONIC CHOIR
Scottish Charity No: SC014917
DATA & PRIVACY POLICY (2024/2026)
The Management Committee of Paisley Philharmonic Choir will follow the legal requirements and guidance of the General Data Protection Regulation (GDPR 2018) when handling personal data received in the process of conducting the general running of the Choir.
​
We recognise that ‘personal data’ is any information we receive and process that can identify a person. The data we hold about individuals would generally be basic, such as names, contact details and payment records of choir members, associates, and suppliers, used to effectively carry out the activities of the choir, and the necessary communication involved. We would not collect the kind of data that is regarded as ‘sensitive’ by the GDPR.
​​
Your personal information will be held securely in either paper form or on our password-protected databases, and will only be accessible by authorised personnel. We will only use this information in connection with satisfactorily responding to your messages or enquiries, and any instructions, processes, communication or follow-up associated with it. We will not disclose information to third parties without your permission, unless we are required to by law, or it is deemed to be ‘in the public interest’, in compliance with the UK GDPR.
​
The GDPR requires that there should be a legal basis for collecting, storing and using personal data, from one or more of the following six bases:
​
-
Consent – recorded explicitly for a particular purpose, not just assumed
-
Contract – agreement (can be verbal or written) to provide a service/product, or pay someone to provide a service
-
Vital interests – to protect someone’s life (e.g. share information about a person with paramedics, next of kin etc, in case of health event)
-
Legitimate interests – this might apply to contacting a person for a purpose that they haven’t given specific consent to, but who may be involved in the group’s activities and, in the interest of the group, may reasonably want to be supplied with the information. The purpose should be explained, the minimum data used, and the option given for them to have their data removed.
-
Legal obligation – the Choir is unlikely to need to use this basis. For example, to check for criminal records of volunteers. (This can be a legal requirement for some work with children or vulnerable adults).
-
Public task - unlikely to be relevant as it usually relates to governmental organisations
Paisley Philharmonic Choir will follow these principles required by GDPR:
​
-
We will only collect, store and use personal data if there is a clear specific purpose to do so
-
Only the minimum amount of data required for the purpose will be used
-
We will do our best to ensure that the data is accurate and up to date
-
Data that is no longer needed for a particular purpose, or a request is made to delete it: we will shred any paper copies, and delete digital computer files, including back-ups and background storage, unless there is a legal reason for keeping them
-
People will be told their rights to request to see a copy of the data we hold about them, have this transferred to them in digital form if required, and to have their data amended or erased. The request for this should be made by email to paisleyphilharmonicchoir@gmail.com which can be found on the Contact page of our website. Please note that texts, instant messages or social media communication will not be acceptable for this purpose
-
In the event that a breach of data is discovered, and not recovered, the Committee will, in compliance with the law, notify ICO of the breach within 72 hours.
Currently we do not have a ‘mailing list’ outside of our choir members or associates, and will not bulk email ‘marketing’ information to any external contacts. However, people may obtain information about us and our activities from our website, from our Facebook site, or by requesting information from us by email.
​
Our website uses Cookies but, in compliance with UK PECR law, you will be notified of this by pop-up on first viewing our site. You then have the opportunity to either consent to their use or disable them.
​
Should there be any changes to our Data Protection Policy or uses, for example to comply with changes in the law, we will give notification of this.
​
REVIEW
If we have not heard from an individual for whom we hold data for one year, except by arrangement, we will delete their data from our records, unless there is a legal reason for retaining them, (for example financial records).
​
This Data & Privacy Policy will be reviewed every two years
​
Date: ___20th August 2024___​
​