LONDON ENGLISH SONG FESTIVAL
DATA PROTECTION POLICY
1. INTRODUCTION
1.1 The London English Song Festival (LESF, a registered ICO, no. 1159818) will, as part of its day-to-day activities, process personal data (which may be held on paper, electronically, or otherwise). The LESF recognises the need to treat it in an appropriate and lawful manner, in accordance with the General Data Protection Regulation 2016 (GDPR) which becomes effective on 25 May 2018. The purpose of this policy is to make you aware of how we will handle your personal data.
1.2 The LESF holds three main types of data. The first is our mailing list to supporters who have given us permission to contact them about LESF events. These mailings are sent via MailChimp, a web-based mailing system. The list is only held on the MailChimp server, which is password-protected and accessible only by the LESF Administrator and Artistic Director. The second is information about our financial supporters, held on the Charities Aid Foundation (CAF) website (or by the LESF directly where contact has been made outside the CAF framework) and necessary for claiming Gift Aid. Again, this is password protected and accessible only by the LESF Administrator and Artistic Director. The final category is emails between the LESF and artists, collaborators and supporters via the LESF email addresses, which are held on Gmail servers and necessary for our continuing business.
2. DATA PROTECTION PRINCIPLES
2. We will comply with the following principles. Personal data will be:
(a) Processed fairly, lawfully and transparently.
(b) Processed for limited purposes and in an appropriate way.
(c) Relevant and not excessive for the purpose.
(d) Accurate.
(e) Not kept longer than necessary for the purpose.
(f) Processed in line with individuals’ rights.
(g) Secure.
2.2 “Personal data” means recorded information we hold about you from which you can be identified. “Processing” means doing anything with the data such as accessing, disclosing, destroying or using it in any way.
3. HOLDING AND USING DATA
3.1 We will only process your personal data where your consent has been given or where there is a clear legitimate interest i.e. where there is a legitimate purpose behind the processing, where it is necessary and where the legitimate interest is not overriden by your interests, rights and freedoms.
3.2 We will never ask our supporters for sensitive personal data such as religious beliefs.
3.3 When financial supporters make donations using the Charities Aid Foundation (CAF) the reports we receive from CAF contain all or some of the personal data you supplied them when you set up the arrangement.
3.4 Some supporters subscribe by means of standing orders and Gift Aid forms, sent to the LESF Administrator. We share this data with your bank and HMRC.
4. HOW WE ARE LIKELY TO USE YOUR PERSONAL DATA
4.1 The LESF’s mailing list involves the processing of personal data in order to let its subscribers know about forthcoming LESF events. This is a mailing list built up over many years and includes those who have subscribed at concerts, directly via MailChimp, via our website’s contact form and in person to one of our Trustees. We have not taken the decision to renew these opt-in decisions in 2018 because of the small scale of our operation and because there is a very clear and easy way to unsubscribe from our non-intrusive mailouts.
4.2 We will process the data you have provided for administrative and management purposes and to enable us to operate the LESF as a viable charity. We will only process your personal data for the specific purpose of administering the work of the LESF (“the Purpose”). Your personal data will only be processed to the extent that it is necessary for the Purpose.
5. ACCURATE DATA. We will take reasonable steps to keep the data we store about you accurate and up to date. Please notify us if your personal details change or if you become aware of any inaccuracies in the personal data we hold about you so that we can make the necessary amendments.
6. DATA RETENTION
We will not keep your personal data for longer than is necessary for the Purpose. This means that data will be destroyed or erased from our systems when it is no longer required or if you decide to unsubscribe from our mailing list. The clear exception to this is that your contact information will be retained on the MailChimp server when you unsubscribe to make sure you are not contacted again against your wishes.
7. PROCESSING IN LINE WITH YOUR RIGHTS
You have the right to:
(a) Request reasonable access to any personal data we hold about you.
(b) Prevent the processing of your data for direct marketing purposes.
(c) Ask to have inaccurate data held about you amended or deleted.
8. DATA SECURITY
8.1 We will take all reasonable measures to avoid accidental loss of your data, and that no unauthorised or unlawful processing of it takes place. All our data management systems are password-protected and accessible only to the LESF Administrator and Trustees.
8.2 We will not transfer details to a third party unless required to do so by law.
8.3 Maintaining data security means guaranteeing the confidentiality, integrity and availability (for authorised purposes) of personal data.
9. SUBJECT ACCESS REQUESTS
If you wish to know what personal data we hold about you, please make the request in writing. All such written requests should be sent to the Data Protection Officer, William Vann, at the LESF’s registered address.
10. BREACHES OF THIS POLICY
If you consider that this policy has not been followed in respect of personal data about yourself or others please contact the Data Protection Officer, William Vann, at the LESF’s registered address. As the Chair of Trustees, he has overall responsibility for the LESF’s ongoing compliance with the GDPR.
11. REVIEWS
This Policy will be reviewed annually by the LESF’s Trustees.
William Vann, LESF Chair, 20th May 2018