This Privacy Notice explains when and why we would collect personal information related to members, clients, customers or other organisations that work, perform, or affiliate with Boarshurst Silver Band and/or Boarshurst Band Club. The notice also describes the conditions under which we may disclose this information to others and how we keep this information safe. This Privacy Notice applies where we are acting as a data controller; in other words, where we determine the purposes and means of the processing of that personal data or, where we have no control of the processing of said data; wifi connectivity, credit/debit card processing.
If your data is currently held by us, you do not need to take any action, pursuant to Recital 171 of the GDPR we can continue to rely on your existing consent that was given.
Scope of this policy
This policy applies to personal data stored and processed by the Boarshurst Silver Band and/or Boarshurst Band Club. This data might relate to members, clients, customers or other organisations.
Personal data is any data that can identify an individual, such as a name, National Insurance number, employee number or customer reference number. All personal data will fall within the Data Protection Act 1998 (“the Act”), including the personal data of customers, previous employees and job applicants. Sensitive Personal Data includes medical records and data on an individual’s religious beliefs or sexual orientation. For the purposes of this policy personal data will be taken to include sensitive personal data unless otherwise stated. The term “processing” includes obtaining, recording and holding personal information as well as changing it, disclosing it, making it available to others and destroying it.
Roles and responsibilities
The Boarshurst Silver Band and Boarshurst Band Club committees are responsible for data protection anfd data security. These committees can be located at Boarshurst Band Club at Greenbridge Ln, Greenfield, Saddleworth OL3 7EW.
Lawfulness, fairness and transparency – Article 5, 1 (a)
The Boarshurst Silver Band and Boarshurst Band Club committees shall only collect and use personal data if it has legitimate grounds to do so, and shall be transparent about how the data is used when collecting data from individuals.
They shall ensure that data collected is not used in any way that is unlawful or will have unjustified adverse effects on the individuals concerned.
Purpose limitation – Article 5, 1 (b)
The Boarshurst Silver Band and Boarshurst Band Club shall ensure that when personal data is collected:
- This is for purposes which are explicitly specified and appropriate;
- the individual is clearly informed of the purposes and appropriate privacy (fair processing) notices are issued;
- and that this data is not processed further in a manner incompatible with the purpose for which is was collected.
Whenever members of the committees are involved in processing any personal data they must ensure that the personal data stored is only used where required to properly perform their role and it is not processed unless it is necessary to do so. They must be aware that unlawful processing of personal data may constitute a criminal offence.
Data minimisation – Article 5, 1 (c)
The Boarshurst Silver Band and Boarshurst Band Club committees shall practice “data minimisation” – storing sufficient personal information for the purpose it is needed, but no more.
When determining what data to store, the following factors shall be considered:
- The purpose for which the data is being stored;
- Applicability of the purpose to the individual or group of individuals whose data is to be stored;
Whether the data is actually sufficient for the purpose. Insufficient data shall not be stored. Special consideration shall be given where the data is a record of an opinion to ensure that it can be interpreted correctly.
Accuracy – Article 5, 1 (d)
The Boarshurst Silver Band and Boarshurst Band Club Committees shall take reasonable steps to ensure that personal data stored is accurate and kept up-to-date. The source of personal data shall be clear and consideration shall be given as to whether it is necessary to update the information.
Any challenges to the accuracy of information stored shall be carefully considered and (if appropriate) recorded.
Storage limitation – Article 5, 1 (e)
The committees shall dispose of personal data when it is no longer needed, so as to reduce the risk of the data becoming inaccurate, out of date or irrelevant.
In practice, the committees shall periodically:
- Review the length of time for which personal data is kept;
- Consider the purposes for which information is held; and
- Securely delete data which is no longer needed.
Confidentiality and integrity – Article 5, 1 (f)
Personal data will be held on a confidential basis and will only be disclosed to third parties with the individual’s consent or in accordance with a legal obligation. Any information collected during the live stream of a concert via Facebook or subsequent posting to other social media sites may be collected and used by the providers of those platforms in line with their own defined policies.
The committees will take appropriate security measures to protect personal data that it holds, using a risk-based approach.
Security shall be designed and organised around the nature of the personal data held and potential harm resulting from a breach. Responsibility for security shall be made clear. Response to any security breach shall be timely and effective.