DATA PROTECTION POLICY
Chesterfield Philharmonic Choir is a voluntary music making organisation open to all ages. It is a non profit making organisation and a registered charity. The object of the choir shall be to promote, improve, develop and maintain public education in and appreciation of the art and science of choral music in all aspects by the presentation of public concerts and recitals.
Mission Statement
The purpose of the choir is the study and practice of music in order to maintain a high standard of singing performance; to give members and audiences at concerts enjoyment of a broad range and, where possible, creative approach to music.
Policy Aims
The policy aims to articulate:
• the scope of the policy
• the rationale for recording and holding essential information about each choir member on a secure database;
• the responsibilities of the Data Manager and committee members who have access to the information;
• the responsibility of every choir member to keep their personal information up to date;
• compliance with the Data Protection Act (1998), updated October 2007, and the Privacy and electronic communications (EC Directive) Regulations (2003).
Scope of the Policy
The policy will apply to all manner of personal information, whether electronic or manual, held by any member about any other member of the choir. Specifically, the main source of information is the database held by the Data Manager, who is a committee member.
Rationale for Information Held
The name and personal contact details about each member are required in order to be able to make contact with the member on a day to day basis, and particularly in times of emergency, such as bad weather or rehearsal venue unavailable at short notice. This contact information should include name, address, telephone numbers, and e-mail address. Additional information such as birthday or wedding anniversary, may also be included if the member wishes. This information will be collected on a form to be completed at the first rehearsal attendance and passed to the Data Manager for inclusion on the Member Database. No other records will be held.
Sensitive data, defined in the Data Protection Act (1998) as data about the individual’s racial or ethnic origin, beliefs, health, sexual life and criminal convictions will NOT be required or recorded.
Responsibilities
Data Manager: Maintain accurate and up to date records that comply with the legal requirements, as detailed above.
Ensure that each member has given written permission for personal information to be added to the database.
Maintain security and password control, on a need to know basis only, for committee members.
Each time any information is added or changed, update the database and reissue to committee members who require a copy.
Develop and maintain a system to ensure an annual review of individual information held with each member.
Non active members’ details will be archived in another section of the database 12 months after the last rehearsal attended.
Maintain a Friends’ and Life Member database. When there is 3 years non renewal of Friends’ fee, the record will be archived.
Maintain a Choral Day Database of individual contact details, similar to the Membership Database, for which the individual has given written permission to be contacted about future Choral Days. For other events there will be an opt–in clause. The database will be updated annually and after three consecutive years missed, the record will be archived.
If a Member, Life Member or Friend dies, their details will be immediately archived.
Committee: All committee members who have access to this information will keep it secure on home computers (password protected) and delete out of date copy as soon as the new one is received.
The database is also password protected. The password will be issued to committee members and will be regularly changed
Individual Members:
Each new member will complete a Personal Details form at first attendance, after which music will be issued. This form will be passed immediately to the Data Manager, who will destroy it after entering the details on the Membership Database.
The individual member has the responsibility to give only that information that they are prepared to have stored.
All members have the responsibility to notify the Data Manager immediately of any change of personal details.
Information about all members will be respected and not divulged to a third party.
References
European Community Directive (2003). The Privacy and Electronic Communications Regulations.
Making Music (2007). Information Sheet no.32, Data Protection.
Office of Public Sector Information (1998) Data Protection Act.
Policy implementation date: May 2008
Policy review date: September 2010
Reviewed: 21 September 2010
Signed on behalf of the Committee:
_______________________________________ Date:
Rachel Swann, Chairman