This policy applies to:
- management and trustees of Sing for Pleasure
- all staff employed by Sing for Pleasure
- all volunteers and casual workers at Sing for Pleasure
The Data Protection Act 2018 requires the protection of personal data and all organisations which process personal data must be registered to do so, unless exempt. Sing for Pleasure completed the assessment offered by the Information Commissioner’s Office (ICO) and as of March 2018, Sing for Pleasure met the exemption criteria.
This policy sets out an understanding and requirements of data protection for all those listed within section 1 of this policy in order that there may be compliance with the Data Protection Acts 1998 and 2018, encompassing the General Data Protection Regulations (GDPR) which came into effect in May 2018.
4.1 Sing for Pleasure currently holds data for the following purposes:
– Accounts and Records: this includes holding financial and contact information of donors who contribute with gift aid, course booking information and contracts with tutors and other staff.
– Advertising, Marketing and Public Relations: this includes holding contact details (name, address, email and phone number) to enable us to communicate activities and events organised by or supported by Sing for Pleasure.
– Staff Administration: this includes holding contact details, bank details, references, performance management records and other information relating to HR.
– Administration of Membership Records: this includes holding contact details of people who have joined Sing for Pleasure as members of the organisation.
4.2 Data is information which is recorded with the intention that it should be processed on computer or is recorded as part of a relevant filing system (i.e. manual system). There are two categories of data:
4.2.1 Personal data is information relating to a living individual who can be identified:
– from the data
– from data which includes an expression of opinion about the individual. (Example: name and address details.)
4.2.2 Sensitive personal data is information relating to:
– racial or ethnic origins of the data subject
– political opinions
– religious beliefs or other beliefs of a similar nature
– trade union membership
– physical or mental health
– sexual life
– the commission or alleged commission of any offence
– any proceedings for any offence committed or alleged to have been committed by the data subject.
In order to process these types of data, consent from the data subject will be obtained, explicit consent when it is sensitive personal data.
Sing for Pleasure has a data protection policy to ensure that it complies with all aspects of data protection legislation (1984, 1998 and 2018) by setting out clear policies, responsibilities and codes of practice:
5.1 Sing for Pleasure intends to comply fully with all aspects of data protection legislation and it is the responsibility of the Trustees and Management to implement and monitor the effectiveness of this policy.
5.2 Sing for Pleasure will do its utmost to ensure that all its staff, volunteers and trustees are conversant with data protection legislation and practice.
5.3 Sing for Pleasure will only hold data for prescribed charitable purposes. These are personnel administration, membership administration, accounts and records, advertising marketing and public relations, fundraising and charitable objectives.
5.4 Sing for Pleasure will treat personal data as confidential. It will only be shared with third parties including other data controllers where it is necessary for the performance of the data controller’s tasks or where prior consent is given.
5.5 Subject Access Requests: Sing for Pleasure procedure for access to personal data for all those for whom personal data is held is outlined below. No charge will be levied on anyone (staff, personal members or other contacts) requesting access to their personal data. This will be reviewed if there is a high level of requests for access.
– Anyone wishing to obtain a copy of the information Sing for Pleasure holds on them should submit a request by email to firstname.lastname@example.org or in writing to our registered address, marking the envelope DATA REQUEST, and the relevant information will be gathered to return to the requesting party.
5.6 Sing for Pleasure will obtain consent from members, tutors and other staff using the consent form on our website to communicate with them in publicity and marketing communications.
5.7 Privacy notices are available on the website explaining the data we hold and the purposes for which we will use it.
5.8 Security Breach: In the event of a data security breach, the person identifying the breach should inform us of the breach as sooon as possible and provide the details, preferably by email to email@example.com or in writing to our registered address. This information will then be passed on to the Trustees and if necessary the ICO. Once the details have been established and the particular breach dealt with, the Trustees will commission a review to ensure policies and procedures are appropriate and implemented correctly.
5.9 Right to Erasure: Anyone may request to be removed from mailing lists at any time by contacting the Chief Executive in writing or email.
5.10 Staff, members and others who have consented to Sing for Pleasure holding their data are responsible for advising the Chief Executive in writing or email of data changes for updating as appropriate.
Board of Trustees