Menu

header photo

PRIVACY POLICY

Introduction

In delivering its charitable purpose, Aylesbury Orchestral Society, performing as Aylesbury Symphony Orchestra (The Society) processes the personal data of its members, subscribers and audience. This data is collected and used by Committee Members of The Society (The Committee) and shall be handled in accordance with the General Data Protection Regulation (GDPR). This Privacy Policy describes what personal data is collected, where it is stored, who can use it and how the rights of individuals are protected.

What personal data is collected

The Society collects the following personal information; name, address, phone number(s), email address

The Society does not collect sensitive personal information as defined in the GDPR. This includes data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.

Use of personal data

The personal data is collected and processed by The Society for the purposes of operation of The Society, for management of The Society’s activities, for fundraising, for marketing and for general communications.

The personal data shall be used in accordance with the permission to use the data given by individuals. The personal data shall not be used for any other purpose and shall not be provided to third parties.

Personal data shall only be stored for the period for which it is required. Data which is no longer required, or which is out of date shall be deleted.

Where the personal data is stored and who has access to it

Personal data is used by The Society. The Society does not own any IT equipment for data processing. Personal data is stored securely on personal computers of The Committee, and is stored securely on Google Drive. Personal data which is collected from The Society's website via Contact Us forms is collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP).

The following policies apply to the storage and sharing of this data.

  1. Personal data stored on personal computers is protected by a login and password security mechanism. In the case where the personal computer is accessible to other parties, the individual files containing personal data should be password protected.
  2. Personal data shall not be copied to, or transferred by, usb stick (or other portable storage) unless the files are password protected.
  3. When using email address lists, the blind copy (bcc) function should be used for individual email addresses, such that the distribution list is hidden from recipients.
  4. Personal data which is held on paper records shall be stored in a safe location, for example at The Committee member's home. Where personal data is carried outside of this location, e.g to a meeting, the personal data must be considered as confidential and kept in The Committee member's possession at all times.
  5. When The Committee member's cease to serve on The Committee, any personal data they hold shall be deleted.
  6. Personal data may be shared with The Society for the purposes of management of The Society.

Permission to use the data

Prior to collecting personal data, permission shall be obtained from each individual to store their data and to contact them. Such permission may be gained by use of the application form, or other means. This is an opt-in process, permission should not be assumed.

Rights of individuals

Individuals have the right to see what personal data has been stored.  When a request to see personal data is received, one Committee member will coordinate the response and will asked all other Committee member’s to provide their relevant stored data for collection into a single response to the request.

Individuals have the right for their personal data to be removed from use by The Society and for their history to be deleted. When a request for removal of personal data and/or history is received, one Committee member will coordinate the response and ask each Committee member to delete the relevant data. The individual concerned will be notified that their personal data and/or history have been deleted.

Individuals have the right to ask for their personal data to be changed.  When a request to change personal data is received, one Committee member will coordinate the response and will asked all other Committee member’s to change the relevant stored data. The individual concerned will be notified that their personal data has been changed.

Registration with the Information Commissioners Office

Aylesbury Orchestral Society is a not-for-profit organisation which only processes information necessary to provide or administer activities for people who are members of The Society or who have regular contact with it. The Society qualifies for exemption from the registration requirements with the information commissioner’s office (ICO). 

Maintenance, audit and review

An initial audit has been carried out to identify what personal data is being held and for what purpose. Such an audit may be repeated from time to time.

It is the responsibility of individual Committee members to maintain accurate data, and to delete data which is no longer required.

The Societywill review this policy every two years.

Document History

19 March 2018                      Policy drafted and circulated for initial review

9 July 2018                            Policy amended and circulated for sign off

16 October 2018                   Policy published on ASO website