June 2024

General Data Protection Regulations

Our Policy – Data Privacy Notice

Your personal data – what is it?

Personal data is information relating to a living individual who can be identified from that data. Identification can be by the information alone, or together with that data and other associated information, which is in the possession of, or likely to come into the possession of the ‘Data Controller’. In the UK, the processing of personal data is governed by the General Data Protection Regulation, also known as the GDPR.

Who are we?

Côr Meibion Pontypridd (contact details below) is what is known as the ‘Data Controller’ of the personal data you provide to us. This means it determines how your personal data is processed and for what purposes.

Why we need your personal data?

We collect and use your personal data for the following purposes:

  • To keep contact with you as a member of the choir.

  • To communicate with individuals who are carrying out specific roles.

  • To track payments, Gift Aid, and mark birthdays and long service with the choir.

  • To organise choir trips and events and information in relation to travel, accommodation and meals.

  • To provide attractive publicity and practice environment by using photos on the website and in the rehearsal room.

What is the legal basis for processing your personal data?

We process your personal data based on the following legal grounds:

  • Legitimate interests.

  • Processing is carried out by a not-for-profit body with a charitable aim:

      • the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes); and

      • there is no disclosure to a third party without consent.

How do we process your personal data?

Côr Meibion Pontypridd complies with its obligations under the GDPR by:

  • Processing your personal data in a lawful, fair and transparent manner.

  • Collecting only personal data which is adequate and relevant to the purposes we have specified in this notice.

  • Not keeping your personal data longer than necessary for the purposes we have specified in this notice.

  • Ensuring your personal data is accurate and up-to-date.

  • Implementing appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, damage or destruction.

Types of personal data we process

We process your personal data relevant to the above purposes. This includes:

  • Full name

  • Date of birth

  • Contact detail e.g. address, email, telephone number, etc

  • Occasional photos taken at public events

We also process sensitive categories of personal data that includes:

  • Dietary requirements

  • Medical status

  • Food allergies and intolerances

Where did we obtain your personal data from?

The personal data we have comes directly to us from you or a family member who is a member of the choir.

Who the information may be shared with

All your personal data is treated as strictly confidential and mainly processed by officers of the choir. For the purposes of administration your details may be kept on the computers of officers, which are within the UK. No third parties have access to your personal data unless the law allows them to do so.

Where required we share your personal data for the purposes we have specified in this notice with the following:

  • Partners in putting on choir events or trips.

  • Venues which we have booked for accommodation or meals.

How long is your personal data kept?

We keep your personal data for 2 years from your last active involvement with the choir or until Gift Aid claims have been processed.

Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing.

Transfers of personal data

We do not knowingly transfer your personal data outside of the UK.

What are your rights?

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

  • Request to access a copy of your personal data, which we hold about you.

  • Request to rectify your personal data if you find it to be inaccurate or out of date.

  • Request to have your personal data erased where it is no longer necessary for us to retain such data.

  • Request to have a restriction placed on further processing of your personal data when there is a dispute in relation to the accuracy or processing of your personal data.

  • Request to obtain a copy of your personal data in a common machine-readable format and transmit that data directly to another organisation.

  • Withdraw consent to the processing of your personal data at any time.

Who can I contact?

If you have any questions about how your personal data is being used please contact the Choir Secretary, Tabor Hall, Vaughan Street, Pontypridd, CF37 1HR

How do I complain?

If you are not satisfied with the way your personal data is being handled, or with the response received from us, you have the right to lodge a complaint with the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF, via email or through telephone on 0303 123 1113