SONGHAVEN DATA PROTECTION POLICY
1. INTRODUCTION
1.1 Songhaven Community Interest Company will, as part of its day-to-day activities, process personal data (which may be held on paper, electronically, or otherwise). Songhaven recognises the need to treat personal data in an appropriate and lawful manner, in accordance with the General Data Protection Regulation 2016 (GDPR) which becomes effective on 25 May 2018. The purpose of this policy is to make you aware of how we will handle your personal data.
1.2 Songhaven holds three main types of data. The first is our electronic mailing list of supporters who have given us permission to contact them about Songhaven concerts & events. Our electronic Concert Announcements are emailed to subscribers from a password-protected, Mailchimp account. The password is only known to the Artistic Director of Songhaven and is changed regularly to increase security. The second type of data is information about our subscribers including a list of names and (in some cases) postal addresses for any subscribers who prefer to receive Concert announcements by post. Again, this information is held securely and is password protected. The third and final category is emails between Songhaven and supporters, held on a password protected email account via our webhosting service. Only the Artistic Director of Songhaven has access to these emails, and any old emails that are no longer relevant are regularly deleted from this account.
2. DATA PROTECTION PRINCIPLES
2. We will comply with the following principles. Personal data will be:
(a) Processed fairly, lawfully and transparently.
(b) Processed for limited purposes and in an appropriate way.
(c) Relevant and not excessive for the purpose.
(d) Accurate.
(e) Not kept longer than necessary for the purpose.
(f) Processed in line with individuals’ rights.
(g) Secure.
2.2 “Personal data” means recorded information we hold about you from which you can be identified. “Processing” means doing anything with the data such as accessing, disclosing, destroying or using it in any way.
3. HOLDING AND USING DATA
3.1 We will only process your personal data where your consent has been given or where there is a clear legitimate interest i.e. where there is a legitimate purpose behind the processing, where it is necessary and where the legitimate interest is not overriden by your interests, rights and freedoms.
3.2 We will never ask our supporters for sensitive personal data such as religious beliefs.
3.3 When you make donations, either one-off or as standing orders, we will need to hold your personal data, which we may share with your bank and HMRC.
3.4 When you request to be on our mailing list, your name, along with any contact information you supplied, will be stored on our password-protected mailing list.
4. HOW WE ARE LIKELY TO USE YOUR PERSONAL DATA
4.1 Songhaven’s mailing list involves the processing of personal data in order to let its subscribers know about forthcoming Songhaven concerts & events. This is a mailing list built up since 2016 and includes those who have subscribed at concerts, via our website’s contact form and in person. We have not taken the decision to renew these opt-in decisions in 2018 because of the small scale of our operation and because there is a very clear and easy way to unsubscribe from our non-intrusive mail-outs.
4.2 We will process the data you have provided for administrative and management purposes and to enable us to operate Songhaven. We will only process your personal data for the specific purpose of administering the work of Songhaven (“the Purpose”). Your personal data will only be processed to the extent that it is necessary for the Purpose.
5. ACCURATE DATA. We will take reasonable steps to keep the data we store about you accurate and up to date. Please notify us if your personal details change or if you become aware of any inaccuracies in the personal data we hold about you so that we can make the necessary amendments.
6. DATA RETENTION
We will not keep your personal data for longer than is necessary for the Purpose. This means that data will be destroyed or erased from our systems when it is no longer required or if you decide to unsubscribe from our mailing list.
7. PROCESSING IN LINE WITH YOUR RIGHTS
You have the right to:
(a) Request reasonable access to any personal data we hold about you.
(b) Prevent the processing of your data for direct marketing purposes.
(c) Ask to have inaccurate data held about you amended or deleted.
8. DATA SECURITY
8.1 We will take all reasonable measures to avoid accidental loss of your data, and that no unauthorised or unlawful processing of it takes place. All our data management systems are password-protected and accessible only to the Songhaven Artistic Director.
8.2 We will not transfer details to a third party unless required to do so by law.
8.3 Maintaining data security means guaranteeing the confidentiality, integrity and availability (for authorised purposes) of personal data.
9. SUBJECT ACCESS REQUESTS
If you wish to know what personal data we hold about you, please make the request in writing. All such written requests should be sent to Vivien Conacher, Artistic Director, at Songhaven’s registered address.
10. BREACHES OF THIS POLICY
If you consider that this policy has not been followed in respect of personal data about yourself or others please contact Vivien Conacher, Director, at Songhaven Community Interest Company’s registered address. She has overall responsibility for Songhaven’s ongoing compliance with the GDPR.