DATA PROTECTION & PRIVACY POLICY


 

Introduction
The Ayrshire Symphony Orchestra (ASO) is committed to protecting the rights of individuals to privacy with regard to the processing of personal data.
It is necessary for ASO to process personal data in the normal and proper conduct of musical and business operations.
Such processing will be conducted fairly and lawfully in accordance with the General Data Protection Regulations (GDPR) which apply from 25 May 2018.
If you have a query regarding the accuracy of your personal data then your query will be dealt with fairly and impartially.
We are aware that you may have concerns over disclosing information about yourself to us. This privacy policy explains, amongst other things, what information we collect about you and the reasons for this.

Overview
Our primary aim in collecting personal information is to make membership administration and the administration of running the Ayrshire Symphony Orchestra easier, efficient and reliable for players and duly elected Committee members.

General use of personal data
ASO holds data on prospective, current and former players, as well as third party groups such as booking information for musical performances.
This personal data is held in a variety of formats including electronic and manual.
The processing of personal data is subject to the rules laid down under the GDPR.
Your personal data will be used only for proper purposes that are considered by ASO to be for your benefit.
For players this will include (but not be restricted to) monitoring of membership records, online communications, concert arrangements, statistical reporting and the provision of general business services.
The protection of your personal data will be governed by the provisions of the GDPR.
Access to your data will be restricted to those within ASO to whom it is necessary for proper purposes.
ASO will notsell your personal data to third parties.
Your personal data will only be transferred to third parties where this is for proper purposes related to business matters of the orchestra, for example where this is required by professional bodies.

The Principles of Data Protection
There are eight Data Protection Principles set out under the GDPR. In summary they are that personal data should be:
1. Processed fairly and lawfully;
2. Processed for limited purposes;
3. Adequate, relevant and not excessive;
4. Accurate and kept up to date;
5. Kept only for as long as is necessary;
6. Processed in line with the data subjects’ rights;
7. Held securely;
8. Must not be transferred to other countries without adequate protection.

ASO will adhere to these principles and the guidelines set out by the Information Commissioner.

Consent
ASO seeks to use your personal data only with your consent.
For players, it is a condition of joining ASO that you consent to ASO processing your personal data.
Most communications from ASO will be sent by email to your nominated email address(es).
You have the right to know what personal data ASO holds about you and for this to be correct.
ASO has procedures for the management of personal data in place and enquiries may be made as set out below.

Third party & former ASO members information we collect
ASO may hold personal data relating to your contact information, booking and travel arrangements for performances and, where applicable, financial details.
Our website www.aso-online.co.uk  uses an online ‘Contact Us’ form to enable third parties to get in touch with ASO.  This asks for your name, email address and comment.  Any personal data we collect during this enquiry is designed to allow us to personalise your request and give you access to the right kind of information. If you request further information or contact us in this way we may keep a record of that correspondence and incorporate the information it contains into our database.

Player information we collect
ASO may hold personal data relating to your contact information.
This data is generally collected through our annual membership subscription form or by submission to Committee Members for contact purposes.

Sensitive personal data
Sensitive personal data is defined under the Act to include such matters as personal beliefs and health.
If ASO holds sensitive personal data about you then this will only be disclosed to a third party with your explicit consent, if required by law, or as otherwise authorised under the Act.
Further details of ASO procedures regarding Disability Discrimination are available on request.

Accessing your personal data
You have the right to see the personal data that ASO holds about you. You have the right to have your data erased, or to have erroneous data amended.
Minor requests about your personal data may be dealt with informally in the course of normal administration, at the sole discretion of ASO.
In the first instance, you shouldcontact our Secretary as per instructions on website.
If you wish to make a formal request for access to your personal data then this should be made in writing to Ayrshire Symphony Orchestra, 16 Ailsa Place, Ayr KA7 1JG.

Internet security
ASO stores personal data only on secure servers or password protected PCs.  Any data stored on portable media is encrypted. There is no direct link between the ASO database and the internet.
Access is strictly limited to Committee Members.

Safe Storage
ASO stores manual paper-based data securely in locked non-portable cabinets as already required by Disclosure Scotland.
Access is strictly limited to Committee Members.

Retention
ASO will not retain personal data longer than it is necessary.
Unnecessary electronic data will be deleted.
Unnecessary data held manually will be securely shredded.

Enquiries
Enquiries on Data Protection or Privacy policies may be addressed to Ayrshire Symphony Orchestra, 16 Ailsa Place, Ayr KA7 1JG or by email to lbarrett27@btinternet.com


Ayrshire Symphony Orchestra
www.aso-online.co.uk
Registered Charity No. SCO265805
May 2018