Salisbury Musical Society holds a certain, minimal amount of personal data on each patron and supporter. This is basically a database of names, physical and electronic addresses, telephone numbers, an where appropriate subscription fee details and Gift Aid status, in the case of patrons, and names and email addresses of supporters. This page describes the policy adopted by the Society in the handling of these data in the light of the General Data Protection Regulation (“GDPR”) effective from 25 May 2018.
The Data Controller within the Society is the Treasurer. In his/her absence the Secretary will undertake the role. Electronic and physical data on each Patron and supporter are held by both Officers in secure files.
The aim of GDPR is to protect you against privacy and data breaches.
GDPR provides you with rights as a “data subject”, about which you should be aware:
- If any of your data are compromised by the Society, both you and the Information Commissioner’s Office (ICO) should be informed within 72 hours.
- As a patron or supporter, you have the right to access your personal data. These are held in secure files. On request a free copy of your personal data will be supplied in electronic format.
- You have the right to have your data erased. In the event of you ceasing to support society, your data will be removed in its entirety, with the exception of Gift Aid declarations, which we are legally obliged to hold for 6 years from the last donation.
- The Society can only hold your data with your express consent. Voluntary membership cannot imply your consent to have your personal data held by the Society by default. You have to actively agree to have personal data held by the Society. This why we send you “Express consent” forms to ensure that you are happy for the Society to hold your data, including your email address.
The Society only holds data necessary to conduct its business.
- Contact details are held for promulgation of information about concerts.
- Gift Aid data are held to help manage the Society’s finances, and its obligations to HMRC.
To prevent unauthorised access, maintain data accuracy and to ensure the correct use of information, we have put in place appropriate physical, electronic and managerial procedures to safeguard and secure the information we hold about you.
In the event of access or erasure requests etc, in order to protect your privacy and security, the Society will also take reasonable steps to verify your identity.